Privacy Policy

This Privacy Policy describes how Kostava Creative ("we", "us", "our") collects, uses, and protects personal data when you visit kostavacreative.com or use our services. By using the site, you agree to the practices described below.

Data controller contact: info@kostavacreative.com

Account data — when you register or sign in, we collect your email address, name, and a password hash (if you use email/password sign-in).

Sign in with Google / Facebook — if you authenticate via a third-party provider, we receive your email, first and last name, profile picture URL, and a provider-issued user ID. We do not receive your password. We store this information to create and maintain your account.

Order and payment data — billing name, address, items purchased, and transaction identifiers. Card details are processed directly by our payment processors and never stored on our servers.

Technical data — IP address, browser and device identifiers, language preference, referrer, and pages viewed. Used for security, fraud prevention, and analytics.

Communications — if you contact support or subscribe to our newsletter, we store the messages you send and your subscription preferences.

• Create and manage your account and authentication sessions.
• Fulfil orders, issue licenses, and provide customer support.
• Process payments and affiliate commission payouts.
• Send transactional email (order confirmations, password resets, license notifications) and, with your consent, our newsletter.
• Prevent abuse, fraud, and unauthorised access.
• Comply with legal and tax obligations.

We process personal data on the following legal bases:

• Contract performance — to provide the services you request (account creation, order fulfilment, license issuance).
• Legitimate interest — security, fraud prevention, and product improvement.
• Consent — marketing emails and non-essential cookies. You may withdraw consent at any time.
• Legal obligation — tax, accounting, and regulatory compliance.

We share data only with service providers that help us operate the site:

• Flitt (payment processor) — to process card payments.
• PayPal — to pay affiliate commissions.
• Google and Facebook/Meta — only when you choose to sign in via their OAuth services.
• DigitalOcean — hosting infrastructure (EU/US region).
• SMTP email provider — to deliver transactional and marketing emails.
• Legal authorities — only when required by law or to protect our rights.

We do not sell your personal data to third parties.

• Account data — until you delete your account.
• Order and invoice records — up to 7 years as required by tax law.
• Server logs — up to 90 days.
• Marketing data — until you unsubscribe or withdraw consent.

Under GDPR and similar privacy laws, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion of your data (see also our data deletion instructions).
• Restrict or object to certain processing.
• Port your data to another service.
• Withdraw consent at any time.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, email info@kostavacreative.com. We respond within 30 days.

We use cookies for the following purposes:

• Authentication (HTTP-only cookies: accessToken, refreshToken) — required to keep you signed in.
• Preferences — language and theme selection.
• Shopping cart — to remember items between visits.

You can clear cookies via your browser settings, but this may sign you out and clear your cart.

We protect your data using industry-standard measures: TLS encryption in transit, bcrypt password hashing, HTTP-only authentication cookies, role-based access control, and regular security reviews. No system is 100% secure, so we cannot guarantee absolute safety.

Our services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided data to us, contact us and we will delete it.

We may transfer your data to service providers located outside your country. When we do, we rely on Standard Contractual Clauses or equivalent safeguards to protect it.

We may update this Privacy Policy from time to time. Material changes will be announced on the site or by email. The "Last updated" date at the top reflects the current version.

Questions, requests, or complaints about privacy? Email info@kostavacreative.com.