CreateBase
    Back to Legal

    Our Privacy Policy

    Effective Date: January 26, 2026

    Last Updated: March 25, 2026

    The Cur8 Group Corp and its affiliates ("CreateBase," "Company," "we," "us," or "our") are committed to protecting your privacy while operating our innovative platform for artists and creators. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access our website, software platform, mobile applications, or interact with our services (collectively, the "Services").

    By using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy, our Terms of Service, and our End User License Agreement. If you do not agree with these terms, you must discontinue use of the Services immediately.

    1. Information We Collect

    1.1 Information You Provide Directly

    Account and Profile Information: Name, email address, username, password, billing address, phone number, professional credentials, and any profile information you choose to provide.

    Payment and Financial Information: Credit card details, bank account information, tax identification numbers, and payment preferences, processed through secure third-party payment processors who maintain PCI DSS compliance.

    Royalty Platform Access Information: Login credentials, account numbers, security questions, access tokens, and other authentication information for third-party royalty platforms (PROs, distributors, streaming services) that you authorize us to access on your behalf as your authorized agent under our EULA and Letters of Direction.

    Identity Verification Information: For identity verification and compliance purposes, we may collect government-issued identification documents (driver's license, passport, etc.), Social Security numbers, date of birth, and other identifying information through our third-party identity verification provider, Persona Identities, Inc.

    Content and Intellectual Property: All music, audio files, compositions, lyrics, metadata (including song titles, writer credits, ISRCs, ISWCs, publisher information, splits, and registration data), artwork, biographical information, and related intellectual property you upload, create, or submit through our platform.

    Communications: Messages, feedback, support requests, and any other communications you send to us or through our platform.

    1.2 Information We Collect Automatically

    Usage Analytics: Detailed interaction data including pages accessed, features used, time spent, click patterns, search queries, and user journey analytics.

    Technical Information: IP address, browser type and version, device identifiers, operating system, screen resolution, time zone, referring URLs, and mobile network information.

    Performance Data: System performance metrics, error logs, crash reports, and diagnostic information necessary for platform optimization.

    Location Data: General geographic location derived from IP address and, with your explicit consent, precise location from mobile devices.

    1.3 Mobile App Specific Data

    Device Permissions: Our mobile app may request access to:

    • Camera: For profile photos and content creation (with your permission)
    • Microphone: For audio recording and voice features (with your permission)
    • Storage: To save files and cache content for offline access
    • Location: For location-based features (with your explicit consent)

    App Usage Data: Information about how you use our mobile app, including features accessed, time spent in app, and crash reports.

    Push Notifications: We may send push notifications for important updates, with options to customize preferences in your device settings.

    1.4 Information from Third Parties

    Integration Partners: Data from streaming platforms, social media accounts, and other music industry services you connect to our platform.

    Public Sources: Publicly available information about your musical works, performances, and professional activities.

    Business Partners: Information from record labels, publishers, distributors, and other industry partners as necessary for royalty collection and rights management.

    2. How We Use Your Information

    Our Core Commitment: We NEVER use your creative content or personal data to train AI models.
    This is our unwavering promise to the creative community. Your artistic works, personal information, and usage patterns will never be used to develop, train, or improve artificial intelligence systems.

    2.1 Platform Operations and Services

    • Create, maintain, and secure your account
    • Process payments, royalties, and financial transactions
    • Provide customer support and technical assistance
    • Deliver core platform functionality and features
    • Facilitate rights management and royalty collection

    2.2 Platform Improvement and Development

    • Analyze usage patterns to enhance user experience
    • Develop new features and functionality
    • Improve platform security and performance
    • Conduct quality assurance and testing

    2.3 Communications and Marketing

    • Send transactional notifications and service updates
    • Provide important account and security information
    • Deliver promotional content and industry updates (with your consent)
    • Facilitate community features and networking opportunities

    2.4 Legal and Business Operations

    • Enforce our Terms of Service and other agreements
    • Comply with applicable laws and regulations
    • Protect against fraud, abuse, and security threats
    • Defend our legal rights and interests
    • Facilitate business transactions and partnerships

    2.5 Analytics and Research

    • Generate anonymized, aggregated insights about platform usage
    • Conduct market research and industry analysis
    • Create statistical reports (with all personally identifiable information removed)

    2.6 Operational AI Tools

    While we never use your creative content or personal data to train AI models, we may use commercially available AI services for specific operational purposes that do not involve training on your data:

    • Customer Support: AI-powered chatbots using pre-trained models (Claude, ChatGPT) for basic support inquiries
    • Fraud Detection: Automated systems to detect suspicious account activity using industry-standard tools
    • Platform Optimization: AI tools to improve website performance and user experience
    • Content Moderation: Automated policy violation detection (without storing or training on your content)

    Important: These tools process your data only to provide immediate Services to you. Your data is never retained by these AI providers or used to improve their models. For details on how specific AI providers handle data, see Section 10.1.

    3. Information Sharing and Disclosure

    We do not sell your personal information. We may share information only in the following limited circumstances:

    3.1 Service Providers and Business Partners

    We engage carefully vetted third-party service providers who:

    • Are bound by strict confidentiality agreements
    • Process data solely for specified business purposes
    • Maintain appropriate security standards
    • Include payment processors, hosting providers, analytics services, and customer support tools

    3.2 Industry Partners and Rights Organizations

    With your explicit consent, we may share relevant information with:

    • Performance rights organizations (ASCAP, BMI, SESAC)
    • Record labels and publishers
    • Streaming platforms and distributors
    • Music industry databases and registries

    3.3 Legal Requirements and Protection

    We may disclose information when we have a good faith belief that disclosure is:

    • Required by law, regulation, or legal process
    • Necessary to protect our rights, property, or safety
    • Needed to investigate potential violations of our terms
    • Required to prevent fraud or security threats

    3.4 Business Transactions

    In connection with any merger, acquisition, financing, or sale of assets, we may transfer information as part of such transaction, provided the receiving party agrees to honor this Privacy Policy.

    3.5 With Your Explicit Consent

    We will share information with third parties only when you provide clear, informed consent for specific purposes.

    4. Data Security and Protection

    We implement enterprise-grade security measures including:

    • Encryption: All data transmitted and stored is encrypted using industry-standard protocols
    • Access Controls: Strict role-based access with multi-factor authentication
    • Infrastructure Security: Secure cloud hosting with regular security audits
    • Incident Response: Comprehensive procedures for detecting and responding to security threats
    • Employee Training: Regular security awareness training for all staff

    While we employ robust security measures, no system can guarantee absolute security. We continuously monitor and improve our security practices.

    5. Data Breach Notification

    In the unlikely event of a data breach that may affect your personal information, we will:

    • Immediate Response: Contain the breach and assess the scope within 24 hours
    • User Notification: Notify affected users within 72 hours via email and in-app notification
    • Regulatory Reporting: Report to relevant authorities within required timeframes
    • Transparency: Provide clear information about what happened, what data was affected, and steps we're taking
    • Protective Measures: Offer guidance on steps you can take to protect yourself

    We maintain detailed incident response procedures and regularly test our breach response capabilities.

    6. Your Privacy Rights and Controls

    6.1 Account Access and Management

    • Access and review your personal information through your account dashboard
    • Update or correct inaccurate information at any time
    • Download a copy of your data in portable formats

    6.2 Privacy Controls

    • Communication Preferences: Control marketing and promotional communications
    • Data Sharing: Manage how your information is shared with industry partners
    • Privacy Settings: Adjust visibility of profile information and content

    6.3 Data Subject Rights (Where Applicable)

    Depending on your jurisdiction, you may have additional rights including:

    • Right to Deletion: Request removal of your personal information
    • Right to Rectification: Correct inaccurate or incomplete data
    • Right to Portability: Receive your data in machine-readable format (JSON, CSV)
    • Right to Restriction: Limit how we process your information
    • Right to Object: Opt out of certain processing activities

    6.4 Exercising Your Rights

    To exercise these rights, contact us at legal@createbase.com. We will respond within 30 days and may require identity verification to protect your information.

    7. Data Retention

    We retain your information for specific periods based on data type and purpose:

    • Account Data: Retained for 3 years after account closure for legal and business purposes
    • Creative Content and Metadata: Retained for 7 years after account closure to support ongoing rights management, royalty collection, and audit requirements. May be retained longer if required by law, ongoing royalty claims, or unresolved disputes. You may request earlier deletion subject to our legal and contractual obligations.
    • Financial Records: Retained for 7 years as required by tax and accounting regulations
    • Usage Analytics: Aggregated data retained for 2 years, individual usage data for 1 year
    • Support Communications: Retained for 3 years for quality assurance and legal purposes
    • Marketing Data: Retained until consent is withdrawn or 2 years of inactivity
    • Royalty Data: Retained for 7 years after final payment for audit purposes

    We may retain certain information longer if required by law, regulation, or legitimate business interests such as ongoing legal proceedings or unresolved royalty claims.

    8. International Data Transfers and Processing

    Primary Data Location: United States

    Your information may be processed and stored in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including:

    • Standard Contractual Clauses (SCCs)
    • Adequacy decisions where available
    • Other legally recognized transfer mechanisms

    For detailed information about our data processing practices and international transfer safeguards, please refer to our Data Processing Agreement.

    9. Cookies and Tracking Technologies

    We use cookies, web beacons, and similar tracking technologies to enhance your experience and analyze platform usage:

    9.1 Types of Cookies We Use

    • Essential Cookies: Required for platform functionality, security, and user authentication
    • Analytics Cookies: Help us understand how users interact with our platform (Google Analytics, etc.)
    • Performance Cookies: Monitor platform performance and identify technical issues
    • Functional Cookies: Remember your preferences and settings

    9.2 Cookie Management

    You can control cookies through your browser settings. However, disabling certain cookies may limit platform functionality.

    For detailed cookie information and management options, visit our Cookie Policy in your account settings.

    10. Third-Party Services and Partners

    We work with carefully selected third-party service providers to deliver our platform:

    10.1 Service Providers

    We work with the following authorized service providers:

    Service ProviderPurposeLocation
    Amazon Web Services, Inc.Cloud infrastructure and hostingUnited States
    Stripe, Inc.Payment processing and billingUnited States
    Supabase, Inc.Database services and authenticationUnited States
    OpenAI L.P.AI processing and analysis servicesUnited States
    Anthropic PBCAI processing and analysis servicesUnited States
    Vercel Inc.Frontend hosting and deploymentUnited States
    Netlify, Inc.Web hosting and deployment servicesUnited States
    Slack Technologies, Inc.Internal communication and notificationsUnited States
    Persona Identities, Inc.Identity verification and KYC servicesUnited States

    10.2 External Links

    Our platform may contain links to external websites. We are not responsible for the privacy practices of these external services. We encourage you to review their privacy policies before providing any information.

    11. Children's Privacy

    Our Services are intended for users 18 years of age and older. We do not knowingly collect information from children under 18. If we discover such collection, we will promptly delete the information and terminate the account.

    12. California Privacy Rights

    California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

    California residents have additional rights including the right to know about personal information collection and sharing, delete personal information, and opt out of the sale of personal information. We do not sell personal information.

    12.1 Categories of Personal Information We Collect

    Under CCPA, we collect the following categories of personal information:

    • Identifiers: Name, email, phone number, IP address, device identifiers
    • Financial Information: Payment details, bank account information, tax identification numbers
    • Government Identifiers: Social Security numbers, driver's license numbers (for identity verification)
    • Biometric Information: May be collected through identity verification processes
    • Commercial Information: Subscription history, payment records, service usage
    • Internet Activity: Website usage, search history, interaction with our services
    • Professional Information: Music industry credentials, business relationships
    • Creative Content: Musical works, compositions, metadata, and related intellectual property

    12.2 Sensitive Personal Information

    We collect and process the following sensitive personal information:

    • Government Identification: Driver's license, passport, or state ID for identity verification
    • Social Security Numbers: For tax reporting and identity verification purposes
    • Financial Account Information: Bank account details for royalty payments
    • Biometric Data: May be processed during identity verification (e.g., facial recognition)

    Purpose: This sensitive information is used solely for:

    • Identity verification and fraud prevention
    • Compliance with financial regulations and tax reporting requirements
    • Facilitating royalty payments and distributions
    • Meeting legal obligations under music industry regulations

    12.3 Your CCPA Rights

    California residents may exercise the following rights:

    • Right to Know: Request disclosure of personal information categories, sources, purposes, and third parties we share with
    • Right to Delete: Request deletion of personal information (subject to legal and business exceptions)
    • Right to Correct: Request correction of inaccurate personal information
    • Right to Opt-Out: Opt out of sale/sharing of personal information (we do not sell personal information)
    • Right to Limit Sensitive Information: Request limitation on use of sensitive personal information
    • Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights

    For CCPA requests, contact legal@createbase.com. We will respond within 45 days and may require identity verification to protect your information.

    13. European Privacy Rights

    General Data Protection Regulation (GDPR):

    For EU/UK residents, we process personal data under the following legal bases:

    • Contract Performance: To provide our services
    • Legitimate Interests: For platform improvement and security
    • Legal Compliance: To meet regulatory requirements
    • Consent: For marketing and optional features

    14. Updates to This Privacy Policy

    We may update this Privacy Policy to reflect:

    • Changes in our practices or services
    • Legal or regulatory requirements
    • Industry standards and best practices

    Material changes will be communicated through:

    • Email notification to registered users
    • Prominent notice on our website
    • In-app notifications

    Continued use after the effective date constitutes acceptance of the updated policy.

    15. Contact Information

    Privacy Officer

    The Cur8 Group Corp

    13223 Black Mountain Rd. Ste #1189

    San Diego, CA 92129

    Email: legal@createbase.com

    For privacy-related inquiries and data subject requests

    This Privacy Policy is effective as of the date listed above and governs your use of our Services from that date forward.