Legal
Privacy Policy
Last updated: 2026-04-22
1. Who we are
This Privacy Policy describes how Kostava Creative ("we", "us", "our") collects, uses, and protects personal data when you visit kostavacreative.com or use our services. By using the site, you agree to the practices described below.
Data controller contact: info@kostavacreative.com
2. What data we collect
Account data — when you register or sign in, we collect your email address, name, and a password hash (if you use email/password sign-in).
Sign in with Google / Facebook — if you authenticate via a third-party provider, we receive your email, first and last name, profile picture URL, and a provider-issued user ID. We do not receive your password. We store this information to create and maintain your account.
Order and payment data — billing name, address, items purchased, and transaction identifiers. Card details are processed directly by our payment processors and never stored on our servers.
Technical data — IP address, browser and device identifiers, language preference, referrer, and pages viewed. Used for security, fraud prevention, and analytics.
Communications — if you contact support or subscribe to our newsletter, we store the messages you send and your subscription preferences.
3. How we use your data
- Create and manage your account and authentication sessions.
- Fulfil orders, issue licenses, and provide customer support.
- Process payments and affiliate commission payouts.
- Send transactional email (order confirmations, password resets, license notifications) and, with your consent, our newsletter.
- Prevent abuse, fraud, and unauthorised access.
- Comply with legal and tax obligations.
4. Legal basis (GDPR)
We process personal data on the following legal bases:
- Contract performance — to provide the services you request (account creation, order fulfilment, license issuance).
- Legitimate interest — security, fraud prevention, and product improvement.
- Consent — marketing emails and non-essential cookies. You may withdraw consent at any time.
- Legal obligation — tax, accounting, and regulatory compliance.
6. How long we keep data
- Account data — until you delete your account.
- Order and invoice records — up to 7 years as required by tax law.
- Server logs — up to 90 days.
- Marketing data — until you unsubscribe or withdraw consent.
7. Your rights
Under GDPR and similar privacy laws, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Request deletion of your data (see also our data deletion instructions).
- Restrict or object to certain processing.
- Port your data to another service.
- Withdraw consent at any time.
- Lodge a complaint with your local data protection authority.
To exercise any of these rights, email info@kostavacreative.com. We respond within 30 days.
9. Security
We protect your data using industry-standard measures: TLS encryption in transit, bcrypt password hashing, HTTP-only authentication cookies, role-based access control, and regular security reviews. No system is 100% secure, so we cannot guarantee absolute safety.
10. Children
Our services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided data to us, contact us and we will delete it.
11. International data transfers
We may transfer your data to service providers located outside your country. When we do, we rely on Standard Contractual Clauses or equivalent safeguards to protect it.
12. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be announced on the site or by email. The "Last updated" date at the top reflects the current version.
13. Contact us
Questions, requests, or complaints about privacy? Email info@kostavacreative.com.