Privacy Policy

Effective Date: March 18, 2026

Last Updated: March 19, 2026

1. Introduction

Welcome to CoCreatea (“we,” “us,” or “our”). CoCreatea is a creative collaboration platform connecting musicians, rappers, producers, singers, and visual artists worldwide.

This Privacy Policy explains what personal information we collect, why we collect it, how we use it, and what rights you have. We serve users globally and are committed to complying with:

  • GDPR — General Data Protection Regulation (European Union)
  • CCPA/CPRA — California Consumer Privacy Act / California Privacy Rights Act (United States)
  • DPDP Act 2023 — Digital Personal Data Protection Act (India)
  • COPPA — Children's Online Privacy Protection Act (United States)

By creating an account on CoCreatea, you acknowledge that you have read and understood this Privacy Policy.

Language Access (DPDP Act): Indian users may request this Privacy Policy in any language listed in the Eighth Schedule of the Indian Constitution by contacting us at privacy@cocreatea.com.

2. Information We Collect

A. Information You Provide at Signup

  • Full name
  • Email address
  • Location (city/region, as typed by you)
  • Gender

B. Profile Information

To match you with relevant collaborators:

  • Musical genre(s) and creative skills
  • Artist bio
  • Portfolio uploads — audio files, tracks, images, and videos

C. Usage & Behavioral Data

Automatically collected when you use CoCreatea:

  • Hashed IP address — a cryptographic hash of your IP (we do not store your raw IP address)
  • Login location — city/region level, derived from your hashed IP
  • Session activity — page navigation, session duration, and interaction patterns via Google Analytics and Microsoft Clarity

D. Device & Technical Information

  • Browser type and version
  • Operating system
  • Screen resolution and device type
  • Language and timezone settings

This is used exclusively for platform security and fraud prevention.

E. Communications

If you contact our support team, we retain those communications to resolve your request.

3. CCPA Categories of Personal Information Collected

As required under California law, we disclose the following categories of personal information collected in the past 12 months:

CCPA CategoryExamplesCollected
IdentifiersName, email address, hashed IP✅ Yes
Internet / Network ActivityBrowsing behavior, session data, clicks✅ Yes
Geolocation DataCity/region level only (not precise GPS)✅ Yes
Audio/Visual InformationPortfolio audio, video uploads✅ Yes
Professional/Employment InfoMusical skills, genre, bio✅ Yes
InferencesArtist matching scores, collaboration fit✅ Yes
Sensitive Personal InformationGender (collected at signup)✅ Yes
Financial InformationNone❌ No
Biometric DataNone❌ No

Sensitive Personal Information: We collect gender at signup. Under CPRA, this is classified as sensitive personal information. We use it solely for platform personalization and artist matching. We do not use it for advertising, and we do not sell or share it with third parties.

4. How We Use Your Information

PurposeData UsedLegal Basis
Account creation and managementName, email, gender, locationContract (GDPR Art. 6(1)(b))
Artist matching and collaborationGenre, skills, bio, portfolioContract / Legitimate Interest
Platform improvementUsage data, session behaviorLegitimate Interest (GDPR Art. 6(1)(f))
Fraud detection and platform safetyHashed IP, device data, behavioral signalsLegitimate Interest (GDPR Art. 6(1)(f))
Transactional emailsEmail addressContract
AnalyticsUsage patterns via GA4 and Microsoft ClarityLegitimate Interest / Consent (EU users)
SupportCommunications dataLegitimate Interest

We do not sell your personal data. We do not use your data for targeted advertising.

5. Platform Safety & Fraud Detection

CoCreatea operates a multi-layered safety system to protect artists from fake profiles, scam requests, and abuse. This includes:

  • Hashed IP logging — detecting multiple accounts from the same source
  • Login location monitoring — flagging geographically inconsistent logins
  • Device signal analysis — identifying suspicious or automated signups
  • Behavioral pattern analysis — distinguishing genuine users from bots based on interaction patterns
  • Portfolio duplicate detection — detecting the same content uploaded across multiple accounts

Automated Processing Notice (GDPR Art. 22): Our fraud detection system may automatically flag or temporarily restrict accounts based on the above signals. If your account is affected, you have the right to request human review by contacting us at tech-support@cocreatea.com. We will respond within 7 business days.

This processing is based on Legitimate Interest (GDPR Art. 6(1)(f); DPDP Act Section 7). Fraud detection logs are retained for a maximum of 6 months and are never used for any purpose other than platform safety.

6. Third-Party Services & Data Processors

ServiceProviderPurposeData Shared
Google Analytics 4Google LLC (USA)Usage analyticsAnonymized usage data
Google Tag ManagerGoogle LLC (USA)Tag and tracking managementTechnical metadata
Microsoft ClarityMicrosoft Corp. (USA)Session recording, heatmapsInteraction data
Amazon S3AWS (USA)Storing portfolio uploadsFiles you upload
Amazon SESAWS (USA)Transactional emailsYour email address

Important — Microsoft Clarity: Microsoft Clarity records mouse movements, clicks, scrolls, and page interactions on CoCreatea. This data helps us improve the platform. Clarity may reconstruct visual sessions of your activity. By using CoCreatea, EU users who have provided analytics consent acknowledge this recording. You can opt out at any time via our cookie settings.

All third-party processors operate under data processing agreements and are only permitted to process your data for the purposes we specify.

7. Cookies & Tracking

Cookie TypePurposeConsent Required
EssentialLogin sessions, security, CSRF protection❌ No (necessary)
AnalyticsGA4 — usage patterns and platform improvement✅ Yes (EU users)
Behavioral RecordingMicrosoft Clarity — session heatmaps✅ Yes (EU users)
PreferenceSaving your settings❌ No

EU/UK users: We request consent before placing non-essential cookies. You may withdraw consent at any time via our cookie settings panel.

All users: You can manage or disable cookies through your browser settings. Note that disabling essential cookies will affect platform functionality.

8. Data Retention

Data TypeRetention Period
Account and profile dataUntil account is deleted
Portfolio uploads (audio/video)Until account is deleted
Fraud detection and security logsMaximum 6 months
Support communications1 year from resolution
Analytics dataPer Google's and Microsoft's default retention settings

Account Deletion: When you delete your account, all personal data — including your profile, portfolio, and account information — is permanently and irreversibly deleted from our databases within 5 minutes. You will receive no further emails from CoCreatea after deletion.

9. Your Rights

All Users

  • Access — Request a copy of your personal data
  • Correction — Update profile information at any time within the platform
  • Deletion — Delete your account and all data via platform settings (completed within 5 minutes)
  • Complaints — Contact us at privacy@cocreatea.com

EU / UK Users (GDPR)

  • Right to restrict processing
  • Right to data portability — receive your data in a machine-readable format
  • Right to object — object to processing based on legitimate interest, including fraud detection
  • Right to withdraw consent — for analytics cookies, withdraw at any time
  • Right to human review — if automated fraud detection affects your account, contact tech-support@cocreatea.com
  • Right to lodge a complaint with your national Data Protection Authority (DPA)

California Users (CCPA/CPRA)

  • Right to know — what personal information we collect and how it is used
  • Right to delete — request deletion of your personal information
  • Right to correct — request correction of inaccurate information
  • Right to opt-out — CoCreatea does not sell or share personal information for cross-context behavioral advertising
  • Right to limit use of sensitive personal information — contact privacy@cocreatea.com
  • Right to non-discrimination — exercising your rights will never affect your access to CoCreatea

Indian Users (DPDP Act 2023)

  • Right to access — request information about your personal data
  • Right to correction and erasure
  • Right to withdraw consent — at any time without affecting prior lawful processing
  • Right to grievance redressal — contact privacy@cocreatea.com
  • Right to complain to the Data Protection Board of India (DPBI)

10. Children's Privacy

CoCreatea is intended for users aged 13 and above. We do not knowingly collect personal data from children under 13. If you believe a minor under 13 has created an account, please contact privacy@cocreatea.com immediately and we will delete the account and all associated data promptly.

11. International Data Transfers

CoCreatea is operated from India and serves users globally. Your data may be transferred to and processed in countries where our third-party providers operate, primarily the United States (Google, Microsoft, Amazon Web Services). For transfers from the EU/EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.

12. Changes to This Policy

We may update this Privacy Policy periodically. When significant changes are made, we will notify you via email or a prominent platform notice at least 14 days before the changes take effect. Continued use of CoCreatea after changes are posted constitutes acceptance of the updated policy.

13. Contact & Grievance Officer

Privacy & Data Requests

📧 privacy@cocreatea.com
🌐 https://www.cocreatea.com

Technical Support & Account Issues

📧 tech-support@cocreatea.com
🌐 https://www.cocreatea.com

privacy@cocreatea.com is designated as the Grievance Officer under India's Digital Personal Data Protection Act, 2023.

We aim to respond to all privacy-related requests within 30 days. For urgent matters, within 7 business days.