Videos
Blog
Teams
Use Cases
Help Center Events Product Updates
Privacy And Security

User Privacy Protection

Privacy And Security | User Privacy Protection

Privacy Protocols

What Are Creately User Privacy Protocols and Why Do We Have Them in Place?

Creately maintains a comprehensive set of privacy protocols designed to safeguard the integrity and confidentiality of user data. These protocols represent a formal commitment to international data protection standards, ensuring that all processing activities are executed with rigorous oversight and technical precision.

Core Privacy Framework

To maintain the highest level of data protection, Creately adheres to the following foundational protocols:

  • Privacy by Design: Security and privacy considerations are integrated into every stage of the Software Development Life Cycle (SDLC), ensuring that protection is built into the product rather than added as an afterthought.
  • Data Residency & Sovereignty: We offer regional data hosting options in the United States, Europe (EU), and Australia. This enables organizations to meet specific local data sovereignty requirements and regulatory mandates.
  • Access Governance: Access to customer data is strictly controlled and granted only to authorized personnel under explicit circumstances. All access is managed via the principle of least privilege and is subject to comprehensive internal logging and auditing.
  • Technical Safeguards: We employ industry-standard encryption, including AES-256 at rest and TLS 1.2 or higher in transit, to protect data against unauthorized disclosure or tampering.
  • Vendor Compliance: Before engaging any third-party sub-processor, we conduct a formal security review of their compliance posture and technical controls to ensure they meet Creately’s internal privacy standards.

These protocols provide the structural evidence and validation necessary to maintain our SOC 2 Type 2, ISO 27001, and HIPAA compliance statuses.

What Must I Do as a User to Adhere to These Protocols?

To maintain the security and integrity of your account, Creately requires users to follow specific verification procedures when requesting support or account modifications. Adherence to these protocols ensures that sensitive data is only accessible to authorized individuals.

Support Communication Standards

When contacting a Support Specialist for assistance with account management, we require that all requests be sent directly from the registered email address (the email utilized during the initial Creately account registration).

  • Verification Requirement: If a request originates from an unregistered email, our Support Team will instruct the user to resend the inquiry from the registered account. This is a mandatory step to verify user identity before any account-specific information is disclosed or altered.
  • Secondary Verification: In instances where a user no longer has access to their registered email, Support Specialists must initiate additional verification steps. This is a security measure designed to prevent unauthorized account takeovers.

The Verification Process

If secondary verification is required, Creately follows a structured investigative process to confirm account ownership. This process involves the following:

  1. Identity Assessment: Users will be asked a series of targeted verification questions relevant to their specific Creately account, workspaces, and recent activity.
  2. Internal Review: Our team will validate the provided answers against our internal records. This rigorous review process may take up to 24 hours to complete.
  3. Resolution: Access or account modifications will only be granted once the Support Specialist has successfully verified account ownership.

To expedite this process, we urge all users to provide accurate and detailed information to the best of their ability. These measures are in place to ensure that Creately remains a secure environment for all enterprise and individual data.

For further inquiries regarding our User Privacy Protocols, please contact the Creately Support Team at support@creately.com.

Privacy Policy

Effective Date: November 1st, 2024

This policy outlines how Cinergix Pty Ltd (trading as “Creately”) collects, uses, and protects your data when you use our website and applications (the “Service”). By using the Service, you agree to the collection and use of information as described below.

Key Definitions

To help you understand this policy, we use the following terms:

  • Personal Data: Information regarding a living individual who can be identified from that data.
  • User Content: The diagrams, workspace content, and collaborative data you actively create and share within Creately.
  • Usage Data: Data collected automatically, such as the duration of a page visit or technical diagnostic info.
  • Cookies: Small files stored on your device to track activity and remember preferences.
  • Data Controller: The entity (Creately) that determines how and why your personal data is processed.
  • Data Processor: Third-party service providers that process data on our behalf to improve service delivery.
  • Data Subject/ User: You, the individual using our Service and the subject of the Personal Data.

Types of Data Collected

1. User Content

User Content includes any data you actively create: diagrams, comments, messages, and sharing invitations.

  • Access: Your content is stored securely and accessed via your credentials.
  • Public vs. Private:
    • Public Tier: Diagrams are public and viewable by any website visitor.
    • Premium Tier: You choose between keeping content private, sharing via an obfuscated URL, or making it public.
  • Metadata: We store diagram descriptions and metadata essential for collaboration.
  • Clickstream Data: We track aggregated, anonymous behavior to improve the platform; this is never linked to your personal identity.

2. Personal Data

We collect Personally Identifiable Information (PII) to manage your account and communicate with you:

  • Details: Name, email, phone number, and physical/billing address.
  • Marketing: We may use this data to send newsletters or promotional offers. You can opt out at any time via the “unsubscribe” link or by contacting support.

3. Usage Data

Technical data collected automatically when you access Creately:

  • Desktop: IP address, browser type/version, pages visited, and time spent on the Service.
  • Mobile: Device type, unique ID, mobile OS, and diagnostic data.

4. Tracking & Cookies

We use cookies and similar technologies (beacons, tags, and scripts) to track activity and improve our Service. You can configure your browser to refuse cookies, though some features of the Service may become unavailable.

Use of Data

Cinergix Pty. Ltd. utilizes the data we collect for the following operational and strategic purposes:

1. Service & Collaboration

  • To provide and maintain the platform for creating and collaborating on diagrams.
  • To notify you of updates or changes made by your collaborators.
  • To allow participation in interactive features and provide customer support.

2. Maintenance & Improvement

  • To monitor usage and gather analytical insights to improve the Service.
  • To detect, prevent, and resolve technical or security issues.
  • To notify you about critical changes to our Service.

3. Marketing & Communications

  • To provide news, special offers, and information about similar products or events.
  • Note: You can opt out of these promotional communications at any time.

Retention of Data

Cinergix Pty. Ltd. maintains a strict data retention policy to ensure that information is only kept for as long as necessary to fulfill its intended purpose.

  • Personal Data & User Content: Retained to comply with legal obligations, resolve disputes, and enforce our agreements.
  • Usage Data: Generally kept for a shorter period for internal analysis. It may be held longer if required to enhance system security, improve platform functionality, or comply with legal mandates.

Transfer of Data

As a global platform, Creately operates across multiple jurisdictions. This section outlines how we manage the movement of information across borders while maintaining strict security standards.

  • Regional Residency: Your information is stored and processed in the region selected during signup (e.g., United States, European Union, or Australia). For organizational plans, this region is determined by your administrator.
  • Collaboration Transfers: If you share content with other users, your data may be transferred to their devices for access. These users may be located in jurisdictions outside your selected residency region.
  • Security Standards: We ensure all data transfers—whether to subsidiaries or shared users—are protected by rigorous security controls and managed in accordance with this Privacy Policy.
  • Consent: By using the Service and submitting your information, you agree to these necessary operational transfers.

Disclosure of Data

Cinergix Pty. Ltd. does not sell your personal data. However, we may disclose information to third parties under specific circumstances to ensure service delivery, maintain legal compliance, or facilitate business operations.

  • Service Providers: We share data with third-party vendors (such as hosting providers, payment processors, and analytics tools) solely to help us operate and improve the Service. These providers are contractually obligated to protect your data.
  • Business Transactions: If Creately is involved in a merger, acquisition, or asset sale, your data may be transferred. We will notify you before your information is moved or becomes subject to a new policy.
  • Legal Necessity: We may disclose Personal Data if required to:
    • Comply with legal obligations or valid government requests.
    • Protect the rights, property, or safety of Creately, our users, or the public.
    • Investigate potential wrongdoing or defend against legal liability.

Security of Data

The security of your information is a core priority at Creately. We employ industry-standard commercial measures to protect your data from unauthorized access, alteration, or disclosure.

Access Control and Authentication

To ensure that only authorized users can access their information, we enforce strict identity verification protocols:

  • Standard Authentication: Secure access via unique usernames and encrypted passwords.
  • Third-Party Identity Services: Integration with established identity providers (SSO) for streamlined and secure verification.
  • Verification Requirements: We may request identity verification before acting on specific account or data requests to prevent unauthorized takeovers.

Your Rights

Cinergix Pty. Ltd. provides all users with the ability to manage, correct, or limit the use of their Personal Data. We are committed to transparency and provide the following mechanisms for data control:

Data Deletion

Users may request the permanent removal of their data at any time.

  • Request Process: Contact our support team at support@creately.com.
  • Compliance: We process all deletion requests in accordance with applicable legal requirements to ensure data is removed permanently and securely.
GDPR & CCPA Compliance

For our users in the European Union (EU) and California (USA), we strictly adhere to the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Regardless of your location, we extend these high standards of data rights to our entire global user base:

  • Access & Portability: Request a copy of your data in a digital format.
  • Rectification: Correct inaccurate or incomplete information.
  • Erasure (Deletion): Request that we permanently remove your Personal Data.
  • Restriction & Objection: Limit or object to how we process your data.

How to Exercise Your Rights

  1. Direct Updates: Many personal details can be updated instantly within your Account Settings.
  2. Formal Requests: For data access, portability, or deletion, please email support@creately.com.

Note: For security purposes, we require identity verification before processing requests related to personal data access or deletion.

Service Providers

We use trusted third-party companies to operate and analyze our Service. These providers only access your data to perform specific tasks on our behalf and are prohibited from using it for any other purpose.

1. Analytics & Advertising

  • Google Analytics: Tracks website traffic. Google may use this data to personalize ads on its own network. Google Privacy Terms.
  • mParticle: Used for data analysis. You can opt out here.
  • Remarketing: We use Google AdWords to show ads to you based on your past visits. You can adjust settings via Google Ads Settings.

2. Payment Processing

We do not store your card details. Your payment information is sent directly to our processors, who comply with strict PCI-DSS security standards.

3. Temporary Service Providers

We may occasionally use other vendors for marketing or promotions. We only use services that align with our privacy standards, and your data is removed from their systems once their service is complete.

Our Service may contain links to external websites that are not operated by Cinergix Pty. Ltd. If you click on a third-party link, you will be redirected to that site.

  • No Control: We do not exercise control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services.
  • Recommendation: We strongly advise you to review the Privacy Policy of every website you visit to understand how your data will be handled by those entities.

Communication and Marketing

If you opt in during registration, your details will be used for direct marketing of our products and services.

  • Promotional Emails: You may receive news, product alerts, or special offers. You can opt out at any time by emailing support@creately.com.
  • Administrative Emails: These are non-promotional and focus on account details, customer support, or critical service changes.

Children’s Privacy

Creately is an enterprise and professional collaboration platform; our Service does not address and is not intended for individuals under the age of 18.

  • No Known Collection: We do not knowingly collect personally identifiable information from anyone under 18.
  • Parental Action: If you are a parent or guardian and become aware that a minor has provided us with Personal Data, please contact us immediately.
  • Remediation: If we verify that we have collected data from a child without parental consent, we will take immediate steps to remove that information from our servers.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements.

  • Notification: We will notify you of significant changes via email and/or a prominent notice on our Service before the changes become effective.
  • Effective Date: The “Effective Date” at the top of the policy will be updated accordingly.
  • Review: Changes are effective once posted on this page. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.