Privacy Policy

Crafted AI ("Crafted", "we") is a creative studio based in the Nordics. We're the data controller for the personal information handled through our website, our app at app.crafted.so, and the creative work we do for clients. Reach us any time at maiuran@crafted.so.

We try to collect as little as possible:

• Account details — name, work email, company, role, password hash.
• Project information — briefs, files, feedback, and anything else you share so we can do the work.
• Contact form entries — the details you submit through crafted.so/contact or similar forms.
• Billing information — company name, billing address, tax ID, and payment confirmations (card details live with our payment provider, not with us).
• Usage data — pages viewed, features used, device and browser type, and rough location from IP. We use this to improve the product, not to profile you.

We use personal data to:

• Deliver the work you've hired us for and run your account.
• Reply to messages and support requests.
• Improve the product — fix bugs, measure performance, decide what to build next.
• Send occasional service or product emails (you can unsubscribe at any time).
• Meet our legal, tax, and accounting obligations.

We rely on standard legal bases: performing our contract with you, our legitimate interests in running and improving Crafted, your consent where required (for example, for marketing emails), and compliance with law.

We use AI tools to speed up creative work, and we only use your content to deliver your project. We do not sell your data, and we do not use your proprietary content or brand assets to train foundation models. Where we use third-party AI providers, we choose partners that contractually commit to not training on your inputs. A human designer reviews AI-assisted work before it's delivered.

We share data only with trusted providers that help us run Crafted, and only to the extent needed. Categories include:

• Cloud hosting and storage.
• Analytics and product monitoring.
• Email and customer support tools.
• Payment and invoicing providers.
• AI and creative tooling used to deliver your project.

Each of these is bound by a data processing agreement. We may also disclose information when legally required, or to protect our rights or safety. If Crafted is ever involved in a merger or acquisition, we'll let you know before your data moves.

We use a small set of cookies to keep you signed in, remember your preferences, and understand how the site is used. Where required by law, we'll ask for your consent before anything non-essential runs. You can clear cookies from your browser settings at any time.

We run our own first-party, anonymous analytics — no Google Analytics, no cross-site cookies. We set one first-party cookie (cft_v, valid for one year) so we can tell whether someone is a returning visitor without identifying them. We record the page you viewed, scroll depth, time on page, and which links you clicked. We capture your IP address only as a one-way salted hash that cannot be reversed back to your IP. We never sell or share this data, and raw event records are deleted after 90 days.

On a small number of paid-traffic landing pages — /short and partner pages at /short/<partner>/ — we may also load the Meta (Facebook) Pixel to measure ad campaign performance. On /short the pixel is owned by Crafted; on a partner's /short/<partner>/ page, the pixel is owned by that partner and only fires there. The pixel records a page view and a "Lead" event when you click a Calendly call-to-action. It does not run on any other page.

For attribution accuracy, we also send the same events to Meta's Conversions API server-side from our own infrastructure. When you book a call through Calendly, we send a hashed (SHA-256, irreversible) form of your email address along with the booking event so the ad system can match the conversion to its source — your raw email is never sent to Meta. Server-side events are gated by the same opt-outs as the rest of our analytics.

If you'd like to opt out, append ?notrack=1 to any URL on this site (this also sets a session-scoped opt-out), or enable "Do Not Track" in your browser — we honour both for our own analytics and for the Meta Pixel.

We keep personal data for as long as we need it to deliver the Services, comply with the law, resolve disputes, and enforce our agreements. When we no longer need it, we delete or anonymise it on a regular schedule.

Depending on where you live, you have rights over your personal data. These typically include the right to access, correct, delete, port, or restrict the use of your information, and to withdraw consent or object to certain processing. To exercise any of these, email maiuran@crafted.so — we'll respond within 30 days. You can also complain to your local data protection authority if you think we've got something wrong.

Some of our providers are based outside your country. When we transfer data across borders, we rely on appropriate safeguards — including the European Commission's Standard Contractual Clauses or equivalent protections — so your data keeps the same level of protection it would at home.

We protect your data with reasonable technical and organisational measures: encrypted transit, access controls, audit logs, and regular reviews. No system is perfectly secure, so if a breach affects you, we'll notify you without undue delay as required by law.

Crafted is made for businesses and is not intended for children under 16. We don't knowingly collect personal data from children. If you think we have, contact us and we'll delete it.

We'll update this policy as Crafted grows. If a change is material, we'll flag it by email or in the app before it takes effect. The date at the top tells you when this version went live.

Privacy questions go straight to the team. Email maiuran@crafted.so — a real human reads it.