← Back

Privacy Notice

Last updated: 7 May 2026

1. Who we are

Create Impacts, a sole proprietorship registered in Belgium under enterprise number BE0799405506, with its registered address at Rommeldonkstraat 17, 9940 Evergem, Belgium, is the data controller for the personal data described in this Notice. You can reach us at support@createimpacts.eu.

2. What data we collect and why

  • Account data (email, password hash, display name) — to create and secure your account. Legal basis: performance of our contract with you.
  • Trading data you enter or import (trades, notes, screenshots, calendar entries) — to provide the journal, analytics and calendar features you signed up for. Legal basis: performance of our contract.
  • Usage and device data (pages visited, IP address, browser type, error logs) — to keep the Service secure, prevent fraud and improve features. Legal basis: our legitimate interests.
  • Support communications (emails you send us) — to answer your questions. Legal basis: our legitimate interests.
  • Billing data (subscription status, plan, billing periods) — to manage your subscription. Payment card details are collected and held by Paddle, not by us. Legal basis: performance of our contract and legal obligation.

3. Who we share data with

We share personal data only with the following categories of recipients:

  • Hosting and backend — our application, database and file storage are operated through Lovable Cloud (powered by Supabase), which hosts data in the EU.
  • Paddle.com — our Merchant of Record. Paddle handles checkout, payments, subscription management, invoicing and tax compliance, and acts as an independent data controller for the payment data it collects.
  • Professional advisers — accountants and legal advisers, where strictly necessary.
  • Authorities — where we are legally required to disclose data.

We do not sell your personal data.

4. International transfers

We aim to keep your data inside the EEA. Where a processor (such as Paddle) transfers data outside the EEA, transfers are protected by adequacy decisions or Standard Contractual Clauses approved by the European Commission.

5. How long we keep data

We keep your account and trading data for as long as your account is active. If you delete your account, we delete or anonymise your personal data within 90 days, except where we must keep certain records (for example invoices) to comply with legal obligations.

6. Your rights (GDPR)

You have the right to access, rectify, erase, restrict or object to the processing of your personal data, the right to data portability, and the right to withdraw any consent you gave us. You can exercise these rights by emailing support@createimpacts.eu. We respond within one month. You also have the right to lodge a complaint with the Belgian Data Protection Authority (dataprotectionauthority.be) or your local supervisory authority.

7. Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit, access controls and row-level security on our database.

8. Cookies

We use only strictly necessary cookies and local storage required to keep you signed in and to remember your preferences. We do not use marketing or advertising cookies.

9. Changes

We may update this Notice from time to time. Significant changes will be notified by email or in-app. See also our Terms of Service.