Introduction
This Privacy Policy (the "Policy") describes how Cultural IP LLC ("CIP," "we," "our," or "us") might collect, use, store, and/or share ("processes") your information when you use our services ("Services").
Questions or concerns? Reading this Policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact our team at CIP@CulturalIP.World.
Note on Timelines: All timelines in this policy refer to business days unless otherwise specified.
For users in the European Union, European Economic Area, and United Kingdom, we have appointed DataRep as our Data Protection Representative. You can contact DataRep:
- By email: datarequest@datarep.com (include 'Cultural IP LLC' in the subject line)
- Through their online form: www.datarep.com/data-request
- By mail to DataRep at the most convenient of their locations: www.datarep.com/data-request
Summary Of Key Points
This summary provides key points from our Policy, but you can find more details about any of these topics by clicking the link following each key point or by using our table of contents below.
What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. We collect account information, payment details, user-generated content, and data from connected third-party platforms. Further, when you access or log into our website, our online data partners or vendors may use cookies and related technologies to connect your activities with other personal information they or others may hold about you. Learn more about personal information you disclose to us.
Do we process any sensitive personal information? We may process limited sensitive personal information (account credentials, optional geolocation) when necessary with your consent or as otherwise permitted by applicable law. Learn more about sensitive information we process.
Do we receive any information from third parties? Yes. When you choose to connect third-party platforms (Google Drive, YouTube, GitHub, Figma, Instagram, Reddit, etc.) to CIP, we receive limited metadata from those platforms as described in our Platform-Specific Addendums. We do not receive information from data brokers or other third-party sources.
How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information.
In what situations and with which parties do we share personal information? We may share information with service providers (cloud hosting, AI processing, analytics, payment processing) who help us operate our Services. We do not sell your personal information. Learn more about when and with whom we share your personal information.
How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information, including encryption, access controls, and continuous monitoring. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Learn more about how we keep your information safe.
What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information, including the right to access, delete, correct, and export your data. Learn more about your privacy rights.
How do you exercise your rights? The easiest way to exercise your rights is by visiting your account page or emailing us at CIP@CulturalIP.World. We will consider and act upon any request in accordance with applicable data protection laws.
Want to learn more about what we do with any information we collect? Review the privacy notice in full below.
What Information Do We Collect?
Personal information you disclose to us.
In Short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.
Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:
- Account Information: Name, email address, password, profile information
- Payment Information: Billing details, payment method (processed securely through our payment processor)
- User Content: IP documentation, project notes, creative work metadata you choose to upload, chat history with our AI chatbots
- Communications: Messages you send us, support requests, feedback
- Professional Contact Details: Workplace name, workplace title, work address (optional)
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
Information from Connected Platforms. When you authorize CIP to connect with third-party platforms, we collect specific data as described in our Platform-Specific Data Collection Addendums (see Section 14 below).
For each platform:
We collect ONLY:
- Account identifiers and profile metadata necessary for platform integration
- Limited metadata about your content/posts/files as required to provide our service
- Authorization tokens to maintain your connection
We generally DO NOT collect or store:
- Raw media files (images, videos, audio) unless explicitly necessary for a specific feature you request
- Full content of posts, comments, or messages unless required for the feature • Private communications or direct messages
- Follower/friend lists unless necessary for requested analytics
Platform Authorization: You control which platforms you connect. You can disconnect any platform at any time from your account page.
Information automatically collected
In Short: Some information — such as your Internet Protocol address (IP address) and/or browser and device characteristics — is collected automatically when you visit our Services. Our online data partners or vendors may use cookies and related technologies to connect your activities with other personal information they or others may hold about you, such as your email or online profiles.
We automatically collect certain information when you access or log into our website, or visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.
Like many businesses, we also collect information through cookies and similar technologies.
The information we collect includes:
- Log and Usage Data: Service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings).
- Device Data: We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
- Location Data: We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.
Cookies and Tracking Technologies
In Short: We use cookies and similar tracking technologies to collect and store your information.
What We Use:
CIP uses cookies and similar technologies:
- Essential Cookies: Required for login, security, and core functionality (no consent required)
- Analytics Cookies: Google Analytics, Mixpanel for usage analytics (requires consent in EU/UK)
- Preference Cookies: Save your settings and preferences
Your Control:
- Manage cookie preferences in your browser settings
- EU/UK users: Use our cookie consent banner to accept or reject optional cookies
- California users: Opt out of cookies used for advertising/sharing via our "Do Not Sell or Share" link
Third-Party Cookies:
Some features may set cookies from:
- Google (authentication, analytics)
- Platform APIs you've connected (session management)
For details, contact CIP@CulturalIP.World.
Sensitive Personal Information
In Short: We collect limited sensitive personal information only when necessary.
CIP collects limited sensitive personal information categories as defined by CCPA:
- Account credentials: Passwords (hashed), authentication tokens
- Precise geolocation: ONLY if you enable location features (you can disable anytime)
We DO NOT collect:
- Social Security numbers, driver's license numbers, passport numbers
- Financial account information (handled by payment processor only)
- Genetic data, biometric data
- Health information, sex life, sexual orientation
- Racial or ethnic origin, religious beliefs, union membership
- Contents of mail, email, or text messages (unless explicitly provided by you)
Your Rights (California Residents):
You can limit our use of sensitive personal information to only what's necessary to provide our services.
Contact CIP@CulturalIP.World to exercise this right.
How Do We Process Your Information?
In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
- To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
- To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.
- To provide support and assistance for Services. We may process your information so that we can improve the performance, reliability and security of the Services.
- To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
- To communicate regarding the Services. We may process your information to send you details about our products and services, new offers, product updates, changes to our terms and policies, and other similar information.
- To improve and develop the Services. We may process your information to conduct testing, research, analysis and product development.
- To send you marketing and promotional communications. We may process the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt out of our marketing emails at any time. For more information, see "What are your privacy rights?" below.
- To evaluate and improve our Services, products, marketing, and your experience. We may process your information when we believe it is necessary to identify usage trends, determine the effectiveness of our promotional campaigns, and to evaluate and improve our Services, products, marketing, and your experience.
- To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
We DO NOT:
- Sell your personal data to third parties
- Sell, resell, license, or redistribute platform-derived data
- Use your content to train AI models for third-party use without explicit consent
- Share your data for marketing purposes without your consent
Automated Decision-Making and Profiling
In Short: We use AI to provide service features, but not for high-stakes decisions affecting your rights.
AI-Powered Features:
CIP uses AI services (Anthropic Claude, OpenAI) to:
- Analyze content for IP readiness scoring
- Generate recommendations and insights
- Process document metadata
No High-Stakes Automated Decisions:
CIP’s Services provide suggestions. We do NOT use automated decision-making for:
- Eligibility determinations (credit, employment, housing, insurance)
- Legal or similarly significant decisions
- Decisions that produce legal effects concerning you
Your Rights:
- You can contest any AI-generated recommendation
- You can request human review of any analysis
- You can opt out of AI processing by contacting CIP@CulturalIP.World
Data Used for AI Training:
We do NOT use your content or data to train third-party AI models without explicit consent. Our AI service providers (Anthropic, OpenAI) process your data ephemerally according to their zero data retention policies for API usage.
What Legal Bases Do We Rely On To Process Your Personal Information?
In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.
If you are located in the EU or UK, this section applies to you.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:
- Consent: We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.
- Performance of a Contract: We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
- Legitimate Interests: We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:
- Analyze how our Services are used so we can improve them to engage and retain users
- Support our marketing activities
- Diagnose problems and/or prevent fraudulent activities
- Understand how our users use our products and services so we can improve user experience
- Legal Obligations: We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
- Vital Interests: We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
If you are located in Canada, this section applies to you.
We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.
In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:
- If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
- For investigations and fraud detection and prevention
- For business transactions provided certain conditions are met
- If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim
- For identifying injured, ill, or deceased persons and communicating with next of kin
- If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse
- If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province
- If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records
- If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced
- If the collection is solely for journalistic, artistic, or literary purposes
- If the information is publicly available and is specified by the regulations
When And With Whom Do We Share Your Personal Information?
In Short: We may share information in specific situations described in this section and/or with the following service providers.
Vendors, Consultants, and Other Third-Party Service Providers
We may share your data with third-party vendors, service providers, contractors, or agents ("third parties") who perform services for us or on our behalf and require access to such information to do that work. When applicable, there are contracts in place with our third parties, which are designed to help safeguard your personal information. In some cases, this may mean that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organization apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct.
The third parties we may share personal information with are as follows:
- Cloud Hosting: AWS, Google Cloud Platform (data storage and processing
- Authentication: Auth0 or similar (secure login)
- Payment Processing: Stripe (payment handling - we never store full credit card numbers)
- Analytics: Google Analytics, Mixpanel (anonymized usage analytics)
- Email Services: SendGrid, Mailgun (transactional emails)
- AI Processing: Anthropic Claude API, OpenAI API (content analysis - ephemeral processing only)
Data Processing Agreements:
All service providers handling personal data on our behalf have signed Data Processing Agreements (DPAs) that require them to:
- Process data only on our instructions
- Implement appropriate security measures
- Assist with user rights requests
- Notify us of data breaches
- Delete or return data when services end
Enterprise Customers:
If you're a business customer processing data on behalf of your own users, we can provide a Data Processing Agreement. Contact CIP@CulturalIP.World.
Platform APIs We Use
In Short: We connect to third-party platforms using their official APIs and only request the minimum permissions necessary for the features you use.
CIP connects to third-party platforms via their official APIs. Each platform connection is documented in our Platform-Specific Addendums (Section 14). We access only the minimum data necessary for the features you request.
We also may need to share your personal information in the following situations:
- Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. Any successor entity will be required to maintain the minimum commitments as outlined in this privacy policy.
- Other Users: When you share personal information (for example, by posting comments, contributions, or other content to the Services) or otherwise interact with public areas of the Services, such personal information may be viewed by all users and may be publicly made available outside the Services.
Do We Use Cookies And Other Tracking Technologies?
In Short: We may use cookies and other tracking technologies to collect and store your information.
We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in Section 1 under "Cookies and Tracking Technologies."
How Long Do We Keep Your Information?
In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this Policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).
Active User Data:
- Account information: Retained while account is active
- Platform connection metadata: Retained while platform is connected + 45 business days after disconnect
- User-generated content (notes, documentation): Retained while account is active
- Usage logs and analytics: 90 days, then aggregated and anonymized
After Account Deletion:
- Personal information: Deleted within 45 business days of deletion request (may be extended up to 90 days for complex requests)
- Aggregated analytics (anonymized): Retained indefinitely (cannot identify you)
- Legal/security records: Retained for legal compliance periods:
- Transaction records: 7 years (tax law requirements)
- Security incident logs: 3 years (cybersecurity best practices)
- Legal dispute records: Until dispute resolution + 1 year
- Fraud prevention records: 5 years (California retention requirements)
Platform-Specific Data:
After disconnecting a platform connection:
- Metadata from platform: Deleted within 45 days
- Cached images/thumbnails: Deleted within 14 days
- API authorization tokens: Revoked immediately, deleted within 48 hours
Exceptions to Deletion:
We retain minimal information when legally required:
- Compliance with tax laws: 7 years
- Compliance with employment laws: 7 years (if applicable)
- Compliance with financial regulations: 7 years
- Pending litigation: Until resolution + 1 year
- Fraud/security investigations: 5 years from incident
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
How Do We Keep Your Information Safe?
In Short: We aim to protect your personal information through a system of organizational and technical security measures, including encryption, access controls, and continuous monitoring.
We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.
We protect your data using:
- Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
- Access Controls: Role-based access, multi-factor authentication for admin access
- Monitoring: Continuous security monitoring and threat detection
- Regular Audits: Security assessments and vulnerability testing
- Minimal Access: Employees access data only when necessary for support or maintenance
Data Breach Notification
In Short: If a data breach affects your personal information, our goal is to notify you promptly and take immediate action to secure your data.
Our Response Process:
If a data breach affects your personal information, our goal is:
- Internal Response (without undue delay, target within 72 hours):
- Contain the breach and secure systems
- Assess the scope and severity
- Begin investigation and remediation
- Regulatory Notification (within 72 hours of discovery for GDPR, as required by applicable law):
- Notify relevant data protection authorities
- Provide breach details, affected data types, and remediation steps
- User Notification (without undue delay after confirming impact):
- Email notification to affected users
- In-app notification banner
- Public disclosure (if required by law or affecting large numbers of users)
What We'll Aim To Tell You:
- Nature of the breach
- Data categories affected
- Likely consequences
- Measures we've taken to address the breach
- Recommended steps you should take
What You Should Do:
- Change your password immediately
- Enable multi-factor authentication
- Monitor your accounts for suspicious activity
- Review platform connections and revoke any you don't recognize
Contact for Security Concerns:
- Emergency security issues: CIP@CulturalIP.World
- Privacy questions: CIP@CulturalIP.World
What Are Your Privacy Rights?
In Short: In some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time.
In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided in the section "How can you contact us about this notice?" below.
We will consider and act upon any request in accordance with applicable data protection laws.
If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.
If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.
Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section "How can you contact us about this notice?" below.
However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us using the details provided in the section "How can you contact us about this notice?" below. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.
Account Information
If you would at any time like to review or change the information in your account or terminate your account, you can:
- Log in to your account page and update your user account
- Contact us using the contact information provided
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.
Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services.
If you have questions or comments about your privacy rights, you may email us at CIP@CulturalIP.World.
Controls For Do-Not-Track Features
In Short: We honor Global Privacy Control (GPC) signals as required by law.
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected.
Global Privacy Control (GPC):
As of January 1, 2026, we honor Global Privacy Control (GPC) signals as required by applicable law. If your browser or device sends a GPC signal, we will:
- Treat it as a valid request to opt-out of the sale/sharing of personal information
- Not require additional verification to honor the opt-out
- Display confirmation that your opt-out preference has been honored
- Maintain your opt-out preference across future visits
To enable GPC, use a browser or extension that supports it (e.g., Firefox, DuckDuckGo, Brave).
Traditional DNT Signals:
At this stage no uniform technology standard for recognizing and implementing traditional DNT signals has been finalized. As such, we do not currently respond to traditional DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online other than GPC. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.
Do United States Residents Have Specific Privacy Rights?
In Short: If you are a U.S. resident in a state with comprehensive privacy laws, you have specific rights regarding your personal information. As of March 2026, 20 states have enacted such laws.
States with Comprehensive Privacy Laws
As of March 2026, the following states have enacted comprehensive consumer privacy laws: California, Virginia, Colorado, Connecticut, Utah, Montana, Oregon, Texas, Delaware, Iowa, Tennessee, New Jersey, New Hampshire, Maryland, Minnesota, Nebraska, Florida (limited scope), Indiana, Kentucky, and Rhode Island. Arkansas will join this list on July 1, 2026.
While specific requirements vary by state, most grant residents similar core rights including the right to know, access, delete, correct, and opt-out of the sale or sharing of personal information. Below we provide detailed information for California, Connecticut, and Virginia residents, as these represent the most commonly referenced frameworks. Residents of other states listed above have similar rights under their respective state privacy laws.
What categories of personal information do we collect?
We have collected the following categories of personal information in the past twelve (12) months:
Category A: Identifiers Examples: Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name Collected: YES
Category B: Personal information as defined in the California Customer Records statute Examples: Name, contact information, education, employment, employment history, and financial information Collected: YES
Category C: Protected classification characteristics under state or federal law Examples: Gender and date of birth Collected: NO
Category D: Commercial information Examples: Transaction information, purchase history, financial details, and payment information Collected: YES
Category E: Biometric information Examples: Fingerprints and voiceprints Collected: NO
Category F: Internet or other similar network activity Examples: Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements Collected: YES
Category G: Geolocation data Examples: Device location Collected: YES (Optional, user-controlled)
Category H: Audio, electronic, visual, thermal, olfactory, or similar information Examples: Images and audio, video or call recordings created in connection with our business activities Collected: NO
Category I: Professional or employment-related information Examples: Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us Collected: YES (Optional)
Category J: Education Information Examples: Student records and directory information Collected: NO
Category K: Inferences drawn from collected personal information Examples: Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual's preferences and characteristics Collected: NO
Category L: Sensitive personal Information Examples: Account login information, precise geolocation (if enabled) Collected: YES
We will use and retain the collected personal information as needed to provide the Services or for:
- Category A - As long as the user has an account with us
- Category B - As long as the user has an account with us
- Category D - 7 years (for tax/legal compliance)
- Category F - 90 days, then aggregated and anonymized
- Category G - As long as the user has an account with us (if enabled)
- Category I - As long as the user has an account with us (if provided)
- Category L - As long as the user has an account with us
Category L information may be used, or disclosed to a service provider or contractor, for additional, specified purposes. You have the right to limit the use or disclosure of your sensitive personal information.
We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:
- Receiving help through our customer support channels
- Participation in customer surveys or contests
- Facilitation in the delivery of our Services and to respond to your inquiries
How do we use and share your personal information?
Learn about how we use your personal information in the section, "How do we process your information?"
Will your information be shared with anyone else?
We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Learn more about how we disclose personal information in the section, "When and with whom do we share your personal information?"
We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be "selling" of your personal information.
We have not sold or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We do not sell personal information. We have disclosed the following categories of personal information to third parties for a business or commercial purpose in the preceding twelve (12) months:
- Category A: Identifiers
- Category B: Personal Information as defined in the California Customer Records law
- Category D: Commercial information
- Category F: Internet or other similar network activity
- Category G: Geolocation data (if enabled)
The categories of third parties to whom we disclosed personal information for a business or commercial purpose can be found under "When and with whom do we share your personal information?"
California Residents
California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.
If you are under 18 years of age, reside in California, and have a registered account with the Services, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g., backups, etc.).
CCPA Privacy Notice
This section applies only to California residents. Under the California Consumer Privacy Act (CCPA), you have the rights listed below.
The California Code of Regulations defines a "resident" as:
- every individual who is in the State of California for other than a temporary or transitory purpose and
- every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose
All other individuals are defined as "non-residents."
If this definition of "resident" applies to you, we must adhere to certain rights and obligations regarding your personal information.
Your rights with respect to your personal data:
Right to request deletion of the data — Request to delete
You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation, or any processing that may be required to protect against illegal activities.
Right to be informed — Request to know
Depending on the circumstances, you have a right to know:
- whether we collect and use your personal information
- the categories of personal information that we collect
- the purposes for which the collected personal information is used
- whether we sell or share personal information to third parties
- the categories of personal information that we sold, shared, or disclosed for a business purpose
- the categories of third parties to whom the personal information was sold, shared, or disclosed for a business purpose
- the business or commercial purpose for collecting, selling, or sharing personal information
- the specific pieces of personal information we collected about you
In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request.
Right to Non-Discrimination for the Exercise of a Consumer's Privacy Rights
We will not discriminate against you if you exercise your privacy rights.
Right to Limit Use and Disclosure of Sensitive Personal Information
We collect the following sensitive personal information:
- Account login information
- Precise geolocation (only if you enable this feature)
You have the right to direct us to limit our use of your sensitive personal information to that use which is necessary to perform the Services.
Once we receive your request, we are no longer allowed to use or disclose your sensitive personal information for any other purpose unless you provide consent for the use or disclosure of sensitive personal information for additional purposes.
Please note that sensitive personal information that is collected or processed without the purpose of inferring characteristics about a consumer is not covered by this right, as well as the publicly available information.
To exercise your right to limit use and disclosure of sensitive personal information, please contact us at CIP@CulturalIP.World.
Verification process
Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g., phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.
We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.
Other privacy rights
- You may object to the processing of your personal information
- You may request correction of your personal data if it is incorrect or no longer relevant, or ask to restrict the processing of the information
- You can designate an authorized agent to make a request under the CCPA on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with the CCPA
- You may request to opt out from future selling or sharing of your personal information to third parties. Upon receiving an opt-out request, we will act upon the request as soon as feasibly possible, but no later than fifteen (15) days from the date of the request submission
To exercise these rights, you can contact us by email at CIP@CulturalIP.World, or by referring to the contact details at the bottom of this document. If you have a complaint about how we handle your data, we would like to hear from you.
Connecticut Residents
This section applies only to Connecticut residents. Under the Connecticut Data Privacy Act (CTDPA), you have the rights listed below. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.
- Right to be informed whether or not we are processing your personal data
- Right to access your personal data
- Right to correct inaccuracies in your personal data
- Right to request deletion of your personal data
- Right to obtain a copy of the personal data you previously shared with us
- Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")
To submit a request to exercise these rights described above, please email CIP@CulturalIP.World.
If we decline to take action regarding your request and you wish to appeal our decision, please email us at CIP@CulturalIP.World. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.
Virginia Residents
Under the Virginia Consumer Data Protection Act (VCDPA):
"Consumer" means a natural person who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.
"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable natural person. "Personal data" does not include de-identified data or publicly available information.
"Sale of personal data" means the exchange of personal data for monetary consideration.
If this definition of "consumer" applies to you, we must adhere to certain rights and obligations regarding your personal data.
Your rights with respect to your personal data:
- Right to be informed whether or not we are processing your personal data
- Right to access your personal data
- Right to correct inaccuracies in your personal data
- Right to request deletion of your personal data
- Right to obtain a copy of the personal data you previously shared with us
- Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")
Exercise your rights provided under the Virginia VCDPA
You may contact us by email at CIP@CulturalIP.World.
If you are using an authorized agent to exercise your rights, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.
Verification process
We may request that you provide additional information reasonably necessary to verify you and your consumer's request. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request.
Upon receiving your request, we will respond without undue delay, but in all cases, within forty-five (45) days of receipt. The response period may be extended once by forty-five (45) additional days when reasonably necessary. We will inform you of any such extension within the initial 45-day response period, together with the reason for the extension.
Right to appeal
If we decline to take action regarding your request, we will inform you of our decision and reasoning behind it. If you wish to appeal our decision, please email us at CIP@CulturalIP.World. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may contact the Attorney General to submit a complaint.
Other State Residents
If you are a resident of Colorado, Utah, Montana, Oregon, Texas, Delaware, Iowa, Tennessee, New Jersey, New Hampshire, Maryland, Minnesota, Nebraska, Florida, Indiana, Kentucky, Rhode Island, or Arkansas (effective July 1, 2026), you have similar privacy rights under your state's comprehensive privacy law.
These rights typically include:
- Right to confirm whether we process your personal data
- Right to access your personal data
- Right to correct inaccuracies in your personal data
- Right to delete your personal data
- Right to obtain a copy of your personal data (data portability)
- Right to opt out of targeted advertising, sale of personal data, and certain profiling
To exercise your rights under any applicable state privacy law, please contact us at CIP@CulturalIP.World. We will respond to your request in accordance with the applicable state law, typically within 45 days.
Children's Privacy
In Short: We do not knowingly collect data from or market to children under 13 years of age (or 16 in the EU/UK).
Age Restrictions:
CIP is not intended for individuals under 13 years of age (or 16 in the EU/UK). We do not knowingly collect personal information from children.
Verification:
During account creation, users must confirm they meet the minimum age requirement.
Parental Rights:
If you believe your child has provided information to CIP:
- Contact us immediately at CIP@CulturalIP.World
- We will verify the age of the account within 3 business days
- If confirmed under the minimum age, we will delete the account and all associated data within 5 business days of verification
Third-Party Platform Age Restrictions:
Many platforms CIP connects to have their own minimum age requirements:
- Instagram, TikTok, Pinterest: 13+ (U.S.), 16+ (some countries)
- Discord: 13+
- LinkedIn: 16+
We are not responsible for enforcing third-party platform age requirements, but we recommend users comply with all applicable age restrictions.
International Data Transfers
In Short: Your data may be processed in countries outside your residence, including the United States. We use appropriate safeguards like Standard Contractual Clauses to protect EU/UK data transfers.
Where We Process Data:
Your data may be stored and processed in:
- United States (primary data centers: AWS us-east-1, us-west-2)
- European Union (if using EU-based services)
- Other countries where our service providers operate
Legal Safeguards for EU/UK Users:
When transferring personal data from the EU/UK to countries without an adequacy decision, we use:
- Standard Contractual Clauses (SCCs): EU Commission-approved contract templates
- Data Processing Agreements (DPAs): With all service providers handling EU/UK data
- Supplementary Measures: Additional technical and organizational safeguards
Service Provider Locations:
- AWS (cloud hosting): U.S., EU regions
- Anthropic Claude API: U.S.
- OpenAI API: U.S.
- Stripe (payments): U.S., EU regions
- Google Analytics: U.S.
Your Rights:
EU/UK users can request:
- Copies of Standard Contractual Clauses: CIP@CulturalIP.World
- Information about safeguards in place for transfers
- A list of countries where your data is processed
California Data Broker Compliance
In Short: We are not a data broker under California law and do not operate as one.
CIP is NOT a data broker under California law. We do not:
- Collect personal information about consumers with whom we do not have a direct relationship
- Sell or license personal information to third parties
- Operate solely or primarily to collect and sell personal information
If our business model changes to meet the definition of a data broker, we will:
- Register with the California Privacy Protection Agency (CPPA)
- Process deletion requests through the DELETE Request and Opt-Out Platform (DROP)
- Access the DROP system at least once every 45 days
- Provide annual data broker disclosures as required by law
Platform-Specific Data Collection Addendums
In Short: Each connected platform has specific data collection practices. Review the relevant addendum before connecting a platform.
IMPORTANT: Each connected platform has specific data collection practices and requirements. Before connecting a platform, review its addendum below.
Active Platform Addendums:
- Google Drive & YouTube Privacy Addendum
- Pinterest Privacy Addendum
- Meta Platforms Privacy Addendum (Instagram, Facebook, Threads)
- TikTok Privacy Addendum
- LinkedIn Privacy Addendum
- Shopify Privacy Addendum
- Canva Privacy Addendum
- Dropbox Privacy Addendum
- GitHub Privacy Addendum
- SoundCloud Privacy Addendum
- Reddit Privacy Addendum
- X (Twitter) Privacy Addendum
- Discord Privacy Addendum
- Twitch Privacy Addendum
- Spotify Privacy Addendum
- Notion Privacy Addendum
- Vimeo Privacy Addendum
- Etsy Privacy Addendum
- Patreon Privacy Addendum
- Gumroad Privacy Addendum
- Dribbble Privacy Addendum
- Behance Privacy Addendum
- Figma Privacy Addendum
- Substack Privacy Addendum
Platform-Specific Disclosures:
CIP uses third-party platform APIs and is not endorsed by, sponsored by, or affiliated with any of the platforms listed above. Each platform has its own terms of service and privacy policy that govern your use of their services.
See full platform addendums in Appendix A below.
Do We Make Updates To This Notice?
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this privacy notice from time to time. The updated version will be indicated by an updated "Last Updated" date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.
How Can You Contact US About This Notice?
If you have questions or comments about this notice, you may email us at CIP@CulturalIP.World.
For individuals in the EU/EEA and UK: DataRep has been appointed as Cultural IP LLC's Data Protection Representative in the European Union and United Kingdom under Article 27 of the General Data Protection Regulation (GDPR) and UK GDPR. If you wish to raise a question to Cultural IP LLC, or otherwise exercise your rights in respect of your personal data, you may contact DataRep:
- By emailing datarequest@datarep.com (please include 'Cultural IP LLC' in the subject line)
- By visiting www.datarep.com/data-request
- By mail to DataRep at the most convenient of their locations
Please ensure all correspondence is marked 'DataRep' and not 'Cultural IP LLC' to ensure it reaches the appropriate party. When contacting us to exercise your rights, Cultural IP LLC may request evidence of your identity to ensure your personal data and information is not provided to anyone other than you.
How Can You Review, Update, Or Delete The Data We Collect From You?
In Short: You have the right to request access to, correction of, or deletion of your personal information.
Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it.
To request to review, update, or delete your personal information, please:
- Log into your account and open Account to review or update your information
- Use our public deletion instructions at /data-deletion
- Email us at CIP@CulturalIP.World
We aim to respond to your request within 10 business days and complete your request within 45 business days (with possible extension to 90 days for complex requests).
Appendix A: Platform-Specific Privacy Addendums
Google Drive & YouTube Privacy Addendum
Last Updated: June 26, 2026
What We Access
CIP uses Google APIs to provide Drive and YouTube integration features. We request the following read-only scopes:
Google Drive:
- https://www.googleapis.com/auth/drive.metadata.readonly - Read file metadata such as names, MIME types, dates, folders, and file identifiers.
- https://www.googleapis.com/auth/drive.readonly - Used only if full-read Drive imports are explicitly enabled after Google verification. This allows CIP to read selected Drive file content for supported import previews and IP organization.
YouTube:
- https://www.googleapis.com/auth/youtube.readonly - Read channel and video metadata for the authorized account.
What We Collect
- Drive: File names, types, sizes, modification dates, folder structure, and file identifiers. If full-read Drive imports are explicitly enabled and authorized, CIP may also store bounded text previews or extracted text from supported text, PDF, and document files for IP organization.
- YouTube: Channel name, video titles, descriptions, thumbnails, view counts, publication dates
What We DO NOT Store
- Raw full Drive files or original Google Drive documents. When full-read Drive imports are enabled, CIP stores only the bounded extracted text or preview data needed for the product workflow.
- Video files from YouTube
- Private comments or messages
- Edit history or revision content
How We Use This Data
- Display your Drive files and YouTube content in your IP dashboard
- Generate organization recommendations
- Provide readiness scoring for monetization
- Enable cross-platform content analysis
Data Retention
- Active Connection: Metadata refreshed periodically while connected
- After Disconnect: All Google-derived data deleted from active systems within 45 days
- Exceptions: Minimal audit logs retained for security and legal compliance (90 days)
Your Control
- Disconnect Google at any time through Platforms
- Revoke CIP's access through your Google Account settings
- Request deletion through CIP@CulturalIP.World
Google-Specific Policies
CIP's use of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements.
CIP does not use Google user data for advertising, does not sell Google user data, does not transfer Google user data except as necessary to provide user-facing features, comply with law, or protect security, and does not use Google user data to train generalized AI or machine learning models.
Before public launch of Google Drive or YouTube OAuth imports, CIP completes the required Google OAuth verification for the requested Drive and YouTube scopes and keeps this privacy disclosure aligned with the approved scope justifications.
Non-Affiliation: CIP is not endorsed by, sponsored by, or affiliated with Google LLC.
Github Privacy Addendum
Last Updated: July 7, 2026
What We Access
CIP uses GitHub OAuth and public GitHub APIs to provide GitHub source import features. The current OAuth connection requests:
- read:user - Read the authorized user's public profile details.
What We Collect
- GitHub account identifier, username, display name, and public profile metadata returned by GitHub
- Public repository names, descriptions, topics, URLs, license metadata, stars, forks, language, and timestamps for repositories visible to the authorized account
- Repository README preview metadata when available through public GitHub endpoints
What We DO NOT Store
- Private repository contents or private repository metadata by default
- Repository secrets, deploy keys, Actions secrets, or private issue content
- Write access tokens or permissions that let CIP modify repositories
How We Use This Data
- Display public software-project metadata in your IP dashboard
- Help identify code, documentation, and license records relevant to your IP workspace
- Generate organization and readiness recommendations for your connected public repositories
Data Retention
- Active Connection: GitHub-derived metadata refreshed while connected
- After Disconnect: GitHub-derived data deleted from active systems within 45 days
- Exceptions: Minimal account-linkage records retained for security, fraud prevention, legal compliance, and audit logging
GitHub-Specific Policies
CIP uses GitHub data only to provide user-facing source import features, does not sell GitHub-derived data, does not redistribute repository data as a standalone data product, and keeps private-repository access disabled unless a future product change receives separate privacy review and user authorization.
Before public launch, CIP verifies production OAuth credentials, registered redirect URIs, and live public-repository metadata smoke testing. Current GitHub OAuth usage does not require a separate GitHub Marketplace listing.
CIP is not endorsed by, sponsored by, or affiliated with GitHub, Inc.
Figma Privacy Addendum
Last Updated: July 7, 2026
What We Access
CIP uses Figma OAuth for profile-level source context. The current OAuth connection requests:
- current_user:read - Read the authorized user's Figma profile identity.
What We Collect
- Figma user identifier, name or handle, profile image URL, and email address when Figma returns it for the authorized user
- Connection metadata needed to show that Figma is connected to your CIP workspace
What We DO NOT Store
- Figma design files, project contents, team files, edit history, comments, or prototype assets under the current profile-only scope
- Team member lists or organization-level administration data
- Write permissions that let CIP edit your Figma files
How We Use This Data
- Display Figma as a connected design-source identity in your IP dashboard
- Help associate design-source account identity with assets you separately upload or document in CIP
- Support connection health, deletion, and audit records for the Figma source
Data Retention
- Active Connection: Figma profile metadata retained while connected
- After Disconnect: Figma-derived data deleted from active systems within 45 days
- Exceptions: Minimal account-linkage records retained for security, fraud prevention, legal compliance, and audit logging
Figma-Specific Policies
CIP does not sell, resell, license, or redistribute Figma-derived profile data. If CIP later requests file, project, or team scopes, this policy will be updated before those scopes are launched.
Before public launch of Figma OAuth imports, CIP publishes the public OAuth app, completes Figma's required public app review, and runs live profile-import smoke testing for the current_user:read scope.
CIP is not endorsed by, sponsored by, or affiliated with Figma, Inc.
Pinterest Privacy Addendum
Last Updated: June 26, 2026
What We Access
CIP uses the Pinterest API to provide Pinterest integration. We request the following read scopes when you authorize them: user_accounts:read, pins:read, and boards:read. Secret boards and secret pins are not part of the default connection.
- Basic account information (username, profile name, profile picture)
- Board information (board names, descriptions, pin counts)
- Pin metadata (titles, descriptions, images, links, creation dates)
What We Collect
- Pinterest account identifier and profile details
- Board organization structure
- Pin titles, descriptions, and image URLs (not the full images unless cached for display)
- Engagement metrics (saves, comments) if available and authorized
What We DO NOT Store
- Full-resolution images (we reference Pinterest's CDN URLs)
- Private boards unless explicitly authorized
- Follower/following lists
- Private messages or comments
How We Use This Data
- Display your Pinterest content in your IP management dashboard
- Analyze your content organization and style patterns
- Generate IP readiness recommendations
- Identify monetization opportunities
Data Retention
- Active Connection: Metadata synchronized while connected
- After Disconnect: All Pinterest-derived data deleted from active systems within 45 days
- Exceptions: Minimal account linkage records retained for security, fraud prevention, legal compliance, and audit logging
No Resale or Redistribution
CIP does not sell, resell, license, or redistribute Pinterest content or Pinterest-derived data to third parties.
Your Control
- Disconnect Pinterest anytime through Platforms
- Request deletion by emailing CIP@CulturalIP.World
- Revoke access through your Pinterest account settings
Pinterest-Specific Disclosure
CIP uses the Pinterest API and is not endorsed by, sponsored by, or affiliated with Pinterest, Inc.
CIP complies with Pinterest's Developer Guidelines and API Terms of Service.
Meta Platforms Privacy Addendum (instagram, Facebook Pages, Threads)
Last Updated: June 26, 2026
What We Access
CIP uses Meta Platform APIs (Instagram, Facebook Pages, and Threads) to provide read-only social media integration. We request permissions for:
Instagram:
- instagram_basic - Basic profile information
- pages_show_list - List Facebook Pages available for Instagram professional-account connection
- pages_read_engagement - Read Page-linked engagement metadata required for connected professional accounts
Facebook Pages:
- pages_show_list - List of pages you manage
- pages_read_engagement - Page posts and engagement metrics
Threads:
- threads_basic - Basic Threads profile and thread metadata available through the Threads API
What We Collect
- Profile Data: Username, display name, profile picture, bio
- Content Metadata: Post captions, hashtags, post dates, media type indicators
- Engagement Data: Like counts, comment counts, share counts (aggregate numbers only)
- Account and Page metadata required to show connected sources you authorize
What We DO NOT Store
- Full-resolution media files (we reference Meta's CDN URLs)
- Private messages or DMs
- Individual follower/friend identities
- Raw comment content (unless specifically needed for a requested feature)
- Stories after they expire
How We Use This Data
- Display your social media content in your IP dashboard
- Provide content performance analytics
- Generate engagement insights and recommendations
- Enable cross-platform IP management
Data Retention
- Active Connection: Metadata synchronized periodically while connected
- After Disconnect: All Meta-derived data deleted from active systems within 45 days
- Exceptions: Minimal records retained for security, auditing, fraud prevention, and legal compliance
No Sale or Unauthorized Sharing
CIP does not sell, share for advertising purposes, or redistribute Meta platform data without authorization. We process Meta data solely to provide the features you request.
User Data Deletion
Users may request deletion of their Meta-derived data by:
- Disconnecting Meta platforms in Platforms
- Emailing CIP@CulturalIP.World
- Following our public data deletion instructions at /data-deletion
Your Control
- Disconnect any Meta platform anytime through your CIP account
- Revoke CIP's access through your Facebook/Instagram settings
- Request specific data deletion
Meta-Specific Disclosure
CIP is not endorsed by, sponsored by, or affiliated with Meta Platforms, Inc., Facebook, Instagram, or Threads.
Before public launch of Instagram, Facebook Pages, or Threads imports, CIP completes Meta App Review and any required advanced access, business verification, privacy policy, and data deletion configuration for the requested permissions.
CIP complies with Meta Platform Terms, Platform Policy, and Data Use Policy.
Reddit Privacy Addendum
Last Updated: July 7, 2026
What We Access
CIP uses Reddit OAuth to provide Reddit source import features. The current OAuth connection requests identity and history access for the authorized account:
- identity - Read the authorized Reddit account identity and profile metadata.
- history - Read post and comment history available to the authorized account.
What We Collect
- Reddit account identifier, username, profile metadata, and connection status
- Post and comment titles, bodies or excerpts, subreddit names, permalinks, timestamps, and score/comment metadata when returned by Reddit
- Import status and metadata needed to show Reddit-derived source records in your CIP workspace
What We DO NOT Store
- Private messages, chats, modmail, account credentials, or password data
- Deleted content after CIP learns it has been deleted, except where minimal logs are retained for security, fraud prevention, legal compliance, or audit needs
- Reddit data for resale, redistribution, or standalone data licensing
How We Use This Data
- Display Reddit posts and comments you authorize in your IP dashboard
- Help identify public authorship, publication, and community-context records relevant to your IP workspace
- Generate organization and readiness recommendations for Reddit-derived source records
Data Retention
- Active Connection: Reddit-derived metadata refreshed while connected
- After Disconnect: Reddit-derived data deleted from active systems within 45 days
- Exceptions: Minimal account-linkage records retained for security, fraud prevention, legal compliance, and audit logging
Reddit-Specific Policies
CIP complies with Reddit's Developer Terms, Reddit Data API Terms, and applicable OAuth requirements. CIP does not sell, resell, license, or redistribute Reddit content or Reddit-derived data.
Before public launch of Reddit imports, CIP completes Reddit Data API access approval for the intended production use, keeps the OAuth identity/history scope disclosure current, and runs live post/comment history smoke testing.
CIP is not endorsed by, sponsored by, or affiliated with Reddit, Inc.
TikTok Privacy Addendum
Last Updated: June 26, 2026
What We Access
CIP uses the TikTok API to provide TikTok integration. We request user.info.basic, user.info.profile, user.info.stats, and video.list.
- User profile information
- Video metadata (titles, descriptions, hashtags)
- Video performance metrics (views, likes, shares, comments counts)
What We Collect
- TikTok username, display name, profile picture
- Video titles, descriptions, hashtags, publication dates
- Engagement metrics (aggregate counts only)
- Account statistics (follower count, video count)
What We DO NOT Store
- Raw video files
- Private or draft videos
- Individual commenter information
- Private messages
- For You Page algorithm data
How We Use This Data
- Display your TikTok content in your IP management system
- Analyze content performance and trends
- Generate monetization readiness recommendations
- Provide cross-platform analytics
Data Retention
- Active Connection: Metadata refreshed while connected
- After Disconnect: TikTok-derived data deleted within 45 days
- Exceptions: Minimal records for security and legal compliance
No Unauthorized Redistribution
CIP does not redistribute, resell, or license TikTok content or TikTok-derived data.
Your Control
- Disconnect TikTok anytime through Platforms
- Request deletion via CIP@CulturalIP.World
- Revoke access through your TikTok account settings
TikTok-Specific Disclosure
CIP is not endorsed by, sponsored by, or affiliated with TikTok or ByteDance Ltd.
LinkedIn Privacy Addendum
Last Updated: June 26, 2026
What We Access
CIP uses LinkedIn APIs to provide professional identity integration. We currently request OpenID Connect profile scopes only: openid, profile, and email.
- Basic profile information such as name and profile picture when LinkedIn returns it
- Email address associated with the authorized LinkedIn account
- LinkedIn account identifier needed to maintain the connection
What We Collect
- LinkedIn profile identifier, name, professional headline
- Public profile information you choose to share
- Email address returned by LinkedIn OpenID Connect
What We DO NOT Store
- Full connection/network lists
- Private messages
- Detailed employment history (unless you explicitly provide it)
- Endorsements or recommendation details
- Post, article, company page, or advertising data unless a future LinkedIn product access review grants a separate permission and this policy is updated
How We Use This Data
- Display your professional profile in your IP dashboard
- Connect professional identity to creative work
- Enable professional network integration features
Data Retention
- Active Connection: Profile data synchronized while connected
- After Disconnect: LinkedIn-derived data deleted within 45 days
- Exceptions: Records retained for security and legal compliance
Your Control
- Disconnect LinkedIn through Platforms
- Request deletion via CIP@CulturalIP.World
- Revoke access through LinkedIn account settings
LinkedIn-Specific Disclosure
CIP is not endorsed by, sponsored by, or affiliated with LinkedIn Corporation.
CIP complies with LinkedIn's API Terms of Use and Developer Agreement.
Shopify Privacy Addendum
Last Updated: June 26, 2026
What We Access
CIP uses Shopify APIs to provide e-commerce integration. We request access to:
- Store information (store name, domain, contact info)
- Product catalog (product names, descriptions, images, variants)
- Order data (if analytics features enabled - order numbers, dates, totals only)
- Inventory data (stock levels, SKUs)
What We Collect
- Store profile and configuration data
- Product metadata and inventory information
- Order statistics (aggregate counts, totals - NOT individual customer details)
- Shop performance metrics
What We DO NOT Store
- Customer personal information (names, addresses, payment details) - unless explicitly necessary for a specific feature and with minimum necessary access
- Payment card information (handled by Shopify's secure systems)
- Customer email addresses or phone numbers
- Detailed order line items with customer data
How We Use This Data
- Display your product catalog in IP management dashboard
- Analyze product performance and inventory
- Generate e-commerce readiness insights
- Connect physical products to IP assets
Protected Customer Data
If CIP requests access to protected customer data (names, email, phone, addresses), we will:
- Request only the minimum necessary for the specific feature
- Provide clear justification for why access is needed
- Handle data according to Shopify's Protected Customer Data requirements
- Delete customer data when no longer needed for the stated purpose
Data Retention
- Active Connection: Store data synchronized while app is installed
- After Uninstall: All Shopify-derived data deleted within 45 days
- Exceptions: Minimal records for billing, security, dispute handling, and legal compliance
No Unauthorized Sharing
CIP does not sell, share, or redistribute Shopify merchant or customer data.
Your Control
- Uninstall CIP through your Shopify admin
- Request deletion via CIP@CulturalIP.World
- Review app permissions in Shopify admin settings
Shopify-Specific Disclosure
CIP is not endorsed by, sponsored by, or affiliated with Shopify Inc.
CIP complies with Shopify's API Terms of Service, App Store Requirements, and Partner Program Agreement.
Canva Privacy Addendum
Last Updated: June 26, 2026
What We Access
CIP uses Canva APIs to provide design integration. We request profile:read and design:meta:read.
- User profile information
- Design metadata such as design names, types, creation dates, and thumbnails when available
What We Collect
- Canva user identifier and profile details
- Design project names and metadata
- Export URLs for designs you choose to import
- Team/folder organization structure
What We DO NOT Store
- Full design files unless you explicitly export/import them
- Edit history or design versions
- Collaboration comments
- Brand kit details
How We Use This Data
- Display your design projects in IP dashboard
- Organize creative work across platforms
- Link designs to IP assets
- Generate design workflow insights
Data Retention
- Active Connection: Design metadata synchronized while connected
- After Disconnect: Canva-derived data deleted within 45 days
- Exceptions: Minimal records for security and legal compliance
Your Control
- Disconnect Canva through Platforms
- Request deletion via CIP@CulturalIP.World
- Revoke access through Canva account settings
Canva-Specific Disclosure
CIP is not endorsed by, sponsored by, or affiliated with Canva Pty Ltd.
Additional Platform Addendums
For the remaining platforms (Dropbox, SoundCloud, X/Twitter, Discord, Twitch, Spotify, Notion, Vimeo, Etsy, Patreon, Gumroad, Dribbble, Behance, Substack),
CIP follows the same privacy principles:
Standard Data Collection Practices
- Minimum Necessary: We request only the scopes/permissions required for features you use
- Metadata Focus: We primarily collect account and content metadata, not full source files
- User Control: You can disconnect any platform and request deletion anytime
- No Resale: We do not sell, resell, or redistribute platform-derived data
- 45-Day Deletion: Platform data deleted within 45 days of disconnect (except legal/security records)
Platform-Specific Details Available
For more detailed information about what we collect from each specific platform, contact CIP@CulturalIP.World or review the platform connection authorization screen before connecting.
END OF PRIVACY POLICY