← Back to Creed Space

Privacy Policy

Last Updated: January 2026

1. Introduction

Creed Space ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We comply with GDPR, CCPA, and other applicable privacy regulations worldwide.

2. Information We Collect

Information You Provide

• Account Information: Email address, username, date of birth (for age verification), and authentication credentials
• Preferences: Selected Creeds, Persona configurations, UI preferences
• Content: Messages and interactions with the AI system
• Feedback: Any feedback or communications you send us
• Payment and Billing Information: When you purchase credits, we process payment through our payment provider. We store transaction records but not full payment card details.

Information Collected Automatically

• Usage Data: Features used, interaction patterns, session duration
• Technical Data: Browser type, device type, operating system
• Analytics: Anonymized usage statistics for service improvement
• Cookies: Essential cookies for session management (see Cookie Policy below)

Information We Do NOT Collect

• Real names (unless voluntarily provided)
• Physical addresses
• Social security numbers or government IDs
• Biometric data

3. How We Use Your Information

We use collected information to:

• Provide the Service: Process your requests and deliver AI responses
• Improve Safety: Enhance constitutional alignment and reduce harmful outputs
• Personalization: Remember your preferences and settings
• Analytics: Understand usage patterns and improve the Service
• Security: Detect and prevent abuse, fraud, or harmful activities
• Communication: Send service updates (if you opt-in)
• Legal Compliance: Meet legal obligations and enforce our Terms

4. Data Sharing and Disclosure

We Do NOT Sell Your Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

Limited Sharing Scenarios

We may share information only in these circumstances:

• Service Providers: Trusted partners who help operate our Service (under strict confidentiality)
• Legal Requirements: When required by law, court order, or government request
• Safety: To prevent harm, illegal activities, or protect rights and safety
• Business Transfers: In case of merger, acquisition, or asset sale (with notice)
• Consent: With your explicit permission

5. Data Security

We implement industry-standard security measures:

• Encryption: TLS/SSL for data in transit, encryption for sensitive data at rest
• Access Controls: Role-based access, multi-factor authentication for systems
• Monitoring: Ongoing security monitoring and intrusion detection
• Regular Audits: Periodic security assessments
• Incident Response: Established procedures for security incidents
• Account Security: We support multi-factor authentication (TOTP) and passkeys (WebAuthn) for enhanced account security.

User accounts are required to access Creed Space features. We offer email/password, OAuth (Google, GitHub), and passkey (WebAuthn) authentication options. Some basic features may be accessible without an account.

However, no method is 100% secure. We cannot guarantee absolute security.

6. Automated Decision-Making

Creed Space uses a Policy Decision Point (PDP) system to evaluate AI responses against your selected Creeds. This automated system may block or modify AI responses that violate your chosen ethical guidelines. You can review blocked decisions through the safety dashboard.

This processing is necessary for the performance of our Service and is based on the Creeds you have actively selected. You may adjust your Creed selections at any time to change how automated safety decisions are applied.

7. Data Retention

We retain data only as long as necessary:

• Active Use: While you actively use the Service
• Preferences: Until you delete them or request removal
• Analytics: Anonymized data may be retained indefinitely
• Legal Requirements: As required by applicable laws
• Deletion: You can request deletion at any time (see Your Rights)

8. Your Privacy Rights

Under GDPR (European Users)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion ("right to be forgotten")
• Restriction: Limit processing of your data
• Portability: Receive data in machine-readable format
• Object: Opt-out of certain processing
• Automated Decisions: Not be subject to solely automated decisions

Under CCPA (California Users)

• Know: What personal information we collect and how it's used
• Delete: Request deletion of your personal information
• Opt-Out: Opt-out of sale (we don't sell data)
• Non-Discrimination: Equal service regardless of privacy choices

How to Exercise Your Rights

Contact us at privacy@creed.space with your request. We'll respond within 30 days.

9. Cookie Policy

Essential Cookies

Required for basic functionality:

• Session management
• Security tokens
• User preferences
• Consent status

Analytics Cookies (Optional)

Help us understand usage (fully anonymized):

• Features used
• Performance metrics
• Error tracking

Managing Cookies

You can control cookies through browser settings or our consent banner. Disabling essential cookies may impact functionality.

10. Children's Privacy and Age Verification

Creed Space requires users to verify their age. Users under 13 require verified parental consent (COPPA compliance). We collect date of birth for age verification purposes.

If we discover that we have collected data from a child under 13 without verified parental consent, we will promptly delete the information.

Users aged 13-18 should use the Service with parental guidance and may have access to certain features restricted.

11. International Data Transfers

Your data may be processed in countries with different privacy laws. We ensure appropriate safeguards:

• Standard Contractual Clauses for EU data
• EU-US Data Privacy Framework (where applicable)
• Adequate security measures regardless of location

12. Third-Party Links

Our Service may contain links to third-party sites. We're not responsible for their privacy practices. Please review their policies before providing information.

13. Changes to This Policy

We may update this Privacy Policy periodically. We'll notify you of significant changes via:

• Service notification
• Email (if provided)
• Prominent notice on our website

Continued use after changes constitutes acceptance.

14. Data Protection Officer

For privacy concerns or to exercise your rights, contact our Data Protection Officer:

Email: privacy@creed.space
Subject: "Privacy Request - [Your Request Type]"

15. Supervisory Authority

EU residents have the right to lodge complaints with their local supervisory authority if you believe we haven't addressed your concerns adequately.

16. California Privacy Rights

California residents have additional rights under Cal. Civ. Code § 1798.83 to request information about disclosures to third parties for marketing (we don't engage in such disclosures).

17. Do Not Track

We respect Do Not Track browser settings. When detected, we don't track your activities across websites.

18. Questions?

For any privacy-related questions or concerns:

Email: privacy@creed.space
Website: www.creed.space/privacy
Response Time: Within 30 days