privacy policy

This Privacy Policy applies to Creative Division ("we," "us," "our," or "the Studio"), a sole trader business operated by Jiayden Mills under Australian Business Number (ABN) 39 893 186 261. Creative Division is based in Melbourne, Victoria, Australia, and operates the website creativedivision.io.

We are committed to protecting your personal information and being transparent about how we collect, use, store, and share it.

If you have any questions about this policy or how we handle your information, contact us at studio@creativedivision.io.

This Privacy Policy describes how we handle personal information when you:

This policy applies regardless of whether you are an individual customer, a business representative, or a website visitor.

• Visit our website at creativedivision.io
• Submit a project brief or place an order through our checkout system
• Book an onboarding call with us
• Engage us for creative services
• Communicate with us by email or other means

We collect the following categories of personal information:

Information you provide directly to us:

Information collected through our payment processor (Stripe):

Information collected automatically:

Information collected via third-party services:

We do not knowingly collect special category information such as health data, racial or ethnic origin, political opinions, religious beliefs, or biometric data. If such information appears in a brief you submit, please redact it before sending.

• Full name
• Email address
• Phone number
• Business name (where applicable)
• Project briefs, descriptions, requirements, references, and creative direction you submit
• Reference materials, links, or assets you share with us
• Communications you send to us
• Billing address
• Payment card details (handled directly by Stripe — we do not see, store, or have access to your full card number)
• Transaction history
• IP address
• Browser type and version
• Device and operating system information
• Pages visited and time spent on our website
• Referring URLs
• Cookies and similar tracking technologies
• Calendar booking information via Cal.com (your selected booking time, time zone)
• Email engagement data via Resend (delivery confirmations, bounces)

We collect and use your information for the following purposes:

We will not use your information for marketing purposes without your explicit consent. We do not sell your personal information to third parties.

• To deliver the creative services you have engaged us for
• To process payments and issue invoices
• To schedule and conduct onboarding and project calls
• To communicate with you about your project, deliverables, and timelines
• To send transactional emails (order confirmations, status updates, receipts)
• To meet our legal obligations, including tax record-keeping
• To enforce our Terms & Conditions and protect our rights
• To improve our website and services
• To respond to your inquiries and support requests

Where applicable under privacy laws (including the Australian Privacy Principles, the EU General Data Protection Regulation (GDPR), and the UK Data Protection Act), we rely on the following legal bases for processing your personal information:

• Contract performance: Processing necessary to deliver services you have ordered
• Legitimate interests: Operating our business, maintaining records, improving our services
• Legal obligation: Tax records, regulatory compliance
• Consent: Where you have explicitly opted in (e.g., marketing communications, if applicable)

We share your personal information only with the following categories of third parties, each acting as a "data processor" on our behalf or as an independent service we use:

Payment processing:

Email delivery:

Calendar booking:

Database hosting:

Web hosting and infrastructure:

Project management:

Email inbox:

We do not share your personal information with any other third parties except where required by law (for example, in response to a valid legal request from a government authority, or to enforce or defend our legal rights).

• Stripe, Inc. — processes all payment transactions. Stripe collects and stores payment card details directly under their own privacy policy (https://stripe.com/privacy). We receive only summary transaction data.
• Resend, Inc. — sends transactional emails (order confirmations, notifications). Email content and recipient details are processed by Resend under their privacy policy (https://resend.com/legal/privacy-policy).
• Cal.com, Inc. — handles onboarding call bookings. Your booking details (name, email, selected time) are processed by Cal.com under their privacy policy (https://cal.com/privacy).
• Neon, Inc. — provides the database where order records are stored. Data is hosted in their Sydney (Australia) region. Neon's privacy policy is available at https://neon.tech/privacy-policy.
• Vercel Inc. — hosts our website and serverless functions. Standard server logs (including IP addresses) are processed by Vercel under their privacy policy (https://vercel.com/legal/privacy-policy).
• Notion Labs, Inc. — used internally to manage active project records. Order information is synced to a private Notion workspace under their privacy policy (https://www.notion.so/notion/Privacy-Policy).
• Proton AG — provides our studio email inbox at studio@creativedivision.io. Inbound and outbound email correspondence is processed by Proton under their privacy policy (https://proton.me/legal/privacy).

Your personal information may be stored and processed in the following locations, depending on the service:

If you are based in the European Union, United Kingdom, or another jurisdiction with data export restrictions, please be aware that your personal information may be transferred to and processed in countries outside your home jurisdiction. We rely on appropriate safeguards (such as standard contractual clauses or adequacy decisions where applicable) for these transfers.

• Australia (Sydney region): Order database (Neon)
• Japan (Tokyo region): Email sending infrastructure (Resend)
• United States: Stripe payment data, Cal.com bookings, Notion workspace, Vercel hosting infrastructure (with global edge presence)
• Switzerland: Email inbox (Proton)

We retain personal information for as long as needed to fulfil the purposes described in this policy, including:

When personal information is no longer required, we take reasonable steps to delete or de-identify it.

• Order and transaction records: 7 years from the end of the financial year in which the transaction occurred (to comply with Australian Taxation Office requirements)
• Project briefs and creative outputs: Retained for the duration of the project plus a reasonable archive period (typically 2-3 years) for reference and portfolio purposes (with project-specific information de-identified or removed where requested)
• Email correspondence: Retained as part of our business records for up to 7 years
• Website analytics and server logs: Typically retained for 30-90 days by our hosting providers

Depending on your location, you have the following rights regarding your personal information:

To exercise any of these rights, email us at studio@creativedivision.io. We will respond within 30 days, or sooner where required by law.

If you are unhappy with how we have handled your personal information, you have the right to lodge a complaint with:

• Access: Request a copy of the personal information we hold about you
• Correction: Request that we correct inaccurate or incomplete information
• Deletion: Request that we delete your personal information (subject to legal retention requirements)
• Restriction: Request that we restrict the processing of your information
• Data portability: Request a copy of your information in a structured, machine-readable format (where applicable)
• Objection: Object to processing based on our legitimate interests
• Withdrawal of consent: Where we rely on consent, you can withdraw it at any time
• Australia: Office of the Australian Information Commissioner (OAIC) at oaic.gov.au
• European Union: Your local data protection authority
• United Kingdom: Information Commissioner's Office at ico.org.uk

Our website uses the following types of cookies and similar technologies:

We do not currently use marketing or analytics cookies. If we add analytics in the future, we will update this policy and provide a cookie consent mechanism.

You can control cookies through your browser settings. Disabling strictly necessary cookies may impair website functionality, including the ability to complete checkout.

• Strictly necessary cookies: Required for the website to function (e.g., maintaining your checkout session, managing payment flow). These cannot be disabled.
• Third-party cookies: Set by Stripe (during payment), Cal.com (during booking), and similar embedded services. These are governed by the respective third party's privacy policy.

We take reasonable steps to protect your personal information from loss, misuse, unauthorised access, disclosure, alteration, and destruction. These steps include:

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

If we become aware of a data breach that affects your personal information, we will notify you and the relevant authorities as required by law.

• HTTPS encryption for all website traffic
• Secure, encrypted communication with all third-party processors (Stripe, Resend, Cal.com, Neon, Notion, Vercel, Proton)
• Restricted access to personal information on a need-to-know basis
• Use of established, security-audited service providers

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately at studio@creativedivision.io and we will take steps to delete it.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. When we make material changes, we will:

Your continued use of our services after any update constitutes acceptance of the revised policy.

• Update the "Effective" date and version number at the top of this policy
• Notify existing customers by email where the changes are significant
• Post the updated policy on creativedivision.io/privacy

For any questions, concerns, or requests regarding this Privacy Policy or your personal information, contact us at:

Creative Division

Attention: Jiayden Mills

Email: studio@creativedivision.io

ABN: 39 893 186 261

Melbourne, Victoria, Australia

*This Privacy Policy is provided in good faith and based on current practices. It will be reviewed by qualified legal counsel as part of our post-launch compliance program.*