Creative Spark Studio Logo

Privacy Policy

Effective date: 23 July 2025

Clear information about how we collect, use, and protect your personal data when using Creative Spark Studios platform.

1. Introduction & Who We Are

This Privacy Policy explains how P&HFOOD LTD (Company No. 15307880), registered at Reading Bridge House, George St, Reading, RG1 8L United Kingdom ("we", "us", "our"), collects and uses your personal data when you use our website and token-based creative & marketing services (e.g., Copywriting, SMM Management, Graphic Design, Logo Generation, Brand Naming, Blog Writing, Content Calendar Creation, Email Newsletter Design, Ad Copy, Website Design/Audit, Motion Graphics, Reels Editing, Brand Style Guides, Video Scripts, YouTube Branding, Social Bio Optimisation, and related add-ons) (the "Services").

We are the data controller for your personal data under UK data-protection law (UK GDPR and the Data Protection Act 2018).

Contact Information:

Email: hello@creativesparkstudios.co.uk

Phone: +44 7822016497

Address: Reading Bridge House, George St, Reading, RG1 8L United Kingdom

2. Personal Data We Collect

We collect only what we need to provide and improve the Services:

Identity & Contact

name, business name, role/title, email, phone, billing/shipping address

Account Data

username, password hash, profile preferences, communication language/timezone

Transactions

top-ups/coin purchases, order references, invoices, tax/VAT data; payment identifiers from providers (we do not store full card details)

Usage & Technical

IP address, device/browser type, OS, pages viewed, timestamps, session and security logs

Project/Brief Content

texts, images, videos, brand assets, logos, fonts, product info, social handles, public links, platform IDs you choose to share (e.g., campaign IDs)

Generated & Delivered Content

drafts, design files, PDFs/exports, revision history and approval logs

Support & Communications

messages, attachments, feedback, call/meeting notes

Marketing Preferences

newsletter opt-in/opt-out, your interests and engagement

We do not intentionally request sensitive data (health, biometrics, etc.). Please do not include such data in briefs unless strictly necessary and agreed in writing.

If you supply personal data of third parties (e.g., customer names in case studies), you confirm you have a lawful basis to share it with us.

3. Purposes & Legal Bases

We process personal data for:

Providing the Services

Legal Basis: Contract
scoping, producing, revising and delivering creative/marketing outputs; account management; notifications

Payments & Billing

Legal Basis: Legal obligation/contract/legitimate interests
process top-ups, issue invoices, prevent fraud/abuse, accountancy and tax records

Support, Refunds & Disputes

Legal Basis: Contract/legitimate interests
handle tickets, investigate issues, manage cancellations/refunds

Service Improvement & Security

Legal Basis: Legitimate interests
analytics, debugging, load testing, monitoring, access controls, backups

Marketing

Legal Basis: Consent or soft opt-in under PECR for similar products to existing customers
send newsletters, product updates, and offers; you can unsubscribe anytime

Legal Compliance

Legal Basis: Legal obligation
respond to lawful requests, regulatory reporting, record-keeping

Consent Withdrawal: Where we rely on consent, you may withdraw it at any time without affecting prior lawful processing.

4. Sharing & International Transfers

We share personal data with trusted recipients only as needed:

International transfers

Some providers may be outside the UK/EEA. In such cases we rely on UK adequacy regulations, International Data Transfer Agreements/Standard Contractual Clauses, and complementary safeguards. We do not transfer data in a way that reduces the level of protection required by law.

5. Cookies & Similar Technologies

We use cookies/local storage for essential functionality (login, security), preferences, analytics at-where you consent-marketing. Details, categories and choices are set out in our Cookie Policy.

6. Use of AI Tools

We may use reputable AI tools to assist with ideation, drafting, editing, quality checks, or asset generation. Human review is applied before final delivery unless an automation-only task is expressly requested.

Where AI vendors act as processors, we bind them by contract and apply appropriate transfer safeguards.

You remain responsible for any disclosures to your audience that AI-assistance was used, if required in your industry.

7. Retention

We keep data only as long as needed for each purpose and legal obligations:

Orders, invoices, payment records: min 24 months, up to 6 years for accounting/disputes.
Account & project data: for the life of your account and a reasonable period thereafter for audit/defence of claims.
Drafts/temporary files: retained for delivery and revision cycles; may auto-delete after inactivity unless saved in your account.
Marketing records: until you unsubscribe or consent is withdrawn, or we stop using the channel.

When no longer needed, we securely delete or anonymise the data.

8. Security

We implement appropriate technical and organisational measures: encryption in transit, access controls and role-based permissions, MFA for staff, secure backups, least-privilege policies, vendor due diligence, and regular monitoring.

Breach Notification: No system is perfectly secure; if a breach is likely to affect your rights, we will notify you and the ICO as required.

9. Your Rights

Under UK GDPR (and, where applicable, EU GDPR) you can:

Access your data
Rectify inaccurate data
Erase data ("right to be forgotten") where applicable
Restrict processing
Port data in a machine-readable format
Object to processing based on legitimate interests and to direct marketing
Withdraw consent at any time where processing relies on consent

Making Requests: hello@creativesparkstudios.co.uk

Response Time: We respond within statutory time limits (normally one month) unless an extension lawfully applies.

Identity Verification: We may verify your identity for security purposes.

10. Children

Our Services are intended for users 18+ and are not directed to children. We do not knowingly collect children's data.

11. Automated Decision-Making

We do not perform automated decision-making producing legal or similarly significant effects. Limited profiling/automation may be used for analytics, security, or content recommendations and does not override your rights.

12. Changes to this Policy

We may update this Policy between periodically. Material changes will be communicated via email or a prominent notice on our website. The updated Policy will include a new effective date.

13. Contact & Complaints

Email: hello@creativesparkstudios.co.uk

Phone: +44 7822016497

Postal: P&HFOOD LTD, Reading Bridge House, George St, Reading, RG1 8L United Kingdom

Complaints: You can also complain to the Information Commissioner's Office (ICO) if you are unhappy with how we handle your data. See the ICO website for contact details.

Data Controller Details

P&HFOOD LTD

Company number: 15307880

Registered office: Reading Bridge House, George St, Reading, RG1 8L United Kingdom

Email: hello@creativesparkstudios.co.uk

Phone: +44 7822016497

Get In Touch

Have a question about our policies or services? Fill out the form below and we'll get back to you shortly.