Legal

Privacy Policy

Last updated: June 2025. This policy explains how 2Haas Ltd collects, uses, and protects your personal information when you use KreatOS.

1. What We Collect

We collect information you provide directly (name, email, billing details), information generated by your use of the service (content drafts, schedules, analytics), and technical data (IP address, browser type, device identifiers) collected automatically when you access KreatOS.

2. How We Use It

We use your data to operate and improve KreatOS, send transactional emails (receipts, alerts, password resets), provide customer support, and detect abuse. We do not sell your personal data to third parties.

3. Connected Social Accounts

When you connect a social media account, we store the OAuth access tokens needed to publish on your behalf. These tokens are encrypted at rest. We only request the minimum permissions required to post content and read basic analytics.

4. Data Sharing

We share data only with: (a) payment processors (Stripe, PayPal) to handle billing, (b) cloud infrastructure providers to store and serve the app, (c) analytics tools on an aggregated, anonymised basis, and (d) law enforcement when legally required.

5. Cookies

We use strictly necessary cookies for session management and authentication. We do not use advertising or tracking cookies. You can clear cookies at any time through your browser settings without losing your account.

6. Data Retention

We retain your data for as long as your account is active. After account deletion, personal data is purged within 30 days. Anonymised usage data may be retained indefinitely for product improvement.

7. Your Rights

Depending on your jurisdiction you may have the right to access, correct, or delete your personal data, restrict or object to processing, and data portability. To exercise any of these rights, email privacy@2haas.com.

8. Security

We encrypt data in transit (TLS 1.2+) and at rest. Access to production systems is restricted to authorised personnel and protected by multi-factor authentication. We conduct periodic security reviews.

9. Children

KreatOS is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us data, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this policy as our practices evolve. We will notify you by email at least 14 days before material changes. Continued use after the effective date constitutes acceptance of the revised policy.

Privacy enquiries

Email privacy@2haas.com and we will respond within 72 hours.