Privacy Policy

Last updated: April 2, 2026

This Privacy Policy explains how Curreo, operated by Elizabeth Johnston, DBA Curreo ("we," "us," or "Curreo"), collects, uses, and protects your information when you use our service at curreo.io. We believe in being straightforward about data practices. If something here isn't clear, ask us at hello@curreo.io.

1. Information We Collect

Information you provide

Account information: Name, email address, and password when you create an account
Brand profiles: Brand names, descriptions, voice guidelines, target audiences, sample content, and other brand context you enter
Campaign briefs: Campaign objectives, audiences, messaging, guardrails, and creative direction
Payment information: Billing details processed securely by Stripe. We do not store credit card numbers on our servers.

Information collected automatically

Usage data: Features used, content generated, trends viewed, timestamps, and general interaction patterns
Device information: Browser type, operating system, and screen size (for responsive design)
Analytics: Page views and general traffic patterns via privacy-focused analytics

Information we do NOT collect

We do not use third-party tracking cookies for advertising
We do not collect location data beyond what your browser provides by default
We do not collect biometric data
We do not buy data about you from third-party brokers

2. How We Use Your Information

Data	Purpose
Account info	Authentication, communication, account management
Brand profiles & campaigns	Trend matching, content generation, voice calibration
Usage data	Service improvement, debugging, understanding feature adoption
Payment info	Subscription billing (processed by Stripe)

We do not use your brand profiles, campaigns, or generated content for marketing purposes, and we do not share it with other users.

3. AI Processing and Third-Party Services

Curreo uses AI models from OpenAI and Anthropic (Claude) to generate content. When you generate content, your brand context and the matched trend are sent to these AI providers for processing.

Important:

Your brand data is sent to AI providers solely for content generation in response to your request
We use API access with data processing agreements — your data is not used to train OpenAI's or Anthropic's models
AI-generated output is returned to you and stored in your account

Third-party services we use

Service	Purpose	Data shared
Supabase	Database, authentication, hosting	Account data, brand profiles, generated content
OpenAI	Trend discovery, content generation	Brand context + trend data (per-request, not stored by OpenAI)
Anthropic (Claude)	Creative matching, content generation	Brand context + trend data (per-request, not stored by Anthropic)
Stripe	Payment processing	Billing information (Curreo never sees full card numbers)
Vercel	Web hosting	Standard web server logs
Google Analytics	Website analytics	Anonymized page view and traffic data

4. Data Retention

Active accounts: Your data is retained as long as your account is active
Cancelled accounts: Brand profiles and generated content are deleted within 30 days of account closure. You may request earlier deletion.
Usage logs: Anonymized usage data may be retained for up to 12 months for service improvement
Trend data: Cultural trend data (not tied to individual users) is retained for the operation of the service

5. Data Security

We implement industry-standard security measures including:

Encrypted data transmission (HTTPS/TLS)
Row-level security on all database tables
Secure authentication via Supabase Auth
API keys and secrets stored in secure environment variables, never in client-side code
Regular security monitoring

No system is 100% secure. If we discover a data breach affecting your information, we will notify you within 72 hours via email.

6. Your Rights

Regardless of where you live, you have the right to:

Access the personal data we hold about you
Correct inaccurate information in your account
Delete your account and associated data
Export your brand profiles and saved content
Withdraw consent for data processing (which may require closing your account)

To exercise any of these rights, contact us at hello@curreo.io. We will respond within 30 days.

Additional rights for California residents (CCPA/CPRA)

If you are a California resident, you additionally have the right to:

Know what personal information we collect and how it is used
Request deletion of your personal information
Opt out of the sale of personal information — we do not sell your personal information
Non-discrimination for exercising your privacy rights

7. Children's Privacy

Curreo is available to users aged 13 and older. Users between 13 and 18 must have parental or guardian consent.

We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13 without parental consent, we will delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at hello@curreo.io.

8. International Users

Curreo is operated from the United States. If you access the service from outside the U.S., your information will be transferred to and processed in the United States. By using Curreo, you consent to this transfer.

For users in the European Economic Area (EEA) or United Kingdom, we process data based on contractual necessity (providing the service you signed up for) and legitimate interest (improving the service). You may contact us to exercise your rights under GDPR.

9. Cookies

Curreo uses minimal cookies:

Authentication cookies: Required to keep you logged in (essential, cannot be disabled)
Analytics cookies: Anonymous usage tracking via Google Analytics (can be opted out)

We do not use advertising cookies, retargeting pixels, or cross-site tracking cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice within the application at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent revision.

11. Contact

Questions about this Privacy Policy or your data? Reach us at:

Email: hello@curreo.io
Entity: Elizabeth Johnston, DBA Curreo
Location: Oregon, United States