Privacy Policy

Craft.Social — Privacy Policy

Effective Date: 06 November 2025
Operator / Data Controller: Dragon Media LLCfz, Dubai, United Arab Emirates (“Dragon Media”, “we”, “us”, “our”)
Service: Craft.Social websites, apps, APIs, SDKs, and any related services (collectively, the “Service”).

Summary (not a substitute for the policy): We collect personal data you provide (like account details, payment data via our processors, support communications), data generated through your use of the Service (logs, usage, device data), and User Materials (inputs, uploads, prompts, chat logs, bot settings, outputs, etc.). As described in our Terms of Service, User Materials are owned by Dragon Media and are not treated as confidential. We use personal data to operate the Service, secure it, comply with law, improve our models and products, and, where allowed, for analytics and marketing. Do not submit confidential or highly sensitive data. You may have rights to access, correct, or delete your personal data depending on where you live.

Legal note: This document is a general template and not legal advice. Privacy and data-protection laws vary by country and region. You should have a UAE-qualified and, if relevant, EU/UK or other local counsel review before publishing.

⸻

1) Scope

This Privacy Policy describes how Dragon Media collects, uses, discloses, and protects personal data when you:
• visit or use Craft.Social websites;
• use our apps, APIs, SDKs, or integrations;
• create or interact with chatbots/agents (“User Bots”);
• communicate with us (support, email, social, etc.).

This Policy is incorporated into our Terms of Service (“Terms”). Capitalized terms not defined here have the meaning given in the Terms. If there is a conflict between this Policy and the Terms regarding ownership and use of User Materials, the Terms control.

2) Personal Data We Collect

We may collect the following categories of information:

2.1 Account & Profile Information
• Identification / contact details such as name, username/handle, email address, and any profile information you choose to provide (e.g., avatar, display name, short bio).
• Account credentials such as hashed passwords or authentication tokens (we do not store your plain-text password).

2.2 Usage Data & Technical Information
• Log data such as IP address, browser type, operating system, device identifiers, language settings, referring URLs, pages viewed, actions taken, and timestamps.
• Device and network data, including approximate location inferred from IP address, connection type, performance metrics, and error logs.
• In-product telemetry and analytics (for example: which features you use, frequency, success/error rates, latency).

2.3 Payment & Billing Data
• Payment-related information (e.g., card type, billing address, partial card details) processed via third-party payment providers.
• Transaction information such as purchased token bundles, subscriptions, invoices, amounts, and currency.
We do not store full payment card numbers; this data is handled by our payment processors.

2.4 User Materials (as defined in the Terms)
• Inputs/Prompts: text, audio, images, video, code, or other content you or your systems submit to the Service.
• Uploads: datasets, files, training data, and other content you store or host through the Service.
• Outputs: AI-generated text, audio, image, video, or other content generated through your use of the Service.
• User Bots: your custom bots/agents, including their configuration, instructions, memory, training data, and metadata.
• Interactions: chat logs, ratings, flags, feedback, and other interaction data with the Service and User Bots.
As described in the Terms, User Materials are assigned or licensed to Dragon Media and are not treated as confidential.

2.5 Communications & Support
• Messages you send to us (support tickets, emails, feedback forms, reports of abuse, social media messages).
• Metadata associated with communications (timestamps, channel, involved accounts).

2.6 Cookies & Similar Technologies
We may use cookies, local storage, pixels, and similar technologies to:
• keep you logged in and maintain sessions;
• remember preferences and settings;
• measure usage and performance;
• support security and fraud prevention.
You may control cookies through your browser settings, but some features may not function properly if you disable essential cookies.

3) How We Use Personal Data

We use personal data for the following purposes:

3.1 Providing and Operating the Service
• creating and managing user accounts;
• authenticating users and securing access;
• delivering responses, generating media, and operating User Bots;
• processing token usage, subscriptions, and payments.

3.2 Improving Models and Services
Consistent with our Terms, we may use User Materials and usage data to:
• train, fine-tune, evaluate, and improve models;
• develop new features and products;
• improve quality, reliability, and safety of outputs;
• analyze performance, usability, and user experience.

3.3 Safety, Security, and Abuse Prevention
• monitoring for fraud, spam, abuse, or security threats;
• detecting and addressing violations of our Acceptable Use Policy;
• applying filters and moderation tools (including automated and human review);
• protecting the Service, our infrastructure, and our users.

3.4 Legal, Compliance, and Enforcement
• complying with applicable laws, regulations, and law-enforcement requests;
• enforcing our Terms, policies, and rights;
• preventing, investigating, or addressing illegal activity, disputes, or claims.

3.5 Analytics and Reporting
• aggregating or de-identifying data to understand usage trends and performance;
• generating internal business reports and metrics;
• optimizing infrastructure, costs, and capacity planning.

3.6 Communications and Marketing
• responding to your inquiries and support requests;
• sending transactional emails (security alerts, billing notifications, feature changes);
• where permitted by law, sending you product updates, offers, or newsletters.
You may opt out of non-essential marketing emails at any time using the unsubscribe link or by contacting us.

4) Legal Bases (Where Applicable)

In jurisdictions that require a legal basis (e.g., EU/EEA, UK), we rely on:
• Performance of a contract: to provide and operate the Service you requested;
• Legitimate interests: to secure and improve the Service, prevent abuse and fraud, and develop our business;
• Consent: for certain cookies, marketing, or specific uses where required by law;
• Legal obligations: to comply with applicable laws or respond to lawful requests.

Where we rely on consent, you can withdraw it at any time, but this will not affect processing that has already occurred.

5) How We Share Personal Data

We do not sell your personal data in the traditional sense of selling lists of users. We may share personal data with:

5.1 Service Providers and Vendors
• cloud hosting and storage providers;
• AI infrastructure and model providers;
• payment processors and billing partners;
• analytics, logging, and error-tracking tools;
• customer-support and communication platforms.
These providers are contractually obligated to use personal data only as necessary to provide services to us.

5.2 Business Partners and Integrations
If you choose to enable integrations (e.g., use our API in your product, connect from a third-party platform), we may share and receive data as needed to operate that integration. The third party’s own terms and privacy policy will also apply.

5.3 Legal, Protection, and Safety
We may disclose information if we believe in good faith that it is necessary to:
• comply with applicable laws, regulations, or legal processes;
• respond to lawful requests from authorities;
• enforce our Terms or protect our rights, property, or safety or that of others;
• investigate or prevent fraud, abuse, or security incidents.

5.4 Corporate Transactions
In the event of a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, personal data may be transferred as part of the transaction, subject to continued protections consistent with this Policy.

5.5 Public or Shared Content
If the Service allows public bots, shared links, galleries, or similar features, content you choose to make public may be visible to others, indexed, or reshared. Use caution when deciding what to make public.

6) International Transfers

We operate from the United Arab Emirates and may process and store personal data in other countries. This means your data may be transferred to and processed in jurisdictions with different data-protection laws than your home country.

By using the Service, you consent to such cross-border transfers. Where required by law, we implement appropriate safeguards (such as contractual protections) to protect your personal data.

7) Retention

We retain personal data for as long as reasonably necessary to:
• provide and operate the Service;
• meet our legal, accounting, and reporting obligations;
• resolve disputes and enforce our agreements;
• maintain security and abuse-prevention systems.

Some logs and backups may be retained for a limited period after account closure for security, fraud detection, or legal compliance. We may retain aggregated or de-identified data that no longer identifies you for longer periods.

8) Your Choices and Rights

Depending on your location, you may have certain rights with respect to your personal data, including:

• Access: request confirmation whether we process your personal data and receive a copy.
• Rectification: request correction of inaccurate or incomplete personal data.
• Deletion: request deletion of your personal data, subject to legal and contractual limits.
• Restriction: request that we restrict certain processing in specific circumstances.
• Portability: request a copy of certain personal data in a structured, commonly used format.
• Objection: object to processing based on our legitimate interests or for direct marketing.
• Consent withdrawal: withdraw consent where processing is based on consent.

To exercise these rights, contact us at [email protected] or [email protected]. We may ask for verification of your identity where permitted by law. We may not be able to fulfill a request where doing so would conflict with legal obligations, security needs, or our rights under the Terms (including our ownership and use rights in User Materials).

Note: Because User Materials are assigned/licensed to us and are not treated as confidential, we may retain and use User Materials even if you delete your account, to the extent allowed by law and our Terms.

9) Children and Minors

The Service is intended for adults. As stated in our Terms, you must be at least 18 (or the age of majority in your jurisdiction, if higher) to create an account or use the Service. We do not knowingly collect personal data from children under 18. If you believe a child has provided us data in violation of this Policy, please contact us, and we will take appropriate steps to delete such data where required.

10) Security

We use technical and organizational measures designed to protect personal data, including:
• access controls and authentication;
• encryption in transit (e.g., HTTPS);
• logging, monitoring, and rate-limiting;
• backups and disaster-recovery procedures.

However, no system is completely secure. You are responsible for:
• keeping your account credentials confidential;
• using strong passwords and enabling available security features;
• promptly notifying us if you suspect unauthorized access to your account.

11) AI-Specific Practices and Human Review

Because our Service is AI-driven:

• User Materials (including prompts, uploads, and outputs) may be:
– logged and reviewed (by humans and/or automated systems) for moderation, safety, abuse detection, and debugging;
– used for training, evaluation, and improvement of models and safety systems as described in the Terms.
• We may apply filters, classifiers, or routing logic to detect harmful or prohibited content.
• We may block, throttle, or modify responses to comply with our Acceptable Use Policy and legal obligations.

Do not submit confidential, sensitive, or legally protected data (such as health records, biometric data, or others’ personal data) unless you have a lawful basis and all necessary consents.

12) Third-Party Sites and Services

The Service may contain links to third-party websites, apps, or services. Our Privacy Policy does not apply to those third parties, and we are not responsible for their content, privacy practices, or policies. We encourage you to review the privacy policies of any third-party services you use.

13) Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:
• posting the updated Policy with a new Effective Date; and/or
• providing additional notice (e.g., email or in-product notification), where required.

Your continued use of the Service after any changes become effective means you accept the updated Policy.

14) Contact Us

For questions, requests, or complaints regarding this Privacy Policy or our handling of personal data, you may contact us at:

Dragon Media LLCfz
Dubai, United Arab Emirates

Privacy / Data Protection: [email protected]
Support: [email protected]
Legal: [email protected]

We will review and respond to legitimate requests within a reasonable period and in accordance with applicable law.