Privacy policy

Date of last update: November 28, 2025

Pine Creative Inc. ("we"/"us") operates the website https://pine-creative.com (the "Website"), and provides services as an industry-agnostic boutique software and AI studio.

This Privacy Policy describes how we collect, store, use, and distribute information about visitors and users of our Website, our clients, and prospective clients when we use this information for our own business purposes.

We act as a controller of Personal Information (as defined below) that we collect for our own business purposes, such as marketing, client relationship management, and website operations.

When providing our technical services—including custom development and AI-assisted automation—to our clients, we often process Personal Information strictly on their behalf. In such cases, we are a processor (or service provider under US law), and the terms of our data processing apply in respect of our processing of that Personal Information for the client.

Except as set forth in this Privacy Policy, Personal Information will not be used for any other purpose without the subject individual’s consent. We do not sell contact lists.

1. Collection of Information

We will maintain the confidentiality of any Personal Information you provide to us and we will use it only for the purposes for which we have collected it (subject to the exclusions and disclosures we have listed below), unless you agree that we may disclose it to other third parties.

Two types of information may be collected: Personal Information and non-personal information.

• Personal Information is personally identifiable information, such as name, address, e-mail address, credit card information, birth date, and gender, or information associated with that information.

  • For residents of the EEA and UK, this includes any information relating to an identified or identifiable natural person.

  • For residents of California, this may include identifiers, professional or employment-related information, and internet activity information.

  • We may collect Personal Information in respect of the Website through registration processes; direct communications if you attend any of our events; or by request.

• Non-personal information includes information that is not personally identifiable, such as aggregated usage statistics, browser type, and diagnostic data.

  • Such non-personal information is collected or derived by us in the course of operating this Website.

  • For example, our web servers may automatically collect non-personal information that is provided through your browser or stored in a cookie when you choose to visit the Website.

  • This Privacy Policy does not extend to the collection, use, or disclosure of non-personal information.

If you choose not to provide certain requested Personal Information, you may not be able to register for or access certain features of the Website or our services.

2. Use of Information

We collect information for the following purposes:

Service Provision & Account Access

• Data, processing, and use: Your full name, address, email address, and company name to deliver our product discovery, architecture, custom development, and AI automation services. This ensures you can access our services, and we can provide support and monitor security.

• Legal basis (GDPR/UK GDPR): Performance of a contract with you or to take steps at your request before entering into a contract.

Transactional Notifications

• Data, processing, and use: To send essential notices regarding your account, product/service updates, and alerts, or updates to our Terms of Service or Privacy Policy.

• Legal basis (GDPR/UK GDPR): Performance of a contract with you or necessary for our legitimate interests (i.e., informing clients of essential service changes).

Client Relationship Management

• Data, processing, and use: Key personnel name, contact details, position, and correspondence. Used to set clients up on our systems, liaise about ongoing projects, provide support, and respond to queries.

• Legal basis (GDPR/UK GDPR): Necessary for our legitimate interests (i.e., the management of client relationships).

Sales and Marketing

• Data, processing, and use: Name, contact details, communication preferences, and cookie data. Used to deliver information about our products/services, send invitations to events, and identify prospective customers to market to them.

• Legal basis (GDPR/UK GDPR): Necessary for our legitimate interests (i.e., the selling and marketing of our services). Consent is relied upon where required by law (e.g., for non-essential cookies and certain direct marketing).

Statistics and Improvement

• Data, processing, and use: Aggregate statistics about use of the Services and the Website (e.g., IP address, browser type, pages visited, time on page, diagnostic data). Used to analyze usage, improve our Website content and functionality, and monitor security.

• Legal basis (GDPR/UK GDPR): Necessary for our legitimate interests (i.e., to improve our services and ensure website security).

Third-Party Services

• Data, processing, and use: We use tools for website hosting/performance analysis and for scheduling consultations.

• Legal basis (GDPR/UK GDPR): Necessary for our legitimate interests (i.e., to efficiently manage our website and consultation scheduling).

3. Cookies and Tracking Technologies

Cookies are used by us to track content usage and traffic on the Website.

A cookie is a feature of your web browser that consists of a text file that is placed on your hard disk by a web server.

The Website uses cookies to help it compile aggregate statistics about usage of this Website, such as how many users visit the Website, how long users spend viewing the Website, and what pages are viewed most often. This information is used to improve the content of the Website.

You can set your browser to notify you when you are sent a cookie. This gives you the chance to decide whether or not to accept it.

If you disable cookies, you may not be able to take advantage of all the features of the Website.

We do not link any of the information we use in cookies to any personally identifiable information submitted by you when you are on the Website.

Website System Logs: System logs of website activity may be collected, including your IP address which is reported by your web browser. This information is recorded for security and fraud prevention purposes.

4. Disclosures & International Data Transfers

We use cloud-hosting service providers and third-party tools to operate our global business, which means your Personal Information may be stored or processed in various jurisdictions, including Canada, the United States, the European Economic Area (EEA), and Asia, depending on the provider.

Canada

Your Personal Information may be transferred to or accessible from a foreign jurisdiction. In such cases, it may be available to a foreign government or its agencies under a lawful order, irrespective of the safeguards we have put in place for the protection of your Personal Information.

Transfers Outside the EEA and UK

Where we transfer your personal data outside of the EEA or the UK, we rely on legally approved mechanisms to ensure a proper level of protection, such as:

1. Transfers to countries deemed to provide an adequate level of protection by the European Commission or the UK government.

2. Implementing appropriate safeguards such as standard contractual clauses (SCCs).

We have put in place contractual and other organizational safeguards with our agents and service providers (see further below) to ensure a proper level of protection of your Personal Information.

Recipients

We will share your personal data with certain third parties:

• Service Providers: Including data hosting services (like Framer), communications providers, fraud detection services, advertising, and marketing services. These organizations will only use your personal data to the extent necessary to perform their support functions.

• Analytics and Search Engine Providers: That assist us in the improvement and optimization of our Services and advertising.

• Professional Advisors: Including banks, accountants, and lawyers.

• In the event of a corporate transaction: We may disclose your Personal Information in connection with a corporate re-organization, merger, or sale of all or a substantial portion of our assets or stock.

Important Exceptions

We may disclose your Personal Information to third parties without your consent if:

• We believe it is necessary to identify, contact, or bring legal action against someone who may be causing injury to or interference with our rights or property, or the rights or property of anyone else.

• We believe in good faith that such disclosure is required by and in accordance with the law (e.g., in response to a court order or other legal request).

5. Security

The security of your Personal Information is important to us.

We use commercially reasonable efforts to store and maintain your Personal Information in a secure environment.

We take technical, contractual, administrative, and physical security steps designed to protect Personal Information. We limit the dissemination of your Personal Information to only such designated staff as are reasonably necessary to carry out the stated purposes.

Remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

6. Retention

We will keep your Personal Information for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you.

This retention period will be up to seven years unless a longer period is required for fraud prevention, legitimate business purposes, or legal obligations.

If you request that your name be removed from our databases, it may not be possible to completely delete all your Personal Information due to legal constraints.

7. Global Privacy Rights (Canada, UK, EEA, US)

You may have certain rights regarding your Personal Information, depending on your jurisdiction. We will not discriminate against you if you choose to exercise any of these rights.

Residents of Canada (PIPEDA/Provincial Laws)

You have the right to:

• Access: Be informed of the existence, use, and disclosure of your Personal Information and to be provided with a copy of it.

• Correction: Challenge the accuracy and completeness of the information and have it amended as appropriate.

Residents of the United Kingdom and European Economic Area (EEA) (GDPR/UK GDPR)

You have the following additional rights in certain circumstances:

• Access: Right to be provided with a copy of your personal information.

• Rectification: Right to require us to correct any mistakes in your personal information.

• Erasure ("Right to be Forgotten"): Right to require us to delete your personal information – in certain situations.

• Restriction of Processing: Right to require us to restrict processing of your personal information – in certain circumstances, e.g., if you contest the accuracy of the data.

• Data Portability: Right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party – in certain situations.

• Objection: Right to object to your personal information being used for direct marketing, and in certain other situations, the right to object to our continued processing.

• Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent.

• Lodge a Complaint: With your local supervisory authority.

California Residents (CCPA/CPRA)

You have the right to request any of the following information from us regarding personal information collected about you during the preceding 12 months:

• The categories of personal information collected about you.

• The categories of sources from which the personal information is collected.

• The business or commercial purpose for collecting or sharing personal information.

• The categories of third parties with whom we share personal information, if any.

• The specific personal information collected about you.

• Right to Delete: Request that we delete any personal information that we have collected about you, subject to certain exceptions.

• Right to Opt-Out of Sale/Sharing: As a California resident, you also have the right to opt out of the sale or sharing of your personal information. We do not sell your personal information.

8. Access and Accuracy

You have the right to access the Personal Information we hold about you to verify the information and have a general account of our uses of that information.

Upon receipt of your written request, we will endeavour to deal with all requests for access and modifications in a timely manner, consistent with applicable laws.

We will make every reasonable effort to keep your Personal Information accurate and up-to-date.

9. Amendment of this Policy

We reserve the right to change this Privacy Policy at any time.

Any non-material change (such as clarifications) will become effective on the date the change is posted, and any material changes will become effective 30 days from their posting on the Website.

We recommend that you revisit this policy from time to time. Your continued use of the Website signifies your acceptance of any changes.

10. Opt-Out of Marketing

You may also opt-out of receiving marketing emails from Pine Creative at any time.

To do so, simply click the “unsubscribe” link provided at the bottom of each marketing email.

Alternatively, you can contact us directly using the details set out below.

11. Contact Us

If you would like to exercise any of your rights, access your information, or if you have any questions, comments, or suggestions about this Privacy Policy, please contact us at contact@pine-creative.com.