Privacy Policy

Effective Date: September 1, 2025

1. Introduction

This Privacy Policy explains how 360Creators ("we," "us," or "our") collects, uses, and protects your information when you use 360Crafter, our 360° virtual tour builder service. By using our service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, and password when you create an account
• Content: Panoramas, images, videos, PDFs, and other files you upload to create virtual tours
• Storage Credentials: S3 API keys and storage configuration (if you choose to use your own storage)
• Payment Information: Billing details for subscription services (processed securely by our payment providers)

2.2 Information We Collect Automatically

• Usage Data: How you interact with the 360Crafter platform
• Technical Data: IP address, browser type, device information, and access timestamps
• Performance Data: Service response times and error logs
• Optional Analytics: User behavior within the platform (only if you opt-in)

2.3 Information from Third Parties

• Storage Providers: Information about your S3 storage usage (if using your own storage)
• Payment Processors: Confirmation of successful payments

3. How We Use Your Information

3.1 Primary Service Delivery

• Provide and maintain the 360Crafter service
• Process your virtual tour creation requests
• Store and manage your content according to your chosen storage option
• Handle account management and authentication

3.2 Service Improvement

• Monitor service performance and identify issues
• Analyze usage patterns to improve user experience
• Develop new features and functionality
• Ensure platform security and stability

3.3 Communication

• Send important service updates and notifications
• Respond to your support requests and inquiries
• Provide billing and subscription information
• Send security alerts if necessary

3.4 Legal Compliance

• Comply with applicable laws and regulations
• Protect our rights and prevent fraud
• Respond to legal requests and court orders

4. Data Storage and Security

4.1 Storage Locations

• Your Content: Stored according to your choice:
  • Your own S3 storage: Content remains on your infrastructure
  • Our subscription storage: Content is stored on our secure servers
• Account Data: Stored on our secure servers
• Analytics Data: Stored on our self-hosted analytics platform (if opted-in)

4.2 Security Measures

• Encryption: Data in transit is encrypted using industry-standard protocols
• Access Controls: Strict access controls and authentication requirements
• Regular Audits: Security assessments and vulnerability testing
• Employee Training: Staff trained on data protection and privacy

4.3 Current Security Status

• API Keys: Currently stored unencrypted (we are actively working to implement encryption)
• Content: Encrypted in transit and at rest on our servers
• Account Data: Encrypted and securely stored

5. Data Sharing and Disclosure

5.1 We Do Not Share Your Data With

• Third-party advertisers or marketing companies
• Data brokers or analytics companies
• Social media platforms
• Unauthorized third parties

5.2 We May Share Your Data With

• Service Providers: Only those necessary to provide our service (hosting, payment processing)
• Legal Authorities: When required by law or to protect rights
• Your Consent: Only with your explicit permission for specific purposes

5.3 Content Sharing

• Your virtual tours and content are never shared with other users unless you choose to make them public or share them yourself
• We do not use your content for marketing or promotional purposes without permission

6. Your Rights and Choices

6.1 Access and Control

• View Your Data: Access your account information and content
• Update Information: Modify your account details and preferences
• Delete Content: Remove any content you've uploaded
• Export Data: Download your content and data
• Delete Account: Close your account and remove your data

6.2 Analytics Opt-Out

• Opt-In Only: Analytics tracking is completely optional
• Easy Disable: Turn off analytics at any time through your account settings
• Clear Information: We provide detailed information about what analytics collect

6.3 Communication Preferences

• Email Settings: Control which emails you receive from us
• Unsubscribe: Opt out of non-essential communications
• Support: Always receive important service notifications

7. Data Retention

7.1 Information Retained Until You Remove It

• Account Information: Kept until you delete your account
• Content: Kept until you delete it or close your account
• Storage Credentials: Kept until you remove them or close your account
• Analytics Data: Retained if you opt-in (retention period to be determined when implemented)

7.2 Information Retained Until Your Account is Deleted

• Usage Patterns: Kept to understand how features are used and improve services
• Service Preferences: Retained to maintain your customized experience

7.3 Information Retained for Extended Time Periods

• Financial Records: Payment information retained for accounting and tax purposes (up to 7 years)
• Legal Compliance: Data required by law or regulatory requirements

8. Enabling Safe and Complete Deletion

8.1 Immediate Removal

When you delete data in your account, we immediately:

• Remove it from view in the user interface
• Stop using it to personalize your experience
• Begin the deletion process from our active systems

8.2 Complete Deletion Process

• Primary Systems: Data is permanently deleted within 30 days
• Backup Systems: Our services use encrypted backup storage for disaster recovery protection
• Backup Retention: Data may remain in encrypted backup systems for up to 6 months for disaster recovery purposes
• Final Purge: After 6 months, all backup data containing deleted information is automatically purged

8.3 Deletion Timeframes

• Content: Deleted immediately from active systems, removed from backups within 6 months
• Account Data: Marked as deleted immediately, completely removed within 6 months

9. International Data Transfers

• Primary Storage: Data is primarily stored within the European Union
• Compliance: We comply with EU data protection regulations
• Third-Party Services: Any international transfers use appropriate safeguards

10. Children's Privacy

• Age Requirement: Our service is not intended for users under 18 years old
• No Collection: We do not knowingly collect information from children under 18
• Immediate Action: If we discover we have collected such information, we will delete it immediately

11. Cookies and Tracking

11.1 Essential Cookies

• Authentication: Required for account login and security
• Service Functionality: Necessary for core platform features
• No Opt-Out: These cookies are essential and cannot be disabled

11.2 Optional Tracking

• Analytics: Only if you opt-in to usage analytics
• Performance Monitoring: Basic service performance tracking
• Opt-Out Available: You can disable non-essential tracking

12. Data Breach Response

12.1 Our Commitment

• Immediate Action: We will act quickly to contain any security incident
• User Notification: We will notify affected users within 72 hours from the moment we are aware of the security incident
• Transparency: We will provide clear information about what happened and what we're doing

12.2 Current Status

• API Keys: We acknowledge current unencrypted storage and are actively working to improve this
• Security Improvements: We continuously enhance our security measures
• User Communication: We will notify users of any security improvements or changes

13. Changes to This Policy

• Notification: We will notify you of any material changes to this policy
• Review: We encourage you to review this policy periodically
• Continued Use: Using our service after changes constitutes acceptance of the new policy

14. Contact Information

For privacy-related questions or concerns, please contact us at:

Email:legal@360creators.com
Subject: Privacy Policy Inquiry

15. Legal Basis and Compliance

15.1 EU GDPR Compliance

• Legal Basis: Processing is necessary for service provision and legitimate business interests
• Data Subject Rights: We respect all GDPR rights including access, rectification, and erasure
• Data Protection Officer: Contact legal@360creators.com for GDPR-related inquiries

15.2 Dutch Law Compliance

• Jurisdiction: This policy complies with Dutch data protection laws
• Supervisory Authority: Dutch Data Protection Authority (Autoriteit Persoonsgegevens)

Last Updated: September 1, 2025