Privacy Policy

How Creed collects, uses, and protects your information.

Last updated 8 April 2026

Creed is a service that helps people create and maintain a structured personal context file for use with connected AI agents. This notice explains what personal information Creed collects, how it is used, who it is shared with, and the choices available to you under applicable privacy law.

Who this policy applies to

This policy applies to people who use Creed, including people who create an account, complete onboarding, connect agents, submit or review proposals, or otherwise use the service.

Who controls your information

Creed is the controller of the personal information described in this policy.

If you have questions about how Creed handles personal information, you can contact hello@getcreed.pro.

What information Creed collects

Creed currently stores and processes the following categories of information as part of operating the service.

name
email address
profile picture
Creed file contents
onboarding answers
proposal history
activity history
connection metadata
connection tokens

Creed does not store payment card details directly. Payments are handled by Stripe.

How Creed collects information

During onboarding synthesis, your onboarding answers are sent to OpenRouter so Creed can generate a refined onboarding draft.

directly from you when you sign in, complete onboarding, edit your Creed, manage connections, or use account features
from Google Auth when basic account information is provided during sign-in, such as your name, email address, and profile image
from connected agent activity when an agent reads Creed through a tokenised endpoint or submits a proposal back through a tokenised endpoint
from Stripe when payment-related events need to be confirmed for billing or account administration

Why Creed uses information

Creed uses personal information to provide and run the service, including to create and manage accounts, authenticate users, generate and maintain Creed files, process onboarding synthesis, support connected agent reads and proposals, store proposal and activity history, manage tokens and connections, process payments, respond to support requests, and comply with legal obligations.

Where required by applicable privacy law, Creed relies on lawful bases such as performance of a contract where processing is needed to provide the service you asked for, legitimate interests where processing is needed to run and secure the service in a proportionate way, and legal obligation where processing is needed to comply with applicable law.

Where a specific activity depends on consent, Creed will rely on consent for that activity.

Agent access and proposal endpoints

Creed provides tokenised endpoints that let connected agents interact with a user's Creed.

A valid read token allows an agent to read the relevant Creed payload.
A valid proposal token allows an agent to submit a proposal back to Creed.
Proposal submissions may include the agent name, section information, the reason for the proposed change, and draft content.
Connection metadata may be recorded so Creed can show connection status and recent activity.

These tokens are secrets and should be treated carefully. Creed currently stores connection tokens in plain text so the service can verify and use them. Users can rotate tokens, and rotating a token will break existing agent connections that depend on them.

Payments

Payments are handled by Stripe. Creed does not directly store your full payment card details.

Creed may receive limited payment-related information needed to confirm payment status, manage access, and handle account administration.

Cookies and sessions

Creed currently uses only cookies or similar technologies that are necessary for core service operation, such as authentication and session handling.

Creed does not currently use analytics cookies or marketing cookies.

Retention

Creed keeps personal information for as long as it is reasonably needed to provide the service, maintain the account, keep proposal and activity history available to the user, and meet legal or operational requirements.

Account and Creed data are normally kept while your account remains active.
If you ask for deletion, Creed will delete your account and associated data, subject to any limited retention that may be required for legal, security, fraud-prevention, or administrative reasons.
If you want a copy of your data before deletion, you can request export first.

Your rights

Depending on the circumstances, applicable privacy law may give you rights over your personal information.

ask for access to your personal information
ask for incorrect information to be corrected
ask for your information to be deleted
ask for export of your data
object to certain processing
ask for processing to be restricted
withdraw consent where processing depends on consent

To make a privacy request, contact hello@getcreed.pro. Creed also provides account deletion and data export functionality as part of the service.

Contact and complaints

If you have questions about this policy or how Creed handles personal information, contact hello@getcreed.pro.

If you are unhappy with how Creed handles your personal information, please contact Creed first so there is a chance to help.

You may also have the right to lodge a complaint with the privacy or data protection regulator that applies in your jurisdiction.

hello@getcreed.pro ICO guidance

Changes to this policy

Creed may update this Privacy Policy from time to time to reflect changes to the service, legal requirements, or how personal information is handled.