Privacy policy

Creative Crow Ltd Last updated: May 2026

In Short

We don't:

  • Sell your data
  • Train AI models on your data
  • Keep your data for more than 60 days after you request account deletion

We do:

  • Track analytics to understand how people use the app
  • Use AI to help you manage your to-dos – that's the whole point
  • Use AI to build and refine a "memory" of your preferences and context; you can view, edit, or delete this at any time in your profile

1. Who We Are

This Privacy Policy applies to Creative Crow Ltd, a company incorporated in England and Wales (Company Number 15080594), with a registered address at N4 2HA, London, United Kingdom.

We operate the Offloader application (the "Service"). We are the data controller responsible for your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Protection Contact: Peter Koraca, Creative Crow Ltd Email: privacy@creativecrow.io

2. What Data We Collect

2.1 Account Information

When you register for an account, we collect:

  • Your name
  • Your email address

2.2 Content You Create

To deliver the Service, we store the content you create within the app, including:

  • Project names, descriptions, and associated metadata
  • To-do items and their descriptions
  • Personal memory and context you add to your profile to personalise the AI assistant

2.3 Usage Analytics

We collect anonymised analytics data about how you interact with the Service – for example, which features you use and which you do not. This helps us improve the product.

2.4 Technical Data

We may automatically collect standard technical information such as your IP address, browser type, and device type, primarily through our analytics and infrastructure providers.

3. How We Use Your Data

We use your data for the following purposes:

  • To create and manage your account
  • To provide, operate, and improve the Service
  • To power the AI assistant features, including generating summaries and inferences from your content
  • To understand how users interact with the Service and identify areas for improvement
  • To communicate with you about your account, including transactional emails such as account confirmations and security notices
  • To send you marketing communications, where you have given your explicit consent to receive them

4. Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

  • Contract – processing your account data and content is necessary to deliver the Service you have signed up for
  • Legitimate interests – we process analytics data to understand product usage and improve the Service; this interest does not override your rights
  • Consent – we will only send you marketing emails where you have actively opted in; you may withdraw this consent at any time

5. AI Providers and Third-Party Processors

To deliver AI-powered features within the Service, your content (such as project descriptions, to-do text, and personal memory) may be processed by the following third-party AI providers:

  • Anthropic (Claude) – anthropic.com
  • OpenAI (Gpt) – openai.com
  • Google (Gemini) – gemini.google.com

All three providers process data under terms that prohibit them from using your content to train their AI models. Your data is used solely to generate a response to your query and is not retained by these providers for their own purposes.

We also work with the following third-party service providers who process data on our behalf:

  • InstantDB – our database provider, which stores your account data and content
  • PostHog – our product analytics platform (cloud-hosted), which processes usage and interaction data

All third-party processors are bound by data processing agreements and are only permitted to process your data on our instructions.

We do not sell your data to any third party, and we never will.

6. Data Retention

We retain your personal data for as long as your account is active and for a period of 60 days following a request to delete your account. This window allows us to restore your account if the deletion was made in error, and to fulfil any outstanding legal or contractual obligations.

After this 60-day period, your data is permanently deleted from our systems and those of our processors, except where we are required by law to retain it for longer.

Anonymised analytics data, which cannot be used to identify you, may be retained indefinitely for product development purposes.

7. Your Rights Under UK GDPR

As a data subject under UK GDPR, you have the following rights:

  • Right of access – you may request a copy of the personal data we hold about you
  • Right to rectification – you may ask us to correct inaccurate or incomplete data
  • Right to erasure – you may request that we delete your personal data
  • Right to restriction – you may ask us to limit how we process your data
  • Right to data portability – you may request your data in a machine-readable format
  • Right to object – you may object to processing based on legitimate interests, including for direct marketing
  • Right to withdraw consent – where processing is based on consent (e.g. marketing emails), you may withdraw at any time without affecting the lawfulness of prior processing

You can exercise your rights relating to your profile memory and context directly within the app (in the Profile page). For all other requests, please contact us at support@creativecrow.io. We will respond within one calendar month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

8. Data Security

We take the security of your data seriously. We employ appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction.

No method of transmission or storage is completely secure. In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the ICO in accordance with our legal obligations.

9. International Data Transfers

Some of our third-party service providers – including our AI providers (Anthropic, OpenAI, and Google) and our analytics provider (PostHog) – are based in or process data in the United States.

Where data is transferred outside the UK, we ensure that appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA) or equivalent Standard Contractual Clauses, to provide an equivalent level of protection to that required under UK law.

10. Children

The Service is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at support@creativecrow.io and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email or via a prominent notice within the Service before the changes take effect. The "Last updated" date at the top of this document reflects the most recent revision.

Continued use of the Service after an update constitutes your acceptance of the revised policy.

12. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy, please get in touch:

Creative Crow Ltd N4 2HA, London, United Kingdom Company Number: 15080594 Email: support@creativecrow.io

© 2026 Creative Crow Ltd. All rights reserved.