Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.creao.ai/llms.txt

Use this file to discover all available pages before exploring further.

CREAO respects your privacy and gives you control over your data.
CREAO collects the minimum data necessary to provide the service:
  • Account data — email address, name, and authentication credentials
  • Conversation data — messages, files, and artifacts you create during chat sessions. When interaction analytics is enabled, user chat turns may also be sent to Reflexio (see Subprocessors) for conversation-quality monitoring
  • Usage data — credit consumption, feature usage, acquisition attribution (UTM parameters, click IDs, referring site, landing path), and session metadata for billing, analytics, and product improvement
  • Memory data — facts and preferences the super agent saves on your behalf (you can view, search, and delete these at any time)
  • Login geolocation — country derived from your IP address by Cloudflare (ISO 3166 alpha-2 country code) is recorded with each login event for analytics, abuse detection, and billing routing. No city-level or precise location is stored
  • Dream profiles — AI-generated summaries of your preferences, working style, and recent activity, derived from your conversation history. These are created automatically (daily) or on demand, and can be viewed from the Memory → Dream tab
  • Linked social profiles — when you connect an X (Twitter) or Discord account from the Rewards hub or Account Settings, CREAO stores the provider account ID, username, display name, and avatar URL so the UI can show which accounts you have linked. For Discord we also retain the OAuth access token so reward verification (CREAO server membership) can run without prompting you to re-authenticate. For X, the OAuth token is used only at link time to confirm account ownership — CREAO does not call back to X to read your follows, posts, or social graph. To prevent reward-farming via re-binding, an X or Discord identity that has been linked to a CREAO account is bound permanently to that account — it cannot be disconnected from the UI. As a security measure, linked profile data and stored OAuth tokens are also removed automatically whenever your authentication state is revoked (password reset, admin force-logout, account ban) — this prevents an attacker who briefly held a session cookie from leaving an attached account behind after the rightful owner regains control. They are otherwise removed only when you delete your CREAO account, at which point all linked profile data and stored OAuth tokens are deleted with it. You can still revoke CREAO’s access at any time from your provider’s settings (X → Connected apps, Discord → Authorized apps), which invalidates the stored token immediately
  • Campaign participation data — if you join a CREAO campaign or challenge, CREAO may store campaign-specific enrollment state, eligibility checks, public leaderboard identity, and setup metadata. For the Agent Trading Campaign, this includes your submitted WEEX email/UID, the linked X profile used as your public leaderboard identity (x_username, x_provider_account_id, display name, and avatar), the Discord link and CREAO Discord server membership required for enrollment, your selected CREAO agent app ID, your user-chosen public leaderboard agent name/slug, readiness/freeze audit hashes, and disqualification/finalization status. Total CREAO credits consumed may be used to determine prize eligibility; public campaign pages may show eligibility status or prize-claim rank, while exact credit totals are visible only to you and CREAO admins
  • Campaign financial performance data — for trading challenges, CREAO may use the WEEX API credentials you configure in CREAO Secrets to request demo-account balance data from WEEX during the campaign. CREAO stores leaderboard snapshots such as USDT equity, PnL, and trade count for ranking, audit, and results pages. CREAO does not store your raw WEEX API key, secret, or passphrase in the campaign database
  • Scheduled-run result delivery — when you enable “Email me a summary” on a scheduled agent app, CREAO sends a summary email after each run. We store the email delivery record in schedule_email_deliveries (schedule ID, run status, delivery outcome, and timestamp). These records are deleted automatically after 30 days by a nightly cron. The delivery setting is off by default and can be changed at any time from the schedule settings
  • Team-collaboration attribution — when you and other members work in the same organization, CREAO stores the user identifier of the team member who sent each message, uploaded each file, scheduled each run, or performed each tracked action on a shared agent. Team members in the same organization can see each other’s display name and email next to those entries (in chat, files, schedules, and the agent activity log) so that collaborators know who did what. This information is visible only to other members of the same organization — never to users outside the org or to anonymous visitors of a shared link
  • Action approvals — when an agent or chat session proposes a guarded write through a connector (email, social media, messaging, etc.), CREAO stores the proposed action payload (for example tweet text, email subject, or message content), validation results, approval status, approver/rejector audit metadata, and apply result so you can review, approve, reject, retry, and audit external actions. This applies to both Agent App sessions and regular chat threads
  • LLM transaction forensics — when the super agent calls a large language model on your behalf, CREAO stores per-request invocation metadata for billing accuracy and abuse prevention: source IP address (from cf-connecting-ip), user agent, country code, Cloudflare edge-location code (cf.colo), provider name and request path, token counts, cache status, JWT issued-at and age, upstream response identifier, run-history thread identifier (internal UUID), and the per-request cost in USD. This data is written to credit_deduction_logs (one row per LLM call) and is retained alongside other billing records. It is used to spot stolen sandbox credentials, replay attacks, and runaway agent loops, and to reconcile our spend against upstream provider invoices
We do not sell your data to third parties.
CREAO is designed with GDPR principles in mind:
  • Lawful basis — we process data based on contractual necessity (to provide the service) and legitimate interest (to improve the product)
  • Data minimization — we collect only what is needed to deliver the service
  • Right to access — you can export your data at any time
  • Right to deletion — you can delete your account and all associated data
  • Right to portability — conversation and file data can be exported in standard formats
  • Data processing — see the Subprocessors section below for a list of third parties that process data on our behalf
  • International transfers — user data is stored in the United States. For EU users, data transfers are governed by Standard Contractual Clauses (SCCs) in accordance with GDPR Chapter V
  • Data Processing Agreement — enterprise customers can request a DPA by contacting privacy@creao.ai
For California residents, CREAO provides:
  • Right to know — what personal information we collect and how it is used
  • Right to delete — request deletion of your personal information
  • Right to opt-out — we do not sell personal information
  • Non-discrimination — exercising your rights does not affect pricing or service quality

AI & Model Usage

Your data is not used to train AI models. Conversations and files sent to AI providers (Anthropic, OpenAI, Google, MiniMax, xAI) are processed under API agreements that prohibit use of your data for model training. This includes image inputs sent for generation tasks (for example, image-to-video with Veo). Providers may retain data briefly for abuse monitoring and safety as required by their terms, but never for training purposes.
When you chat with the super agent, your messages and relevant context (files, memory, Dream profile, skill instructions) are sent to the selected LLM provider via their API. All API calls use encrypted connections. Responses are streamed back to your browser in real time.Dream profiles are generated using Claude Haiku and may be included in agent context alongside your selected LLM provider. This means profile summaries generated by one provider may be forwarded to another as part of the agent’s context window.
CREAO supports multiple LLM providers:
  • Anthropic (Claude Opus, Sonnet, Haiku)
  • OpenAI (GPT-5.5, GPT-4.1, GPT-4.1 mini)
  • Google (Gemini Pro, Gemini Flash, Veo for video generation)
  • MiniMax (MiniMax M2.7)
  • xAI (Grok)
All providers are accessed via API with no-training agreements. Providers may retain data briefly for abuse monitoring and safety per their terms, but your data is never used for model training.
Code generated by the AI runs in an isolated sandbox. The sandbox has no access to other users’ data, no persistent network access to internal systems, and is destroyed after the session ends. Generated files are stored encrypted and associated only with your account. If you share a thread via the Share feature, files and artifacts within that thread become accessible to anyone with the share link.

Connector Data Access

Connectors provide scoped access to third-party systems (OAuth/API-key based). See Skills and Connectors for the full feature overview and Security for auth model and security controls.
Connector groupAuth modeTypical data categoriesRevocation
Google Workspace (Gmail, Calendar, Docs, Sheets, Drive, Tasks)OAuthMail, calendar events, docs, spreadsheets, files, tasksDisconnect in CREAO + revoke in Google account if needed
Google Marketing (Ads, Analytics, Search Console)OAuthCampaign/reporting and web analytics dataDisconnect in CREAO + revoke in Google account if needed
Microsoft (Outlook, Teams, OneDrive, Word, Excel)OAuthMail, collaboration messages, files, documents, workbook dataDisconnect in CREAO + revoke in Microsoft account if needed
Collaboration (Slack, Discord, Notion, Asana, Linear)OAuth or API keyMessages, channels/pages, tasks/issues/project dataDisconnect in CREAO + revoke in provider account
Developer (GitHub)OAuthRepository metadata/content and issue/workflow dataDisconnect in CREAO + revoke in GitHub settings
Social/commerce (X, YouTube, Reddit, Shopify, eBay, Telegram)OAuth or tokenSocial content, publishing metadata, storefront/listing data, bot messaging dataDisconnect in CREAO + revoke in provider account
Some connectors run through direct provider API integrations; others may run through integration relay infrastructure. In all cases, access is bound to your authenticated connector account and approved permissions.

Skill Data Handling

Built-in skills are instruction packages — they do not create new third-party data sharing paths by themselves. See Skills and Connectors for the full feature overview and Security for safety boundaries. Built-in skills may operate on:
  • User prompts and conversation context
  • User-provided files and generated artifacts
  • Connected-service data when relevant connectors are authorized
Data leaves CREAO only when required by tools/providers used during execution.

Subprocessors

The following third-party services process data on behalf of CREAO:
SubprocessorPurposeData Processed
AWS (Amazon Web Services)Cloud infrastructure, data storage, computeAll service data
AnthropicLLM provider (Claude models)Conversation messages, context
OpenAILLM provider (GPT models)Conversation messages, context
Google CloudAI provider (Gemini models, Veo video generation)Conversation messages, context, user image inputs for image-to-video generation
MiniMaxLLM provider (MiniMax models)Conversation messages, context
xAILLM provider (Grok models)Conversation messages, context
E2BSandbox executionCode, files during execution
StripePayment processingBilling and payment data. Payments are routed to a regional Stripe account based on your country (see Billing Routing below)
CloudflareCDN, DDoS protection, bot detectionRequest metadata, country derived from IP address (used for billing routing, login geolocation analytics, and abuse detection)
Better Auth CloudEmail validation during signup (disposable, invalid-MX, reserved-TLD detection); supplementary abuse signals (IP reputation, bot / impossible-travel detection); auth event telemetry across all auth operations (signup, signin, password-reset, session-refresh, OAuth callbacks) for the Sentinel security dashboardEmail address; IP address; auth event metadata (event type, timestamp, user ID, user email, user display name, IP address, derived city / country / country code)
SentryError monitoringError diagnostics (no conversation content)
AmplitudeProduct analytics and event data exportUsage events and session metadata (no conversation content)
ReflexioInteraction analytics and conversation-quality monitoringUser ID, thread/session ID, and user message content from chat turns
PipedreamConnector OAuth and integration relay (user-triggered, when you authorize a connector)OAuth tokens for connected services
People Data LabsCompany data enrichment (premium data tool, when you request company intelligence)User-provided company identifiers such as website, name, ticker, LinkedIn URL, and location hints
DiscordRewards verification (platform-level — checks Discord account link and CREAO server membership for the Rewards hub)OAuth access token, Discord user id, username, avatar, server membership status
X (Twitter)Rewards account linking (platform-level — confirms ownership of an X account when you connect it from the Rewards hub)OAuth access token (held to bind the identity), X user id, username, display name, avatar
WEEXDemo trading challenge account access and performance tracking (when you join a WEEX-backed campaign and configure WEEX API credentials)WEEX UID/email, signed account-balance requests, demo-account equity, PnL, available balance, unrealized PnL, and trade count/performance metadata

Billing Routing

CREAO uses Stripe Connect to route payments through regional Stripe accounts so that charges are processed by a merchant entity closer to the cardholder, reducing payment declines. The country associated with your IP address (provided by Cloudflare via the cf-ipcountry header) determines which Stripe account processes your payment:
  • United States and Canada — payments are processed by New Boundary, Inc. (US Stripe account) as a connected account on the CREAO platform
  • All other regions — payments are processed directly by the CREAO platform Stripe account (Hong Kong)
No new personal data is collected for this routing — only the country code already present in the request metadata is used. Your billing region is stored alongside your subscription record so that subsequent charges, portal sessions, and webhook processing use the same account. This value is cleared if your subscription is reset.

Data Retention

Data TypeRetention PeriodNotes
Conversations & messagesUntil deleted by userUsers can delete individual threads or all data
API keysUntil revoked by userHMAC hash stored; raw key shown once at creation and never stored
API run data (inputs, outputs)Until deleted by userPrompts and results from API-triggered agent runs; same retention as conversations
Generated filesUntil deleted by userStored encrypted in cloud storage
Sandbox environmentsSession duration + 30 min idleDestroyed after inactivity timeout
Memory entriesUntil deleted by userViewable and deletable from the Memory page
Dream profilesActive + last 10 versionsDeleted on account deletion (FK cascade). Viewable from Memory → Dream tab
Audit logs90 daysImmutable, used for security monitoring
Team activity logsUntil app deletionOne row per tracked action on a shared agent (member added/removed, share toggled, schedule created/updated/deleted, etc.). Cascades when the agent app is deleted. The acting user’s id is replaced with a deleted-account placeholder when that user closes their account, so the action history remains coherent for surviving collaborators without exposing data tied to a deleted user
Login records365 daysOne row per session with IP, user agent, device fingerprint, and country code; used for abuse detection clustering and admin geo analytics
LLM transaction forensics (credit_deduction_logs)12 monthsOne row per LLM API call with billing metadata (cost, model, token counts) and forensic invocation details (source IP, user agent, country code, Cloudflare edge-location code, JWT issued-at and age, upstream response identifier). Used for billing reconciliation, abuse cross-referencing (e.g. detecting stolen sandbox credentials and replay attacks), and audit. After 12 months the IP address and user agent fields are anonymized/dropped; aggregated totals (cost, tokens) may be kept longer for billing analytics
Amplitude analytics eventsPer Amplitude default retentionUsage events and session metadata exported to Amplitude for product analytics; no conversation content
Reflexio interaction analytics recordsPer Reflexio DPA and service retention policyUser chat turns forwarded for interaction-quality monitoring. CREAO can disable this forwarding by removing Reflexio configuration
Acquisition attributionUntil account deletionUTM parameters, click IDs, referring site, landing path, first-touch timestamp, and last-touch timestamp stored with the account to measure campaign effectiveness and understand signup journeys. Deleted when the account is deleted (FK cascade)
Action approvalsUntil the parent is deletedProposed connector-write payloads, validation previews, approval/rejection audit metadata, and apply results for guarded actions. For Agent App actions, deleted when the Agent App is deleted (FK cascade). For chat thread actions, retained until the thread is deleted or the user deletes their account
Campaign enrollment records (s1_trading_challenge_participants)Campaign duration + 12 months after resultsUsed for eligibility, audit, fraud prevention, prize administration, and support. Includes CREAO account identifiers, submitted WEEX UID/email, linked public X profile metadata, Discord enrollment requirement status, user-chosen public leaderboard agent name/slug, readiness/freeze status, and final rank/PnL. Total CREAO credits consumed may be computed from billing logs to determine prize eligibility; public pages may disclose eligibility status or prize-claim rank, but exact credit totals are visible only to the participant and CREAO admins. Deleted or anonymized after the retention period unless a legal, tax, security, or dispute hold applies; account deletion removes or anonymizes personal data where legally required
Campaign leaderboard snapshots (s1_trading_challenge_leaderboard_snapshots)Campaign duration + 12 months after resultsStores time-series equity, PnL, and trade-count snapshots used for ranking, audit, and public results. Deleted or aggregated/anonymized after the retention period unless needed for prize, fraud, security, legal, or dispute records
Campaign admin action records (s1_trading_challenge_admin_actions)Campaign duration + 12 months after resultsInternal audit trail for admin operations. Actor email is internal staff, not user PII. Deleted after the retention period unless needed for prize, fraud, security, legal, or dispute records
Scheduled-run email deliveries (schedule_email_deliveries)30 daysDelivery records (schedule ID, run status, delivery outcome, error) created each time CREAO sends a scheduled-run summary email. Deleted automatically by nightly cron after 30 days. No email content is stored
Account dataUntil account deletionDeleted within 30 days of account closure (per GDPR Article 17 and CCPA requirements)
Linked social profilesUntil account deletion or auth-state revocationX / Discord profile data and OAuth tokens. Discord tokens are reused for server-membership verification; X tokens are held only as proof of the link and are not used for outbound reads. Bindings are permanent (the same external identity cannot be re-linked to a different CREAO account, to prevent reward-farming). Deleted when the CREAO account is deleted (FK cascade) and also automatically wiped whenever authentication state is revoked (password reset, admin force-logout, account ban) so an attacker-attached link cannot outlive the security event. Provider-side revocation (X / Discord settings) immediately invalidates the stored token but leaves the binding row in place
Payment dataAs required by lawManaged by Stripe; CREAO does not store card numbers

Contact

For privacy and compliance inquiries or Data Processing Agreement (DPA) requests, contact privacy@creao.ai. CREAO, Inc. acts as the data controller for personal data processed through the platform.