Privacy Policy

PRIVACY POLICY

Effective date: 14 January, 2026

This Privacy Notice explains how personal information is handled when you interact with skinrush.org (the “Platform”).

CREATIVEIMAGEAI LTD is committed to protecting user privacy and ensuring that personal data is processed lawfully, fairly, and securely, in accordance with applicable data protection legislation, including the UK GDPR and the Data Protection Act 2018.

  1. Who We Are

The Platform is operated by:

CREATIVEIMAGEAI LTD
Company No.: 16694311
Registered address: 128 City Road, London, United Kingdom, EC1V 2NX
Contact email: support@skinrush.org

For data protection purposes, the Company is the data controller, meaning it determines how and why personal data is processed.

  1. What Information We Collect

We collect only the data that is relevant for operating the Platform and meeting legal obligations.

Information you actively provide

This includes:

  • email address and other contact details;
  • account registration and profile data;
  • messages sent to customer support.

Service and transaction information

When you use paid features or request payouts, we may process:

  • transaction references and payout records;
  • payment status confirmations received from payment providers.

Full card numbers and sensitive authentication data are never stored by the Company.

Identity and compliance data

Where required by law, we may request:

  • identity verification information;
  • documents necessary to comply with AML and KYC regulations.

Technical data

Automatically collected data may include:

  • IP address and device identifiers;
  • browser type, operating system, and access timestamps;
  • usage analytics and interaction data;
  • cookies and similar tracking technologies.
  1. Why We Use Personal Data

Personal data is processed only where necessary, including for the following purposes:

  • enabling access to Platform features;
  • managing and securing user accounts;
  • processing payments and withdrawals;
  • detecting fraud, misuse, or unauthorised behaviour;
  • complying with legal and regulatory requirements;
  • responding to enquiries and support requests;
  • maintaining and improving Platform stability and security.
  1. Legal Justification for Processing

Depending on the context, we rely on one or more of the following legal grounds:

  • processing required to deliver requested services;
  • compliance with statutory or regulatory obligations;
  • legitimate business interests, such as fraud prevention and system security;
  • user consent, where explicitly required.
  1. Who May Receive Personal Data

Access to personal data is limited and granted only where necessary. Data may be shared with:

  • payment processors and banking partners;
  • verification and compliance service providers;
  • security and fraud monitoring services;
  • legal, financial, or compliance advisers;
  • regulatory bodies or authorities where disclosure is legally required.

Personal data is never sold or licensed to third parties.

  1. Data Transfers Outside the UK

If personal data is transferred outside the UK or EEA, appropriate safeguards are applied, such as:

  • regulator-approved contractual protections;
  • other transfer mechanisms permitted under data protection law.
  1. How Long Data Is Kept

We retain personal data only for as long as it is reasonably required:

  • compliance and identity data — generally up to 5 years after account closure;
  • financial and transaction records — in line with tax and accounting obligations;
  • communications and support records — for operational and audit purposes.

When retention is no longer necessary, data is securely deleted or anonymised.

  1. Your Data Protection Rights

Depending on your location and applicable law, you may have the right to:

  • access personal data held about you;
  • correct inaccurate or outdated information;
  • request deletion of personal data;
  • restrict or object to certain processing activities;
  • withdraw consent where processing relies on consent;
  • receive a copy of your data in a portable format.

Requests can be submitted by contacting us using the details below.

  1. Data Security Practices

We implement organisational and technical measures designed to protect personal data, including:

  • encryption and secure storage practices;
  • access control and authentication systems;
  • monitoring tools for identifying suspicious activity.

Third-party partners are selected based on compliance with recognised security standards, including PCI DSS where applicable.

  1. Use of Automated Systems

Certain internal processes, such as fraud detection and compliance screening, may involve automated tools.
These systems are used to protect users and the Platform and are subject to appropriate safeguards.

  1. Age Restrictions

The Platform is intended solely for users aged 18 and above.
If personal data relating to a minor is identified, it will be removed as soon as reasonably possible.

  1. Changes to This Notice

This Privacy Notice may be updated periodically to reflect changes in legal requirements or Platform operations.

Any revised version will be made available on the Platform and will apply from the stated effective date.

  1. How to Contact Us

For questions, requests, or concerns related to privacy or data protection, please contact:

CREATIVEIMAGEAI LTD
128 City Road
London, United Kingdom, EC1V 2NX

📧 support@skinrush.org