Back to sign in
Creator OS · Privacy

Privacy Notice

Effective30 May 2026Last updated30 May 2026

This Privacy Notice explains how Agbisit Acquisitions Ltd (Company No. 16795399) collects, uses, shares, and protects personal data in connection with Creator OS (the “Platform”). The Platform is provided “AS IS” and “AS PROVIDED”. This Notice is Platform-specific and sits alongside, and incorporates by reference, the CATNA 2.0 Privacy Policy.

1. Controller & Contact

1.1 Controller.Agbisit Acquisitions Ltd (Company No. 16795399), England & Wales, is the data controller for personal data processed through the Platform.

1.2 Contact.For privacy, legal, or data-rights requests, contact legal@catna.cc. For general support, contact support@catna.cc.

2. Scope

This Notice applies to personal data we process when you sign in to, access, or use the Platform, including its workspaces and the content tools within them. It applies worldwide; where your local law gives you additional rights, we honour those rights to the extent required.

3. Data We Collect

3.1 Account data.When your account is created, we record:

  • your email address;
  • if you set a password, a scrambled, one-way version of it (we never see or store the password itself);
  • your role (client, editor, staff, or admin) and, for clients and editors, the workspace(s) you are linked to;
  • the dates your account was created and last updated.

3.2 Sign-in with Google.If you choose to sign in with Google, Google sends us the email address and basic profile information (such as your name) associated with your Google account, solely so we can match you to your existing Platform account and sign you in. We do not receive your Google password and we do not access your Gmail, contacts, or other Google data.

3.3 Email sign-in links.If you request a one-time email sign-in link, we generate a short-lived, single-use token tied to your email so we can verify it is you.

3.4 Sign-in safety checks.To block repeated failed sign-in attempts, we briefly record the email and network address used during a sign-in attempt. This is used only for rate-limiting and is cleared automatically after a short window.

3.5 Session data.When you sign in, we store a session record so the Platform knows you are signed in until the session expires or you sign out.

3.6 What we do not collect.The Platform does not store card or payment details (Program payments are handled separately through the Program’s payment provider), does not use third-party advertising cookies, and does not build behavioural profiles or track you across other websites.

4. Your Content

4.1 Content you put in.The Platform is a place to manage your content operation. We store the material you and your team create or upload, which can include scripts and script text, video footage and footage links, content-pipeline items, content-tracker entries, brand information, tasks, and comments.

4.2 We process it to run the Platform.We process this material only to provide the Platform to you and the relevant client (for example, to store a script, generate previews, run scoring, or show a comment to authorised users). You retain ownership of it, as set out in the Terms of Use.

4.3 Who can see it.Content in a workspace is visible to the client that owns the workspace, the editors assigned to it, and authorised staff. It is not shared with other clients.

5. Purposes

We use personal data to:

  • create, verify, and administer your account;
  • sign you in by password, email link, or Google;
  • deliver the Platform and its features (workspaces, pipeline, scripts, footage, tracker, tasks, comments);
  • enforce access controls so each account only reaches the workspaces and data assigned to it;
  • secure the service, including sign-in rate-limiting and abuse detection;
  • investigate suspected misuse, breaches, or unauthorised access;
  • comply with legal obligations and respond to lawful requests.

7. Cookies

7.1 Sign-in cookie.The Platform sets a cookie that keeps you signed in. This cookie is strictly necessary for the Platform to function and does not require consent under UK e-privacy rules.

7.2 Sign-in flow cookies.When you sign in with Google, we briefly set short-lived cookies to carry out the sign-in securely. They expire within minutes.

7.3 No tracking cookies.The Platform does not set third-party advertising, marketing, or cross-site analytics cookies.

8. Processors & Sharing

8.1 Key service providers.We use the following providers to run the Platform:

  • Vercel Inc. - hosts the Platform;
  • Neon, Inc. - hosts the database that stores your account, content, and records;
  • Resend - sends sign-in and notification emails;
  • Google LLC - only when you choose to sign in with Google, to authenticate you.

8.2 Authorised personnel.Authorised staff and contractors of the Company may access data strictly to operate, support, and secure the Platform.

8.3 Legal disclosures.We may disclose data where required by law, to respond to valid legal process, or to protect our rights, safety, or property.

8.4 No sale of data.We do not sell personal data.

9. International Transfers

Some processors may host infrastructure outside the United Kingdom and the European Economic Area. Where transfers occur, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or equivalent mechanisms under applicable law.

10. Retention

10.1 Account data.We keep account data for as long as your access remains active. After your access ends, we keep the records for up to twenty-four (24) months for dispute prevention, audit, and compliance, after which they are deleted or anonymised unless the law requires a longer period.

10.2 Your Content.Content is retained while the relevant workspace is active. Following the end of access, the client may request a copy within thirty (30) days, after which we may delete it, subject to routine backups and legal requirements.

10.3 Sign-in tokens and safety data.Email sign-in tokens are single-use and short-lived. Sign-in safety data is held only briefly for rate-limiting and then cleared.

11. Your Rights

Subject to applicable law (including the UK GDPR and the Data Protection Act 2018), you have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate or incomplete data;
  • request erasure of certain data (for example where it is no longer necessary for the purpose collected);
  • restrict or object to certain processing;
  • request portability of data you provided to us;
  • withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.

To exercise a right, email legal@catna.cc. We may need to verify your identity before responding. Certain records required for dispute prevention or legal obligations may be retained notwithstanding an erasure request.

12. Security

We use reasonable administrative and technical safeguards appropriate to the nature of the data, including storing passwords only in scrambled form, transporting data over a secure HTTPS connection, scoping each account’s access to its assigned workspaces, blocking repeated failed sign-in attempts, and limiting which staff can access which data. No system is perfectly secure; you accept that risk by using the Platform.

13. Children

The Platform is not intended for individuals under 18. We do not knowingly process the personal data of children.

14. Changes

We may update this Notice from time to time. The “Last updated” date above reflects the most recent change. Continued use of the Platform after an update constitutes acceptance of the revised Notice.

15. Complaints

If you believe our processing infringes your data protection rights, please contact legal@catna.cc first so we can address your concern. You also have the right to lodge a complaint with a supervisory authority. In the United Kingdom this is the Information Commissioner’s Office (ICO), ico.org.uk. In the EU/EEA you may complain to your local data protection authority.