cr8.rs
Sign up

cr8rs Privacy Policy

Last Updated: Jan 17, 2026

Your privacy is important to us. This Privacy Policy explains what information cr8rs collects, how we use it, how we store and protect it, and your rights regarding your information. By using cr8rs, you consent to the data practices described in this Policy. This policy applies to all users (Creators, Contributors, and Visitors).


1. Information We Collect

1.1. Information You Provide

  • Creators: Name, email address, phone number, connected content platform account ID (e.g., YouTube channel ID), profile display name, avatar, bio, and content category/type. For payouts: Khalti wallet ID, bank account details and identification documents for KYC verification.
  • Contributors: Name (display name), contact number/email address(if requested for receipt or verification), tip amount, currency, and any message submitted with a tip. If you create a Contributor profile, we save your name and contact info for convenience.
  • Communications: Contact info and the content of any communications you send to cr8rs support.

1.2. Information From Third Parties

  • Payment Processors: When you make a payment, the third-party gateway provides us with payment confirmation and basic payer information (transaction ID, phone number or partial account info). We do not see your full card number, wallet balance or sensitive financial details.
  • Google Login: If you log in with Google, we receive your name, email, and profile image from your Google account (see Chapter 4).
  • Content Platforms: In some cases, we may integrate with content platform APIs (e.g., YouTube Data API v3) to verify your account or fetch your channel/profile information for display on cr8rs.

1.3. Information Collected Automatically

  • Usage Data: IP address, browser type, device information, pages visited, dates/times of access, login events, tip alert events and form interactions.
  • Analytics Technologies: We use Google Analytics and PostHog to collect information about how users interact with our Platform. These tools may collect browsing behavior and interaction data. We use this data internally to improve the Service.

2. How We Use Your Information

  • Service Delivery: To operate the cr8rs monetization platform - processing payments, delivering tip and monetization notifications, creating Creator profile pages, routing transactions to the correct account, and powering widgets and tools.
  • Account Management: To create and maintain your account, authenticate logins, and provide customer support. We use your email to send important account and transactional communications (welcome emails, payment receipts, payout confirmations, security alerts).
  • Verification and Security: To verify identities and fulfil KYC requirements. To detect and prevent fraud, spam and abuse. Automated systems may analyze transactions and usage patterns for risk flags.
  • Communication: To send service-related communications. We may also send newsletters or promotional emails about new features if you have opted in.
  • Improvement of Services: Using analytics to understand how users interact with cr8rs so we can improve the user experience, add new features and refine the Platform.
  • Personalization: To tailor aspects of the service to you - e.g., remembering a Contributor's name for pre-filled fields or suggesting tips to Creators on how to boost engagement.
  • Compliance and Legal: To fulfil our internal compliance obligations and assist with AML/CFT best practices where applicable. cr8rs is not a regulated payment operator, but voluntarily monitors transactions and may report suspicious activities to authorities such as Nepal Rastra Bank's Financial Information Unit if required. To handle disputes and enforce our T&C.

3. How We Share Your Information

cr8rs will never sell your personal data to third parties. We share information only in the following circumstances:

  • Between Users: When a Contributor sends a tip, the Creator sees the Contributor's display name, message, and tip amount. The Creator does not see payment details or personal contact info.
  • Payment Processors: We share necessary details with payment gateways to complete transactions (transaction ID, creators username etc). These processors operate under their own privacy policies.
  • Service Providers: Cloud hosting providers, Google Analytics, PostHog, email/SMS communication tools, and KYC/identity verification partners including ThirdFactor (for liveness and document verification). These providers are bound by confidentiality and security obligations and are only authorized to use data for the purposes cr8rs specifies.
  • Legal and Compliance: We may disclose information to courts, law enforcement or regulatory authorities (including Nepal Rastra Bank's Financial Information Unit) if required by law, good faith belief, legal process or to protect rights and safety.
  • Business Transfers: If Meta Stream Incorporated Pvt. Ltd. is involved in a merger, acquisition or sale of assets, your information may be transferred to the successor entity. cr8rs will ensure the successor respects this Privacy Policy or will provide notice and choices to users.

4. Data Security

cr8rs takes the security of your data seriously:

  • Encryption: The cr8rs website uses HTTPS encryption for all data in transit (SSL/TLS). Sensitive data are stored in encrypted or hashed form.
  • Access Controls: Access to personal data is restricted to authorized staff. Strict authentication, access logs and administrative security policies are in place.
  • Security Testing: cr8rs periodically reviews systems for vulnerabilities. This includes code reviews, penetration testing and keeping software and dependencies up to date with security patches.
  • PCI Compliance: cr8rs does not see or store credit/debit card numbers. All card transactions are processed entirely by our certified PCI DSS-compliant payment gateway partners. cr8rs only receives a transaction reference and confirmation status. Where digital wallet payments are used (e.g., Khalti), cr8rs stores a wallet identifier (wallet ID) provided by the gateway for the purpose of payout verification and record-keeping - not the full wallet credentials or PIN.
  • Data Breach Response: In the event of a data breach that may compromise personal data, cr8rs will:
    • (a) notify affected users via their registered email within 48 hours of becoming aware of the breach;
    • (b) describe the nature of the breach, data categories affected, likely consequences and measures taken;
    • (c) report to applicable regulatory authorities as required by applicable law.

Despite cr8rs's best efforts, no system can be 100% secure. Users are responsible for keeping their account credentials and linked accounts (Google, Khalti) safe. If you believe your account has been compromised, contact cr8rs immediately.


5. Data Retention

We retain personal data for as long as necessary to provide our Services and fulfil the purposes outlined in this Policy, unless a longer retention period is required or permitted by law:

  • Account Information: Kept while the account is active. Upon account deletion, personal data is removed or anonymized within a reasonable time frame, except for data legally required to be retained.
  • Tip Transaction Records: cr8rs maintains transaction records for a minimum of 5 years from the date of the transaction or from account closure, whichever is later. This is aligned with Nepal Rastra Bank (NRB) record-keeping standards applicable to payment-related platforms. This data is retained even after account deletion to support regulatory compliance, tax documentation and dispute resolution, and is not used for any other purpose.
  • KYC / Compliance Data: Identity verification records submitted as part of cr8rs's internal due diligence process are retained for at least the minimum period required by Nepalese law after the end of the user relationship, to support AML/CFT compliance obligations.
  • Analytics Data: Aggregate, anonymized analytics data may be kept indefinitely. Analytics logs containing IP addresses or device IDs are anonymized or deleted when no longer needed for immediate analysis.
  • Communications: Email and support communications may be retained for a period to ensure follow-up context and to improve support processes.

6. Your Rights and Choices

Depending on your jurisdiction and applicable laws, you may have the following rights regarding your personal data:

  • Access and Portability: You may request a copy of the personal data cr8rs holds about you. For Creators, much of this is accessible via your dashboard. For a full export, contact support@cr8rs.app. Note: A self-service data download tool is planned for a future update; until then, contact support. Creators and Contributors can currently download their transaction history and other non-personal account data directly from the dashboard.
  • Rectification: You have the right to correct incorrect or outdated information. Creators can edit most profile information and payout details from account settings. Contact support for anything that is not self-editable.
  • Deletion: You can request deletion of your personal data. Account deletion removes your profile and personal info from active use. Certain transaction records and KYC data are legally required to be retained as noted in §6.5.
  • Objection to Processing: If you object to any specific use of your data, let us know. You can opt out of marketing emails via unsubscribe links. For analytics, use browser-based opt-out tools. For other internal processing, cr8rs will review whether it can accommodate your request.
  • Consent Withdrawal: Where cr8rs relies on your consent to process data, you have the right to withdraw that consent at any time. This does not affect the legality of processing that occurred before withdrawal.

7. Children's Privacy

cr8rs is not directed to children under the age of 13. cr8rs does not knowingly collect personal information from children under 13. If cr8rs becomes aware that a child under 13 has provided personal information, cr8rs will take steps to delete it promptly.

For users aged 13–17, the Guardian Account provision (§1.3.2) applies. The Guardian is responsible for all data provided on behalf of the minor, and the Guardian's consent covers the minor's participation on the Platform.

Parents or guardians who believe a child has provided personal information without consent should contact privacy@cr8rs.app immediately.

8. Updates to Privacy Policy

cr8rs may update this Privacy Policy from time to time. When we update the Policy, we will change the 'Last Updated' date. For significant changes, we will provide a more prominent notice (email notification or alert on the site). Continuing to use cr8rs after Privacy Policy changes go into effect signifies acceptance of the updated Policy. If you do not agree, you should stop using the Service and may request deletion of your data per §6.6.

For questions or concerns about this Privacy Policy, contact privacy@cr8rs.app.


cr8rs Privacy Policy | cr8rs