Analytics: Understanding aggregate visitor behavior to improve the site (only with consent where required)

Communication: Responding to inquiries you initiate via email

Legal Compliance: Meeting our obligations under applicable privacy laws

5. Legal Basis for Processing (GDPR — EU/EEA/UK)

For visitors from the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data under the following legal bases:

Consent (Art. 6(1)(a) GDPR): For non-essential cookies and analytics. You may withdraw consent at any time.
Legitimate Interest (Art. 6(1)(f) GDPR): For website security and basic operational functionality.
Legal Obligation (Art. 6(1)(c) GDPR): Where required to comply with applicable law.

6. Your Privacy Rights

6.1 Rights for ALL Visitors (Global)

Right to Information: Know what data we collect and how we use it
Right to Opt-Out: Manage cookie preferences at any time
Right to Contact: Reach us with any privacy concerns

6.2 Additional Rights — EU/EEA/UK (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

Right of Access (Art. 15): Request a copy of your personal data
Right to Rectification (Art. 16): Correct inaccurate personal data
Right to Erasure (Art. 17): Request deletion of your personal data ("Right to be Forgotten")
Right to Restriction (Art. 18): Restrict processing of your data
Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
Right to Object (Art. 21): Object to processing based on legitimate interest
Right to Withdraw Consent: Withdraw cookie consent at any time via Cookie Preferences
Right to Lodge a Complaint: File a complaint with your local Data Protection Authority (DPA)

6.3 Additional Rights — California (CCPA/CPRA)

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the following rights:

Right to Know: What personal information we collect, use, disclose, and sell
Right to Delete: Request deletion of personal information we have collected
Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information. However, you may submit a "Do Not Sell or Share" request at any time.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
Right to Correct: Request correction of inaccurate personal information
Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information

🚫 We Do Not Sell Your Personal Information. As defined under CCPA/CPRA, we do not sell, rent, or share personal information with third parties for monetary or other valuable consideration. We do not participate in cross-context behavioral advertising.

6.4 Additional Rights — Brazil (LGPD)

Confirmation of data processing
Access to personal data
Correction and deletion of data
Anonymization of unnecessary data
Data portability
Information about shared data
Revocation of consent

6.5 Additional Rights — Canada (PIPEDA)

Access to your personal information
Challenge the accuracy and completeness of your information
Withdraw consent (subject to legal or contractual restrictions)

7. Data Sharing & Third Parties

We do not sell, rent, trade, or otherwise share your personal information with third parties except:

Service Providers: Hosting (Netlify) which processes data under their own privacy policies
Legal Requirements: If required by law, subpoena, or court order
Business Transfer: In connection with a merger, acquisition, or sale of assets (you will be notified)

8. International Data Transfers

Our website is hosted in the United States via Netlify. If you access this site from outside the United States, your information may be transferred to, stored, and processed in the US. We ensure appropriate safeguards are in place for international transfers as required by applicable law.

For EU/EEA data subjects: Transfers are conducted pursuant to Standard Contractual Clauses (SCCs) as adopted by the European Commission, or other approved transfer mechanisms.

9. Data Retention

We retain automatically collected data (server logs, analytics) for a maximum of 26 months, after which it is automatically deleted. Cookie consent records are retained for 12 months before re-consent is requested.

10. Security

We implement industry-standard security measures including HTTPS encryption, secure headers (CSP, X-Frame-Options, X-Content-Type-Options), and access controls to protect any data processed through this website.

11. Children's Privacy

This website is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, please contact us immediately and we will delete it.

12. Exercising Your Rights

To exercise any of your privacy rights (access, deletion, correction, opt-out, etc.), you may:

Email: [email protected] with subject line "Privacy Rights Request"
Delete My Information: Visit our Data Request page
Manage Cookies: Click Manage Cookie Preferences

We will respond to verified requests within 30 days (GDPR) or 45 days (CCPA/CPRA). We may request verification of your identity before processing certain requests.

13. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be indicated by updating the "Last Updated" date at the top. We encourage you to review this page regularly. Continued use of the website after changes constitutes acceptance of the updated policy.

14. Contact Us

For any privacy-related questions, concerns, or requests:

Email: [email protected]
Subject Line: "Privacy Inquiry — CreateAiPorn.com"

For EU residents, you also have the right to lodge a complaint with your local supervisory authority. A list of EU Data Protection Authorities can be found at edpb.europa.eu.