Creosca Logo

Creosca Privacy Policy

Effective Date: February 16, 2026Last Updated: February 16, 2026

This Privacy Policy explains how Creosca Corporation, an Ontario, Canada corporation ("Creosca", "we", "us", or "our") collects, uses, discloses, transfers, and protects personal data in connection with the Creosca platform, including our websites, dashboards, APIs, billing systems, compliance tooling, documentation, and related services (collectively, the "Platform").

Creosca operates a B2B and B2B2C SaaS marketplace enabling service Providers to supply digital services and Resellers to market and resell those services to End Users. Provider Services may include high-risk digital services (such as hosting, VPN, proxies, SMM, e-ticketing, and similar services), requiring enhanced fraud, abuse, sanctions, and compliance controls.

This Privacy Policy is designed to satisfy transparency and notice requirements under applicable data protection laws, including those listed in Section 13 (Jurisdiction-Specific Disclosures).

1. Scope and Applicability

This Privacy Policy applies to personal data processed by Creosca relating to:

  • Providers and their representatives
  • Resellers and their representatives
  • End Users, to the extent their data is processed through Platform workflows
  • Website visitors and Platform users

This Policy does not replace or override the independent privacy obligations of Providers or Resellers toward their End Users.

2. Data Protection Roles and Allocation of Responsibility

Depending on context, Creosca acts as:

2.1 Independent Controller / Business

Creosca acts as a controller (or "business") for personal data processed for:

  • Platform account creation and administration
  • Identity verification, KYB/KYC, fraud prevention, sanctions compliance
  • Platform billing, credits, fees, collections, disputes, and chargebacks
  • Security monitoring, abuse prevention, audit logging
  • Legal compliance, enforcement of agreements, and regulator inquiries

2.2 Processor / Service Provider

Creosca acts as a processor (or "service provider") when processing personal data on behalf of Providers or Resellers, such as:

  • Storefront enablement
  • Order orchestration
  • API integrations
  • Transaction reporting

In those cases, Providers and Resellers remain independent controllers and are responsible for lawful bases, notices, and End User rights.

3. Categories of Personal Data Collected

3.1 Data You Provide

  • Name, email, phone, role
  • Business name, address, registration details
  • Login credentials (hashed)
  • Communications and support tickets
  • Verification documents (where required)
  • Billing metadata (invoices, subscription status, credits balances)

Payment card numbers are not stored by Creosca. Payment processors store card data.

3.2 Data Collected Automatically

  • IP address, device identifiers
  • Browser, OS, API usage logs
  • Authentication events and timestamps
  • Security, fraud, and abuse signals

3.3 Data from Third Parties

  • Payment processors (disputes, fraud signals)
  • Identity and verification providers
  • Sanctions and restricted-party screening providers
  • Analytics and infrastructure providers

4. Purposes of Processing

Creosca processes personal data to:

  • Operate and secure the Platform
  • Provide billing, credits, settlement, and accounting workflows
  • Detect and prevent fraud, abuse, and prohibited use
  • Comply with legal, regulatory, and contractual obligations
  • Provide customer support and service communications
  • Improve Platform performance and reliability
  • Enforce Provider and Reseller agreements

5. Lawful Bases for Processing

Where required by law, Creosca relies on one or more of the following:

  • Contractual necessity (Platform access and services)
  • Legal obligations (compliance, record-keeping, sanctions)
  • Legitimate interests (security, fraud prevention, platform integrity)
  • Consent, where explicitly required (e.g., certain cookies, marketing)

6. High-Risk Services and Automated Risk Controls

Due to the nature of Provider Services, Creosca may process personal data for:

  • Fraud detection and behavioral analysis
  • Abuse and acceptable-use enforcement
  • Chargeback and dispute investigation
  • Sanctions and restricted-jurisdiction screening

Risk actions may include automated signals combined with human review. Creosca does not use solely automated decision-making producing legal or similarly significant effects without appropriate safeguards where required by law.

7. Disclosure of Personal Data

Creosca may disclose personal data to:

  • Infrastructure, hosting, analytics, and security vendors
  • Payment processors and financial partners
  • Identity verification and compliance providers
  • Providers and Resellers (for fulfillment and support only)
  • Legal authorities where required by law

Creosca does not sell personal data in the ordinary commercial sense.

8. Cross-Border Data Transfers

Personal data may be processed in Canada and other jurisdictions where Creosca or its subprocessors operate.

Where required, Creosca implements appropriate safeguards, including:

  • Contractual protections (e.g., SCC-equivalent clauses)
  • Vendor due diligence and security reviews
  • Transfer risk assessments
  • China-specific transfer mechanisms where applicable

9. Data Retention

Creosca retains personal data only as long as necessary to:

  • Provide the Platform
  • Meet legal, accounting, and regulatory obligations
  • Support fraud prevention, dispute handling, and audits
  • Enforce agreements and resolve claims

Retention periods vary by data type. Aggregated or anonymized data may be retained longer.

10. Security Measures

Creosca implements technical and organizational measures proportionate to risk, including:

  • Access controls and least-privilege enforcement
  • Encryption in transit and, where appropriate, at rest
  • Secure logging and monitoring
  • Vulnerability management and incident response
  • Vendor security controls

11. Data Breach Response

Creosca maintains incident response procedures and will notify relevant parties and authorities as required by Applicable Law.

Providers and Resellers are required by contract to promptly notify Creosca of any incident affecting Platform-related data.

12. Children's Data

The Platform is not intended for children under 13. Creosca does not knowingly collect children's personal data.

13. Jurisdiction-Specific Disclosures

13.1 Canada (PIPEDA)

Creosca follows fair information principles including openness, purpose limitation, and safeguards.

13.2 EU & UK (GDPR / UK GDPR)

Data subjects may exercise rights of access, rectification, erasure, restriction, objection, and portability, subject to legal limitations.

13.3 United States (CCPA/CPRA)

California residents may request access, deletion, correction, and opt-out of "sharing" as defined by law.

13.4 India (DPDP Act 2023)

Creosca acts as a Data Fiduciary or Data Processor as applicable and supports notice, consent, correction, and grievance redressal.

13.5 China (PIPL)

Creosca processes personal information under lawful bases, implements data minimization, and applies required safeguards for cross-border transfers.

13.6 Nigeria (Nigeria Data Protection Act 2023)

Creosca supports transparency, lawful processing, data minimization, and security safeguards.

14. Your Rights and Requests

Requests may be submitted to:

Email: support@creosca.com
Address: Creosca Corporation, Ontario, Canada

Creosca may verify identity before fulfilling requests. Where Creosca acts as a processor, requests may be redirected to the relevant Provider or Reseller.

15. Changes to This Policy

We may update this Privacy Policy to reflect legal, operational, or Platform changes. The "Last Updated" date indicates the current version.

16. Relationship to Provider and Reseller Agreements

This Privacy Policy operates in parallel with the Provider and Reseller Agreements. Providers and Resellers remain independently responsible for compliance with Section 11 (Data Protection, Privacy, Security, and Jurisdiction-Specific Requirements) of their agreements.