Privacy Policy

Last updated: March 30, 2026

1. Overview

This Privacy Policy explains how personal data is processed when you visit the CREATURE website and interact with its features. Personal data means any information relating to an identified or identifiable natural person.

2. Hosting and server log files

When you access this website, technical data may be processed automatically by the hosting provider. This may include IP address, date and time of access, requested resource, referrer URL, browser type, operating system, and other information required to deliver the website securely.

The processing is carried out for the purpose of website delivery, stability, and security. The legal basis is Article 6(1)(f) GDPR.

3. Contact requests

If you contact the operator by email or another communication channel, the information you provide will be processed to handle your request. The legal basis is Article 6(1)(b) GDPR where the request relates to pre-contractual or contractual matters, or Article 6(1)(f) GDPR for general inquiries.

4. Cookies, local storage, and consent

This website stores your privacy choice in your browser under the key creature_cookie_consent_v1. This storage is used to remember whether you accepted optional services or chose necessary-only settings.

By default, no optional analytics or marketing services are loaded. Optional third-party services should only be activated after prior consent. Where consent is required, the legal basis is Article 6(1)(a) GDPR and applicable cookie or telecommunications privacy rules.

5. Optional third-party services

If optional analytics, marketing, or external media services are added in the future, they should only be activated after a valid consent decision. Before enabling such services, this Privacy Policy should be updated to identify the provider, purpose, legal basis, retention period, and any international data transfers.

6. Data retention

Personal data is retained only for as long as necessary for the relevant purpose, to comply with legal obligations, or to resolve disputes and enforce legal claims. Technical log data is usually retained for a limited period required for operational security.

7. Recipients of data

Data may be processed by technical service providers acting on behalf of the operator, such as hosting providers, IT support providers, and communication providers, where required for operation and maintenance of the website.

8. International data transfers

If personal data is transferred to countries outside the European Economic Area, such transfers should only take place where a valid transfer mechanism exists, such as an adequacy decision or appropriate safeguards under Articles 44 et seq. GDPR.

9. Your rights

Subject to the applicable legal requirements, you have the right of access, rectification, erasure, restriction of processing, data portability, and the right to object to processing based on Article 6(1)(e) or (f) GDPR. Where processing is based on consent, you may withdraw your consent at any time with future effect.

10. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement.

11. Changes to this Privacy Policy

This Privacy Policy may be updated from time to time to reflect legal, technical, or operational changes. The current version published on this website applies.

Privacy Policy for “Creature”
Effective date: 24.08.25

This Privacy Policy explains how the mobile application “Creature” (“App”, “we”, “our”, or “us”) collects, uses, and protects your information when you use the app. By downloading or using the App, you agree to the practices described in this Privacy Policy.

1. Data Controller

The data controller responsible for the processing of personal data is:

Starline Studio
Am Sonnenhang 32
30989 Gehrden
info@creature-ai.org

2. Information We Collect

We collect and process the following categories of data:

Account Information: When you register or log in, we use Firebase Authentication. Depending on your chosen method (email/password, Google Sign-In, etc.), we may collect your email address, name, and authentication tokens.

Usage Data: Information related to how you use the App (such as in-app actions, created content, preferences, and interactions). This data may be stored in Firebase Realtime Database or Firestore.

Technical Data: We may automatically collect technical information such as device model, operating system version, IP address, and crash logs to ensure app stability and improve performance.

Server-Side Processing: Certain features rely on Firebase Cloud Functions, which process user data to enable app functionality (e.g., automated actions, validations, or background processes).

We do not knowingly collect personal information from children under 13 years of age (or under 16 in the EU).

3. How We Use Your Information

We use the collected data for the following purposes:

To provide core app functionality (authentication, content storage, synchronization).

To operate and improve the App’s features and services.

To ensure the security and stability of the App.

To comply with legal obligations.

We do not sell your personal information.

4. Legal Basis for Processing

We process your personal data under the following legal bases (GDPR):

Art. 6 (1) lit. b GDPR – Performance of a contract (provision of the App and its functions).

Art. 6 (1) lit. f GDPR – Legitimate interest (ensuring secure and efficient service).

Art. 6 (1) lit. c GDPR – Compliance with legal obligations.

5. Data Sharing and Transfers

Your personal data may be shared with:
Google Firebase (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), as our backend provider. Firebase may process data on servers located within the EU or in the United States. In cases of transfer outside the EU/EEA, appropriate safeguards such as Standard Contractual Clauses (SCCs) are applied.

We do not share your data with third parties beyond what is necessary to provide the App, unless required by law.

6. Data Retention

Account data is retained as long as your account is active.

You may request deletion of your account at any time, which will remove your personal data from Firebase.

Technical and log data may be stored temporarily for security, troubleshooting, and app improvement.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, misuse, or alteration. However, please note that no method of transmission over the Internet is 100% secure.

8. Your Rights (GDPR)

As a user located in the European Union, you have the following rights:

Right to access your data (Art. 15 GDPR).

Right to rectify inaccurate data (Art. 16 GDPR).

Right to erasure (“right to be forgotten”) (Art. 17 GDPR).

Right to restrict processing (Art. 18 GDPR).

Right to data portability (Art. 20 GDPR).

Right to object to processing (Art. 21 GDPR).

To exercise your rights, please contact us at info@creature-ai.org.

9. California Privacy Rights (CCPA)

If you are a California resident, you have the right to request:

Disclosure of the categories and specific pieces of personal information collected.

Deletion of your personal information.

Opt-out of the sale of personal information (note: we do not sell your data).

You may exercise your rights by contacting us at info@creature-ai.org.

10. Children’s Privacy

The App is not directed at children under 13 years of age (or under 16 in the EU). We do not knowingly collect personal information from children. If you believe that a child has provided personal data to us, please contact us, and we will delete such information promptly.

11. Third-Party Services

Our App uses third-party services that may collect information used to identify you. These include:

Google Firebase (Authentication, Realtime Database/Firestore, Cloud Functions, Analytics, Crashlytics).

You can find more about Firebase’s data practices here:
https://firebase.google.com/support/privacy

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be published within the App and/or on our website. Continued use of the App after changes constitute your acceptance of the updated Privacy Policy.

13. Contact

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, you can contact us at:

Starline Studio
Am Sonnenhang 32
30989 Gehrden