Last Updated: 2/15/2024
At Creative Herding, we believe that your data belongs to you. Our business model is built on transparency and trust. We provide the tools for you to manage your business, and we do not profit from your personal information.
This policy is designed to comply with the General Data Protection Regulation (GDPR) and other global privacy standards.
We operate on the principle of "data minimization." We do not collect, track, or store any information that is not strictly necessary for the functionality of our software. We do not sell, rent, or trade your data to third parties for any reason.
Under the GDPR, it is important to define our role in handling your data:
GDPR requires us to have a "legal basis" for processing your data. We rely on the following:
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Account Data (Name, Email) | To create your account and provide access. | Contractual Necessity |
| Billing Information | To process payments for the service. | Contractual Necessity |
| Business Data (CRM/Project/Invoicing data) | To store and organize your business info. | Contractual Necessity (as Processor) |
| System Logs (IP addresses) | To prevent fraud and ensure security. | Legitimate Interest |
We value your anonymity when you visit our website.
Your data is stored on secure servers located in the United States.
Because we transfer data outside of the European Economic Area (EEA), we ensure a similar degree of protection is afforded to it by implementing Standard Contractual Clauses (SCCs) approved by the European Commission, or relying on other recognized adequacy frameworks.
We retain your account information for as long as your account is active. Business data entered into the system is retained until you delete it or terminate your account. Upon request, we will permanently purge all associated data from our active databases and backups within 30 days.
Depending on your location, you have the following rights regarding your personal data:
We do not sell your data. We use a limited number of trusted infrastructure providers (e.g., Stripe / AWS / Azure) to maintain our service. These providers are bound by strict data processing agreements and are prohibited from using your data for any purpose other than providing the infrastructure we pay for.
For our business customers who are Data Controllers under GDPR, we are can sign a formal Data Processing Agreement (DPA) to ensure your compliance requirements are met. Please contact us to request a copy of our DPA.
If you have questions about this policy, wish to lodge a complaint or exercise any of these rights, please contact us.