Privacy Policy

Last updated: April 2026

JK Creative WA LLC, a Washington State limited liability company doing business as JK.Creative ("JK Creative," "Company," "we," "us," or "our"), operates the website jkcreative.store and all associated applications and services. This Privacy Policy explains what personal information we collect, how we use it, how we share it, and your rights regarding that information.

By using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

1. Information We Collect

We collect the following categories of information:

  • Account Information. When you create an account or subscribe to a product, we collect your name, email address, and account credentials (password stored in hashed form only). For Session for Business and CRM products, you may also provide your business name and contact details.
  • Payment Information. Billing details, including card number, expiration date, and billing address, are collected and processed exclusively by Square, Inc. We do not store, access, or have visibility into your full payment card number on our servers. We receive from Square only a transaction confirmation, last four digits of your card, and billing amount for our records.
  • Usage Data. We collect information about how you interact with our services, including pages visited, features used, session duration, click patterns, and interaction sequences within our applications.
  • Error and Performance Data. We use Sentry to collect crash reports, error logs, stack traces, and performance metrics. We strip cookies from all Sentry events before transmission. Sentry may also collect browser metadata, operating system information, and IP address for error context.
  • Device Information. We automatically collect browser type and version, operating system, screen resolution, device type, language preference, and IP address.

We adhere to the principle of data minimization and collect only the information necessary to provide and improve our services.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, maintain, and improve our products and services.
  • To process payments, manage subscriptions, and send transaction-related communications (receipts, billing confirmations, renewal notices).
  • To authenticate your identity and maintain the security of your account.
  • To send transactional emails, including account updates, service notifications, and security alerts, via our email service provider (Resend).
  • To monitor, detect, and fix errors, bugs, and performance issues.
  • To respond to your requests, inquiries, and support tickets.
  • To comply with legal obligations, including tax reporting, data breach notification requirements, and law enforcement requests.
  • To enforce our Terms of Service and protect against fraud, abuse, and unauthorized access.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We have never sold personal information and have no plans to do so.

3. AI-Generated Content Disclosure

Our Kreado product line uses the Anthropic Claude API to generate digital products, including SOPs, templates, workflow kits, and prompt libraries. Regarding your data and AI processing:

  • Prompt Data. Prompts used to generate Kreado products are created by JK Creative WA LLC. Customer personal information is not used as input for AI content generation.
  • No Storage of Prompts by AI Provider. Under Anthropic's API terms, prompts submitted via the Claude API are not stored by Anthropic for model training purposes. Prompts are processed and discarded.
  • AI Outputs. The outputs generated by the Claude API become Kreado products. These outputs may contain inaccuracies or errors inherent to AI-generated content.
  • No Customer Data Sent to AI. We do not transmit your personal information, account data, or usage data to Anthropic or any other AI provider.

4. Third-Party Services

We use the following third-party services that may collect or process data in connection with our services. Each service operates under its own privacy policy, which we encourage you to review:

  • Square, Inc. — Payment processing for all subscriptions and one-time purchases. Square is PCI-DSS Level 1 compliant. Square Privacy Policy
  • Firebase (Google) — Authentication, real-time database, and cloud storage for Session for Golf, Session for Baseball, Session for Tennis, and Session for Sports. Firebase Privacy
  • Supabase — Database and authentication for Session for Business and select CRM products. Supabase Privacy Policy
  • Sentry — Error monitoring and performance tracking across all applications. We configure Sentry to strip cookies before transmission. Sentry Privacy Policy
  • Google Fonts — Web fonts loaded from Google's CDN. Google may log your IP address when fonts are requested. Google Fonts Privacy
  • Resend — Transactional email delivery for account notifications, receipts, and service communications. Resend Privacy Policy
  • Anthropic — Claude API used for AI content generation in Kreado products. No customer personal data is sent to Anthropic. Anthropic Privacy Policy

We do not use Lemon Squeezy, Whop, Stripe, or any other payment processors. Square is our sole payment processor.

5. Cookies

We use minimal cookies necessary for service operation:

  • Essential/Session Cookies. Required for authentication, maintaining your login state, and security. These cookies are strictly necessary and cannot be disabled without breaking functionality.
  • Third-Party Service Cookies. Square, Firebase, and Sentry may set cookies as part of their services. Refer to their respective privacy policies (linked in Section 4) for details on their cookie practices.

We do not use:

  • Advertising or retargeting cookies.
  • Google Analytics, Facebook Pixel, or any third-party analytics tracking.
  • Cross-site tracking cookies.
  • Cookies for behavioral profiling or ad targeting.

6. Data Retention

  • Account Data. Retained for as long as your account is active. After account deletion or termination, personal data is removed within 30 days, except where retention is required by law.
  • Payment Records. Transaction records are retained for 7 years as required by IRS record-keeping requirements and applicable tax and financial regulations.
  • Error Logs (Sentry). Automatically purged after 90 days.
  • Usage Data. Aggregated and anonymized after 12 months. Anonymized data that cannot be used to identify you may be retained indefinitely for analytics and service improvement.
  • Email Communications. Transactional email records are retained for 12 months.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Right to Access. Request a copy of the personal data we hold about you.
  • Right to Correction. Request that we correct inaccurate or incomplete personal data.
  • Right to Deletion. Request that we delete your personal data (subject to legal retention requirements).
  • Right to Data Portability. Request an export of your data in a commonly used, machine-readable format.
  • Right to Opt Out. Opt out of non-essential data collection and communications.

To exercise any of these rights, email us at support@jkcreative.store. We will verify your identity and respond to your request within 30 days. If we need additional time, we will notify you of the extension and the reason. There is no fee for exercising your rights.

8. California Residents — CCPA/CPRA

If you are a California resident, you have additional rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act (Cal. Civ. Code § 1798.100 et seq.):

  • Right to Know. You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete. You have the right to request the deletion of your personal information, subject to certain exceptions (such as legal compliance, completing transactions, and security).
  • Right to Opt Out of Sale. You have the right to opt out of the "sale" or "sharing" of your personal information. JK Creative WA LLC does not sell or share personal information as defined under the CCPA/CPRA.
  • Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge you different prices, provide a different level of service, or suggest that you will receive different treatment for exercising your rights.
  • Right to Correct. You have the right to request correction of inaccurate personal information.
  • Right to Limit Use of Sensitive Personal Information. We do not collect sensitive personal information as defined by the CPRA beyond what is necessary to provide our services.

To submit a CCPA/CPRA request, email support@jkcreative.store with the subject line "CCPA Request." We will verify your identity before processing your request and respond within 45 days.

9. Washington State Residents

If you are a Washington State resident, the following protections apply:

  • Washington Privacy Act. JK Creative WA LLC complies with the Washington Privacy Act (if enacted and effective) regarding the collection, use, and disclosure of personal data of Washington residents. You may exercise rights to access, correct, delete, and obtain a copy of your personal data, and to opt out of the processing of personal data for targeted advertising, sale, or profiling.
  • My Health My Data Act (RCW 19.373). JK Creative WA LLC does not collect, use, or share consumer health data as defined under the Washington My Health My Data Act. Our services are not health-related, and we do not knowingly collect health data. If we become aware that health data has been inadvertently collected, we will promptly delete it.
  • Data Breach Notification (RCW 19.255.010). In the event of a breach of the security of your personal information, JK Creative WA LLC will notify affected Washington State residents no later than 30 days after the breach is discovered, as required by RCW 19.255.010. Notification will include the nature of the breach, the types of personal information involved, and steps you can take to protect yourself. We will also notify the Washington State Attorney General if the breach affects more than 500 Washington residents.

10. Children's Privacy

Our services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act ("COPPA," 15 U.S.C. §§ 6501-6506). If we become aware that we have inadvertently collected personal information from a child under 13, we will take prompt steps to delete such information from our records. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@jkcreative.store and we will delete the information.

11. CAN-SPAM Compliance

JK Creative WA LLC complies with the CAN-SPAM Act (15 U.S.C. § 7701 et seq.) for all electronic communications:

  • We send only transactional emails (receipts, account updates, service notifications, security alerts, and subscription-related communications) via our email service provider, Resend.
  • All emails accurately identify JK Creative WA LLC as the sender and include our contact information.
  • We do not use deceptive subject lines or misleading header information.
  • If we send promotional or marketing emails, they will include a clear and conspicuous unsubscribe mechanism. Opt-out requests are honored within 10 business days.
  • We do not sell, rent, or share email addresses with third parties for their marketing purposes.

12. Data Security

We implement industry-standard administrative, technical, and physical security measures to protect your personal information, including:

  • Encryption in Transit. All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.
  • Encryption at Rest. Databases are encrypted at rest using AES-256 encryption provided by our infrastructure providers (Firebase, Supabase).
  • PCI-DSS Compliance. All payment processing is handled by Square, which is PCI-DSS Level 1 certified. We never process, store, or transmit payment card data on our own servers.
  • Authentication Security. Passwords are hashed using industry-standard algorithms. We support and encourage strong, unique passwords.
  • Access Controls. Access to personal data is restricted to authorized personnel on a need-to-know basis.
  • Firebase Security Rules. Database access in Firebase-backed applications is governed by security rules that enforce authentication and authorization at the database level.
  • Infrastructure. Our applications are hosted on secured infrastructure with automated security updates and monitoring.

While we take reasonable measures to protect your information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

13. International Data

JK Creative WA LLC is based in Washington State, United States. Our services, servers, and data processing are located in the United States. If you access our services from outside the United States, your information will be transferred to, stored, and processed in the United States.

We do not currently offer EU-specific data transfer mechanisms (such as Standard Contractual Clauses or participation in EU-US Data Privacy Framework). If you are located in the European Economic Area, United Kingdom, or Switzerland, please be aware that your data will be processed in the United States, which may not provide the same level of data protection as your home jurisdiction. By using our services, you consent to the transfer of your data to the United States.

14. Do Not Track

JK Creative WA LLC honors Do Not Track ("DNT") browser signals. When we detect a DNT signal from your browser, we do not engage in cross-site tracking. Because we do not use advertising cookies, behavioral tracking, or third-party analytics, our default behavior is consistent with DNT preferences.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make changes:

  • We will update the "Last updated" date at the top of this page.
  • For material changes, we will provide notice via email to the address associated with your account or through a prominent notice on our website at least 14 days before the changes take effect.
  • Your continued use of our services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

We encourage you to review this Privacy Policy periodically.

16. Contact

For questions about this Privacy Policy, to exercise your data rights, or to submit a privacy-related complaint:

We will respond to all privacy inquiries within 30 days of receipt.