Creator Sanctuary

Privacy Policy

Effective Date: [Month Day, Year]
CreatorSanctuary.com (“Company,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains what information we collect from customers and visitors, how we use and share that information, and your rights regarding your personal data. This policy applies to all data collected through our website (CreatorSanctuary.com), our web hosting services (via WHMCS), email newsletter, and any related services or communications.

By using our Services or providing personal information to us, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.

1. Information We Collect

We collect several types of information from or about our users in order to provide and improve our Services, including:

  • Personal Information You Provide: When you register for a hosting account or make a purchase, we collect information through our WHMCS billing system. This may include your name, email address, billing address, phone number, and account username. If you subscribe to our email newsletter or fill out any forms (such as a contact form or blog comment form), we collect the information you submit (like your email address and any other fields on the form). If you post comments on our blog, we collect the name and email you provide (your email is not displayed publicly) and the content of your comment.
  • Payment Information: We use PayPal as our primary payment processor for hosting services. When you make a payment, you will provide your payment details (such as credit card or PayPal account info) directly to PayPal. We do not store your full credit card information on our servers. PayPal may share with us limited information confirming a transaction (such as your billing name, email, and that a payment was made). All payment transactions are subject to PayPal’s Privacy Policy and security, and we encourage you to review PayPal’s terms when making payments.
  • Automatically Collected Data: When you visit our website or client portal, our systems (or third-party services integrated into our site) automatically collect certain data about your visit. This includes usage data such as your IP address, browser type, device information, pages or screens you view, dates/times of access, and referring website. We collect some of this information using cookies and similar tracking technologies (explained more below). We also log actions you take in the hosting portal (e.g. login attempts, support ticket submissions) for security and auditing.
  • Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to enhance user experience and analyze usage. Cookies are small text files stored on your device. We (and third parties like Google) may set cookies to remember your preferences, authenticate your sessions, and track your navigation of our site. For example, when you log into the WHMCS client area, a session cookie keeps you logged in. We also use cookies for analytics and advertising as described in Section 3. You can control or delete cookies through your browser settings, but note that disabling certain cookies may affect functionality (such as staying logged in). For more details, see Section 3: Cookies and Third-Party Services.

We do not intentionally collect any sensitive personal data (such as Social Security numbers, genetic data, health information, or information about children under 13) through our site or services. Please refrain from submitting such sensitive data to us. If we learn that we have collected personal information from a child under 13 (16 in some jurisdictions) without verifiable parental consent, we will delete it as required by law.

2. How We Use Your Information

We use the collected information for various business and operational purposes, consistent with the principles of transparency and your privacy rights. The purposes for which we use your information include:

  • Providing and Maintaining Services: We use your information to create and manage your hosting account, provide the services you request, and operate our website. For example, we use personal details to register your account in WHMCS, set up your hosting on our servers, and communicate important information (like sending invoices, service notifications, and support responses).
  • Processing Transactions: We use the information related to payments (including personal and payment data) to process your hosting subscription fees. For instance, we share necessary information with PayPal to charge your chosen payment method for purchases. We also use transaction data to maintain proper accounting records.
  • Communication: We may use your email address to send you service-related communications. This includes confirmations of orders or cancellations, billing receipts, password reset emails, support ticket updates, and important announcements (like maintenance windows or security alerts). These are not marketing emails but essential notices for customers. If you subscribe to our email newsletter, we will use your email to send periodic newsletters or promotional content about web hosting, our blog updates, or special offers. You can opt-out of marketing emails at any time by clicking the “unsubscribe” link in the footer of such emails or contacting us. Note that you cannot opt out of transactional emails that are necessary for Services (like billing emails) while you are an active customer.
  • Customer Support: If you contact us for help (via support ticket, email, or other channels), we will use your information (including possibly troubleshooting data or account info) to assist you. We might ask for additional info to resolve your issue and will record the correspondence in our system (which may be part of WHMCS or a helpdesk) to track support history.
  • Improving and Analyzing Services: We use data (mostly usage and analytics data) to understand how our Services are used and to improve performance and offerings. For example, we analyze traffic patterns on our site and the usage of features in the client portal. This helps us optimize the user experience, plan new features, and fix bugs. We might use Google Analytics data to see aggregated trends like which blog posts are most popular or what countries our visitors come from, in order to tailor our content.
  • Advertising and Marketing: We may use some information about you to provide personalized advertisements on our site or to remarket our services. For instance, we use Google Ads (AdSense) on our blog, which might show ads tailored to your interests based on cookies (see Section 3). We might also run remarketing campaigns through Google or social media, which could use cookies from your visit. If we do so, it would allow us to show ads for CreatorSanctuary on other websites you visit after ours. This is generally done via cookies and is not based on your name or direct contact info, but rather on cookie identifiers. You can opt out of many advertising cookies as described in Section 3.
  • Affiliate Tracking: If you arrived at our site via an affiliate link or if we ever run our own affiliate program, we may use cookies or similar to track that referral so we can credit the appropriate affiliate. This tracking is typically anonymous to us (we see an affiliate ID, not your personal info, except insofar as needed to pay the affiliate).
  • Legal Compliance and Security: We may use personal information as necessary to comply with our legal obligations, such as financial record-keeping for tax regulations or responding to lawful requests by public authorities. We also use information to enforce our Terms of Service and Acceptable Use Policy – for example, monitoring for fraudulent behavior, security incidents, or abuse of our services. If we detect potential illegal activity (like fraud or network attacks), we may process relevant data to investigate and prevent it, and share data with law enforcement if appropriate.
  • Other Purposes: If we intend to use your information for any purpose not listed here, we will describe it at the point of collection or obtain your consent if required. We will not use your personal data in a manner that is incompatible with the purposes for which it was collected without notifying you and obtaining consent when required by law.

Our legal bases for processing personal data (for individuals in the EEA) include: (i) Contractual necessity – much of the data we process is to provide the service you requested (e.g., hosting), per our contract with you; (ii) Legitimate interests – for uses like improving our services, securing our platform, and sending relevant marketing (we balance these interests against your privacy rights); (iii) Consent – where applicable, e.g., for sending newsletters to subscribers or for non-essential cookies, we rely on your consent (which you can withdraw at any time); and (iv) Legal obligation – keeping records for tax, or responding to legal processes.

3. Cookies and Third-Party Services

We utilize third-party services to enhance our site functionality, analytics, and advertising. These third parties may set their own cookies or similar tracking technologies on your device. Below we describe key third-party services we use and how they handle data:

  • Google Analytics: We use Google Analytics to collect information about how visitors use our website. Google Analytics uses cookies to track interactions (e.g., which pages you visit, how long you stay, how you arrived at our site). This helps us analyze web traffic and improve our site design and content. Google may use the data collected to contextualize and personalize ads within its advertising network. However, we have configured Google Analytics to anonymize IP addresses where possible (if available) and we do not receive personally identifying information through Analytics, only aggregated statistics. You can opt-out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on. Additionally, Google provides its privacy policy here: Google Privacy & Terms.
  • Google Ads (AdSense): Our site displays advertisements provided by Google AdSense and possibly other advertising networks. These ads may use cookies and similar technologies to personalize ads to you. Third-party vendors, including Google, use cookies to serve ads based on a user’s prior visits to our website or other websites. Google’s use of advertising cookies (such as the DoubleClick cookie) enables it and its partners to serve ads to you based on your visit to our site and/or other sites on the Internet​. For example, if you have visited sites about web design, you might see web design-related ads on our site due to these cookies. We do not have access to the information in these cookies; it is handled by Google. Opt-Out of Personalized Ads: You may opt out of personalized advertising from Google by visiting the Google Ads Settings​. Alternatively, to opt out of third-party vendors’ use of cookies for personalized ads, visit the NAI consumer opt-out page at aboutads. (Note: You will still see ads, but they may be less relevant to your interests.) Any data collected by Google in this context is used in accordance with Google’s privacy policies.
  • Affiliate Links and Analytics: We may include affiliate links for products or services (for example, links to domain registrars or software providers). When you click an affiliate link, a cookie may be set by the third-party affiliate program to track the referral. This cookie typically records an ID (not personal info) to ensure we get credit if you make a purchase. We do not control these cookies, but we endeavor to only use reputable affiliate programs. In addition, our own site may use an internal tracking cookie to know which site or ad campaign brought you to us (for our marketing analysis). These cookies expire after a set time. If you have concerns about affiliate tracking, you can choose not to click such links. We will always disclose when a link is an affiliate link.
  • Email Newsletter Service: If we use a third-party email marketing service to manage our newsletter (e.g., Mailchimp, Sendinblue, etc.), that provider may collect information (such as email open rates or clicks on newsletter content) via tracking pixels in the emails. This helps us understand engagement. Those providers are prohibited from using your data for any other purposes and operate under their own privacy agreements with us. You can unsubscribe from newsletters as described above, and you will no longer receive such emails or tracking.
  • Social Media Widgets: Our website might include social sharing buttons or widgets (such as a Facebook “Like” button or Twitter “Share” button). If present, these features may collect your IP address and set a cookie to function properly. They are governed by the privacy policy of the company providing them (Facebook, Twitter, etc.). We do not send your personal data to social networks, but if you are logged into those services, they might link the visit to our site with your profile. Using these social features is voluntary.

We strive to honor “Do Not Track” (DNT) browser settings where possible. However, note that third-party services may not respond to DNT signals. Google Analytics can be disabled as noted, and you can usually configure ad preferences via the links provided. If you have consented to cookies via a banner (for EU users), you can adjust your preferences by [include instructions if you have a cookie settings link].

4. How We Share Your Information

We understand that your personal information is important, and we are not in the business of selling your data. We share information with third parties only in the ways described in this policy, as needed to provide our Services or as required by law. Key instances where we share data include:

  • Service Providers: We employ third-party companies and individuals to perform functions on our behalf and help deliver our Services (“Service Providers”). This includes companies that provide hosting infrastructure, payment processing (e.g., PayPal), email delivery, customer relationship management, or analytics. These providers have access to personal data only to perform specific tasks under our instructions and are obligated not to use it for other purposes​. For example, our web hosting partner (upstream provider) will have the data needed to maintain the server your site is on, and our email provider will have your email to send newsletters. We require these providers to handle data securely and lawfully.
  • Affiliate / Advertising Partners: If you click on affiliate links or ads, certain information (like cookie identifiers or advertising IDs) may be shared between us and the partner to properly credit referrals or to optimize ad delivery. For instance, we might receive a confirmation from an affiliate partner that a user we referred made a purchase, which includes non-personal identifiers or an order number for commission purposes. This is mainly transactional and does not involve broad data sharing of your personal details to advertisers; advertisers see aggregated or anonymized campaign results.
  • Business Transfers: If CreatorSanctuary is involved in a merger, acquisition, sale of assets, or reorganization, your personal data may be transferred as part of that transaction. We will ensure the new owner continues to uphold the privacy commitments we’ve made in this policy. We will notify you (for example, via email or a prominent notice on our site) of any such change in ownership or use of your personal information, as well as any choices you may have regarding your information.
  • Legal Compliance and Protection: We may disclose your information when required to do so by law or in a good-faith belief that such action is necessary to: (i) comply with a legal obligation, such as a lawful subpoena, court order, or government demand; (ii) enforce our Terms of Service or other agreements; (iii) protect the rights, property, or safety of CreatorSanctuary, our customers, or others; or (iv) investigate and defend ourselves against any third-party claims or allegations. For example, if required by law enforcement as part of an investigation, we might have to provide logs or account information as mandated by law. We will only share the information that is reasonably requested or required in such circumstances.
  • With Your Consent: In cases where you explicitly consent for us to share information with third parties, we will do so according to the terms of that consent. For instance, if we run a promotion in conjunction with another company and you opt-in to have your information shared for receiving a reward, we would share as needed in that scenario (and make clear what will be shared when you consent).
  • Aggregate or De-Identified Data: We may also share information that has been aggregated or anonymized in such a way that it cannot reasonably be used to identify you. For example, we might publish trends or statistics (e.g., “X% of our customers are in Europe”) that do not reveal personal data.

We do not sell personal information to third parties for monetary consideration. We also do not share personal data with third parties for their own direct marketing use unless you have given us permission.

5. International Data Transfers

CreatorSanctuary is based in the United States, and our servers or service providers may be located in the U.S. or other countries. If you are located in the European Economic Area (EEA), United Kingdom, or another region with data protection laws differing from U.S. law, please note that personal data we collect will be transferred to and processed in the United States and possibly other jurisdictions. By using our Services or submitting your personal information, you acknowledge that your data may be transferred to servers outside your home country, including the U.S.

When we transfer personal data out of the EEA or UK, we will take steps to ensure an appropriate level of data protection. This may include using Standard Contractual Clauses approved by the European Commission, relying on the service provider’s Binding Corporate Rules, or obtaining your consent for specific transfers. We will only transfer data to jurisdictions when we are satisfied that adequate safeguards are in place as required by GDPR or other applicable laws.

If you are located outside the U.S. and choose to provide information to us, please be aware that we transfer and process your data in the United States (where our company and infrastructure are located)​. The data protection laws of the U.S. may be different (and less comprehensive) than those in your country. However, we will handle your personal data in accordance with this Privacy Policy, and we will implement reasonable security measures (see Section 7) to protect it.

By using our site and services, or by giving us your information, you consent to the transfer of your personal data to the United States and other jurisdictions as necessary, and to the processing of that information in accordance with this policy​. If you wish to know more about international transfers or need a copy of applicable safeguards (like SCCs), you can contact us using the information in Section 9.

6. Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • For hosting customers, we retain personal data while your account is active. When you cancel services, we may keep certain data (like invoices, payments, and basic account info) for a period of time after cancellation, primarily to comply with legal obligations (e.g., financial records for tax purposes, typically 7 years in the U.S.) or to resolve disputes.
  • Support tickets, emails, and communications are generally retained so we have a history of your support inquiries, which can improve future support. We may delete or anonymize older support data if not needed.
  • If you simply subscribed to our newsletter but are not a paying customer, we will retain your email on our mailing list until you unsubscribe or until we determine that our newsletters are inactive. If you unsubscribe, we may keep your email on a suppression list to ensure we don’t accidentally email you again.
  • Web logs and analytics data are retained for a shorter period (for example, raw web server logs might be kept for a few months, and Google Analytics data may be retained for 26 months or as configured) unless we need to hold them longer for security analysis.
  • We continually review what data we have and delete or anonymize personal data that is no longer needed. When we have no ongoing legitimate need or legal obligation to process your personal data, we will either delete it or anonymize it (so it can no longer be associated with you).

Keep in mind that even after you delete your account or ask us to erase your data, backups or archives may retain residual copies of your personal information for a brief time (typically as part of routine IT backup practices). We also might retain information if needed to establish, exercise, or defend legal claims.

7. Data Security

We take the security of your personal information seriously and implement reasonable administrative, technical, and physical safeguards to protect it from unauthorized access, alteration, disclosure, or destruction. Our measures include:

  • Encryption: Our website and WHMCS portal are secured via HTTPS, which encrypts data in transit between your browser and our servers. Sensitive actions (like entering login credentials or payment details on PayPal’s site) are protected via encryption. We also encrypt stored passwords (hashed and salted) in our system.
  • Access Controls: We restrict access to personal data to authorized personnel who need it to perform their job duties. Our staff and contractors are bound by confidentiality obligations. The WHMCS admin area and our server management interfaces are accessible only by authenticated administrators.
  • Maintenance and Updates: We keep our software, including WHMCS and server operating systems, updated with security patches. We use firewalls and monitoring to guard against unauthorized access. Antivirus and anti-malware tools are in place to detect and prevent malicious software.
  • Backup and Recovery: We perform regular backups of customer data and our site to ensure we can recover from technical incidents. Backups are stored securely. In the event of a data breach or incident, we have an incident response plan that includes notifying affected users and authorities as required by law.

Despite all measures, please note that no method of transmission over the Internet or electronic storage is 100% secure​ . While we strive to protect your personal data, we cannot guarantee absolute security. Factors like zero-day vulnerabilities or social engineering attacks could result in compromises. You can help protect your data by using a strong, unique password for our site and not sharing it. If you suspect any security issues or unauthorized access to your account, please contact us immediately.

In the unfortunate event of a data breach that affects your personal information, we will notify you and any relevant regulatory bodies as required by law, and we will take appropriate steps to mitigate the breach.

8. Your Rights and Choices

Depending on your jurisdiction, you have certain rights and choices regarding your personal information. We are committed to honoring these rights. This section outlines the rights of users in different regions:

Users in the European Economic Area (EEA), United Kingdom, and Switzerland (GDPR Rights): If you are located in the EEA or UK, you have the following data protection rights under the General Data Protection Regulation (GDPR) and similar laws:

  • Right to Access: You have the right to request a copy of the personal data we hold about you. We will provide this in a reasonable timeframe, usually within 30 days.
  • Right to Rectification: If any personal information we have is incorrect or incomplete, you have the right to request correction or completion​. You can update some info yourself in your account settings (e.g., contact details in WHMCS), and for other changes, you can contact us.
  • Right to Erasure: You can ask us to delete or remove your personal data if there is no good reason for us to continue processing it (commonly known as the “right to be forgotten”)​. For example, if you withdraw consent or if you cancel services and want your data removed, we will do so, provided we don’t have a legal obligation or overriding legitimate interest to keep it.
  • Right to Object: You have the right to object to our processing of your personal data where we are relying on a legitimate interest as the basis, and there is something about your situation which makes you want to object (including objecting to any profiling). You also have the right to object if we were processing your data for direct marketing (which we would only do with consent anyway).
  • Right to Restrict Processing: You can request that we suspend processing of your personal data, for example if you want us to establish its accuracy or the reason for processing it, or while a dispute is resolved​.
  • Right to Data Portability: You have the right to request a copy of your data in a structured, commonly used, machine-readable format so you can transfer it to another provider if desired. This right applies to data you provided to us and that we process by automated means based on consent or contract (e.g., your account data).
  • Right to Withdraw Consent: If we rely on your consent to process certain data (for instance, for sending newsletters or certain cookie usage), you have the right to withdraw that consent at any time​. Withdrawing consent will not affect the lawfulness of processing before the withdrawal. For example, you can unsubscribe from our emails or adjust your cookie preferences.
  • Right to Complaint: If you believe we have infringed your data protection rights, you have the right to lodge a complaint with your local Data Protection Authority​. We would appreciate the chance to address your concerns first by contacting us, but you are free to reach out to your regulator.

To exercise any of these rights, please contact us using the information in Section 9 (“Contact Us”). We may need to verify your identity before fulfilling certain requests (for your protection)​. We will respond to your request within a reasonable timeframe as required by law (generally within 30 days). Note that these rights are not absolute – for example, we might not erase data we are legally required to keep, or we might decline a request if it adversely affects others’ rights – but we will explain any such decision if it occurs.

Users in California (CCPA Rights): If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) (and as amended by CPRA) regarding your personal information, including: the right to know what personal data is collected and how it’s used or shared, the right to request deletion of your personal data, the right to opt-out of “sale” of personal data (note: we do not sell personal data), and the right not to be discriminated against for exercising your CCPA rights. The information in this Privacy Policy is intended to provide the disclosures required by CCPA. You or an authorized agent can make verifiable consumer requests to exercise your rights by contacting us. We will ask for information to verify your identity (like confirming details of your account or past transactions) before fulfilling a request. We do not sell or share personal information as defined by CCPA (we don’t exchange it for money or use it for targeted advertising in a way that constitutes a “sale” under CCPA). If that ever changes, we will update this policy and provide a “Do Not Sell or Share” opt-out link.

Email Preferences: As mentioned, you can opt out of our marketing emails at any time by using the unsubscribe link. If you have an account, you might also manage subscription preferences in your profile if that feature is available. Even after you opt out of marketing, you will still receive transactional messages from us.

Cookies: You have choices regarding cookies. Most web browsers allow you to refuse new cookies, delete existing cookies, or be notified when new cookies are set. Please consult your browser’s help documentation for more info. Additionally, you can use tools like browser extensions to block trackers. Remember that disabling all cookies may affect site functionality (like logging in). For third-party advertising cookies, refer to the opt-outs provided above (Google Ads Settings, etc.).

9. Children’s Privacy

Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are under 13 (in the U.S.) or under the applicable minimum age in your jurisdiction, please do not use our site or submit any information to us. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this policy by instructing their children never to provide personal data without permission.

If we learn that we have inadvertently collected personal information from a child under 13 without proper consent, we will take steps to delete that information promptly. If you believe that we might have any information from or about a child under 13, please contact us so that we can investigate and address it.

(Note: For residents of the EU or EEA, the age threshold for consent may be 16, unless member state law has lowered it to a minimum of 13. We intend not to collect data from minors under the age of consent in their jurisdiction.)

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the “Effective Date” at the top of this policy. If the changes are significant, we will provide a more prominent notice (such as a banner on our website or an email notification). We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting the personal information we collect.

If we make material changes that affect how we handle personal data, we will endeavor to notify active account holders or subscribers via email or through a notice on our site. Your continued use of the Services after any update to this Privacy Policy will constitute your acceptance of the changes, to the extent permitted by law.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us. We are here to help and will respond as promptly as we can.

You may also reach out to us via our website’s contact form at creatorsanctuary.com/contact or through your WHMCS client area by opening a support ticket with the appropriate department (e.g., Privacy/Data Request).

If contacting us regarding your data, please include your name, contact information, and a detailed description of your request. For security, we may ask you to verify your identity. We will use the information you provide in your request only to address your inquiry and will keep it confidential.

Thank you for reading our Privacy Policy. We value your trust and are committed to safeguarding your information.