Last updated: 22 April 2026
Short version: Ostler runs on your Mac. Your imported knowledge graph – contacts, messages, calendar, notes, inferences – is stored encrypted on your device under a passphrase only you know. Creative Machines operates no server that receives or holds it. We cannot read it. The app does make some limited outbound calls (public data lookups, web search if you trigger it, model and software updates) which are described honestly in §5.
Creative Machines itself holds only: billing identifiers (if you subscribe), support email correspondence (if you write to us), and basic website analytics. That is the full list.
Most privacy policies are long because the company holds a lot of your data and has to explain what it does with all of it. Ours is shorter because we hold very little. It is not zero, though, and this document sets out honestly what we do, what we don’t, and where the edges are. This is the legally binding version; for the one-page summary, see Privacy at Ostler.
Creative Machines Limited is a company incorporated in Hong Kong SAR. We publish Ostler.
Data protection law (GDPR, UK GDPR, and equivalents) allocates responsibility between controllers (who decide the purposes and means of processing) and processors (who process data for a controller under a contract). Ostler’s architecture spreads these roles across three zones, and we think the most honest thing we can do is tell you where we sit in each.
When you install Ostler and import your contacts, calendar, messages, notes, browser history, and so on, that data sits in encrypted databases on your Mac. You decide what to import, what to retain, what to delete, and who to share derivatives with. We operate no server that receives your graph. We have no technical means to retrieve, decrypt, view, or export it. Because we do not process that data on your behalf, no GDPR Article 28 Data Processing Agreement is required for the local graph – there is nothing for us to process. (Note: the app does make narrow outbound calls unrelated to us that may contain names, described in §5; those are between you and the third-party service you have configured, not traffic to Creative Machines.)
Even though we cannot see your data, we do make decisions that shape how it is processed on your device: the categories of data the importers accept, the default retention behaviour, the inference schemas (for example, relationship-warmth signals and coaching observations), the choice of on-device model, and the logic that extracts facts from your imported files. Under CJEU case law (Fashion ID C-40/17, Wirtschaftsakademie C-210/16), an entity that determines means of processing can be a joint controller for that design layer even without access to the data itself. We accept that characterisation for the design layer and address it through this policy, through published architecture and security documentation, and through the choices we give you in-app to disable or reconfigure those features.
Responsibility allocation under GDPR Art. 26. Where the law treats this as a joint-controller relationship, we allocate responsibilities as follows: Creative Machines is responsible for the design of the importers, inference logic, and defaults, and for this transparency document. You, the user, are responsible for which sources are enabled, what is imported, how long data is retained, and how derivatives are shared. For data subjects wishing to exercise rights, Art. 26(3) allows the right to be exercised against either controller; our single point of contact for those requests is security@ostler.ai, from which we will route appropriately (to the user, where the request concerns data that only exists on their device, subject to the mechanisms in §3).
For the limited categories of data Creative Machines directly holds – billing identifiers, support correspondence, website analytics – we are the Data Controller. How that data is handled, retained, and protected is described in §4 and §8.
Ostler imports, processes, and stores personal data entirely on your Mac. The databases are Docker containers bound to 127.0.0.1. None of this data is transmitted to us. Nothing is imported on a fresh install – every source below is opt-in, per-source, with a separate consent prompt.
macOS Full Disk Access is a sensitive permission. Granting it lets any app read the files under the protected prefixes on your system, including mail, messages, notes, photos, and browser databases. Ostler never requests FDA at install, and requests it only if and when you enable a specific FDA-dependent feature. When you do, we request it through macOS’s own permission prompt, which you can revoke at any time in System Settings > Privacy & Security > Full Disk Access.
If you grant FDA, Ostler reads only the specific stores you have enabled in the source picker at install (or in Settings later). Each source can be turned on or off independently. The complete list of FDA-derived sources Ostler supports:
Bookmarks.plist. Treated as strong interest signals (you deliberately saved these pages)..mbox file in your Downloads / Desktop / Documents at install (or you point Ostler at one later), and you confirm the import, Ostler reads the Gmail messages directly from that file. Creative Machines never connects to Google’s API for this; the Takeout file is a static archive you downloaded yourself from takeout.google.com. Stored fields per message: From / To / Subject / Date / Gmail labels / a body preview (first 500 characters). The full body is parsed in memory but only the preview is persisted, so size on disk is bounded.FDA scope at the macOS level is broader than most app permissions because macOS itself does not offer finer granularity per-app. We compensate with software-level minimisation: per-source opt-in at install (and changeable any time in Settings), date-range limits on each extractor, locked-content exclusion, and per-record deletion in-app.
A note on Gmail and other webmail. If you have added Gmail (or any other IMAP/Exchange account) to Apple Mail on your Mac, Apple handles the OAuth or IMAP authentication with that provider, and the messages live in your local Mail store. When you enable Apple Mail in Ostler’s source picker, Ostler reads that local store. Creative Machines does not connect to Google or any webmail provider on your behalf, has no Google Cloud OAuth client, and is not a sub-processor of any webmail data. If you do not want Ostler to see Gmail messages, do not add Gmail to Apple Mail (or untick Apple Mail in the source picker).
Everything above is stored in local databases (Qdrant for vectors, Oxigraph for RDF graph data, Redis for cache) encrypted at rest with a passphrase that only you know. Without your passphrase, the data is unreadable – to you, to us, to anyone.
Your GDPR exports and contact databases contain personal data belonging to other people – your friends, colleagues, family, and so on – who have not consented to you processing their information in Ostler. This is a real legal question you should understand.
GDPR Article 2(2)(c) exempts processing “by a natural person in the course of a purely personal or household activity.” Using Ostler to maintain a personal address book, remember your relationships, and organise your own life may fall within this exemption. It is a narrow exemption, and whether it covers your specific use depends on what you do with the graph, who you share derivatives with, and whether the processing reaches beyond your own closed personal circle.
However, the exemption is lost if you use Ostler for:
If you use Ostler commercially or beyond purely personal purposes, you become the Data Controller under GDPR for the personal data in your knowledge graph. You are responsible for obtaining appropriate legal basis, responding to data subject rights requests, and meeting all other controller obligations. Creative Machines is not responsible for your compliance. Commercial use at scale may also require you to conduct a Data Protection Impact Assessment (GDPR Art. 35) before you start, because Ostler processes a broad set of personal data categories including profiling-style inferences.
The CJEU reads the household exemption narrowly (see Ryneš C-212/13 and Jehovan todistajat C-25/17). Processing that extends beyond a closed, personal circle, or that covers sensitive categories, or that could affect third parties in material ways, may fall outside the exemption even where the user is not running a business. Assume that if you would not write the information down in a personal address book, the exemption probably does not cover putting it in Ostler. Note also that Ostler’s outbound queries to Wikidata and optional web search (see §5) carry names outside your device, which is a factor when assessing whether processing is still “purely personal.”
A specific point on Mail, iMessage, and Photos imports: these sources inherently contain correspondence and imagery involving other people who did not consent to your importing that content into Ostler. Even inside the household exemption, you retain a fairness obligation toward those third parties under ordinary principles of civil law, and if you later share a derivative of that content (a summary, a wiki export, a screenshot) the household exemption may not travel with it. Use these imports with that in mind.
Ostler’s on-device model creates new personal data about people who appear in your imports: summaries, relationship-warmth scores, suggested actions, timeline entries, coaching observations. Under GDPR this inferred data is itself personal data about those third parties. Their rights (access, rectification, erasure, objection) attach to it.
Because this data only exists on your Mac, we cannot action those rights – we cannot see the data, cannot search it, and cannot export it. You, as the controller of your graph, are the party who can. If a third party contacts Creative Machines about inferences held about them in a Ostler instance, we will:
We also offer third-party-facing controls directly in the product. Any person whose data is in a Ostler graph can ask the user to (a) show all inferences the app has about them, (b) correct errors, (c) suppress inference generation for that individual, or (d) delete all records about them. Ostler exposes each of these as one-click actions. If you are a user: you are obliged to action reasonable requests of this kind. If you are a third party and cannot reach the user, contact privacy@ostler.ai and we will assist as far as the architecture permits.
What “delete” actually means in code. When the user actions a “forget this person” request, the named individual’s contact record, all inferences referring to them, and any cached embeddings derived from their data are removed from the local Qdrant, Oxigraph, and Redis stores in a single operation. There is no shadow log, no re-hydration cache, and no analytics export that would outlive that action. Re-importing data that mentions the same person will recreate inferences from scratch unless the user separately marks the person as suppressed.
This section describes every category of personal data Creative Machines itself holds. There are three:
If you subscribe to a paid tier, we use Stripe (or the Apple App Store if you subscribe through the App Store) to process payments. That provider holds your payment method, billing address, and transaction history under their own privacy terms. We receive only: a subscription identifier, the tier, and payment status. We do not see your card number. We retain billing records for 7 years from the end of the tax year to which they relate, in line with Hong Kong Inland Revenue Ordinance requirements and the longest applicable retention across the jurisdictions where we are taxed. Corporate records required by Hong Kong company law are kept for the statutory period of that law.
If you email us at support@ostler.ai or privacy@ostler.ai, we will see your email address, your name (if provided), and anything you choose to include in the message. We retain support emails for up to 2 years so we can answer follow-up questions, then delete them.
Legitimate interests balancing (Art. 6(1)(f)). Purpose: answer user questions, resolve repeat tickets, and track patterns that indicate product bugs. Necessity: without retention we cannot handle follow-up messages referencing earlier correspondence. Balancing: the data is minimal (email, name if given, message content chosen by the user), access is restricted to support staff on a need-to-know basis, storage is encrypted in transit and at rest, and the retention cap is two years. You can object to this processing at any time under Art. 21 by emailing privacy@ostler.ai; we will delete your support history on request unless we are required to retain a specific record by law (e.g. pending legal claim).
If you use the Send by Email button in Ostler Doctor, a pre-populated diagnostic report is prepared locally and opens in your mail client. Nothing is transmitted to us until you review it and click Send in your own mail client.
The Doctor report contains only:
The Doctor report does not contain:
The full report is shown in your mail client before you send it, so you can verify these boundaries in every instance.
The marketing website (creativemachines.ai/ostler and ostler.ai) uses Plausible Analytics, an EU-hosted, cookieless, privacy-respecting analytics service, to count visits and understand which pages are read. No identifying cookies are set. No profiles of visitors are built. IP addresses are not retained in a form linkable to individual visits.
We do not use Google Analytics, Facebook Pixel, or any ad-tech tracker. Doing so would send every visitor's reading habits to a third party – which is precisely the dynamic Ostler exists to give you an alternative to. We hold the marketing surface to the same standard we hold the product.
We will update this section within 14 days of any change of provider.
The marketing website does not set cookies or similar tracking technologies for analytics, advertising, or cross-site measurement. Where any functional cookies are used (for example, to remember a selected colour theme), they are strictly necessary, set only at your action, and carry no identifier that links across sessions or sites. We do not use third-party ad-tech, retargeting, or fingerprinting. No cookie banner is shown because no consent-requiring cookies are set; this is the intended outcome under the ePrivacy Directive and PECR, not an omission.
The Ostler app itself does not use cookies at all. It does not communicate with our servers; there is no session to maintain.
Ostler does make outbound network calls. It does not stream your knowledge graph anywhere, and it never uploads your imported files, messages, or inference outputs to us or to any third party. But the app is not air-gapped, and we want to be precise about what does go out.
Two features issue outbound queries whose content is derived from your graph. We want to be direct about this, because the names of people in your contacts are themselves personal data under GDPR Art. 4(1) (Breyer C-582/14).
In both cases, the query contains only what is required for the lookup, not your knowledge graph. Ostler does not push a feed of your contacts, messages, or inferences anywhere. If you disable enrichment and do not issue web searches, no graph-derived queries leave your device.
You can air-gap Ostler. With the machine offline, imports, inference, search over your graph, and all local features continue to work. You lose enrichment, web search, and updates, nothing else.
You have rights under GDPR, UK GDPR, CCPA, PDPO (Hong Kong), LGPD (Brazil), and similar frameworks. The table below shows what each right means for local data (which you control directly) and for the small amount of data we hold about you (billing, support emails).
| Right | Local data (yours) | Data we hold |
|---|---|---|
| Access / portability | Export from ~/.ostler/ at any time – full SQL, JSON, vCard, ICS |
Email privacy@ostler.ai – we respond within one month (GDPR Art. 12(3)) |
| Rectification | Edit locally in the app | Email us to correct billing or support records |
| Deletion / erasure | Run ostler-uninstall |
Email us – we delete within one month (subject to legal retention for tax records) |
| Restrict processing | Stop using the app or pause it | Cancel your subscription |
| Withdraw consent / object to processing | Disable any feature or import source at any time; run ostler-uninstall |
Object under Art. 21 to our legitimate-interests processing of support email by writing to privacy@ostler.ai; cancel subscription; unsubscribe from product email |
| Complain to regulator | You can complain to the supervisory authority in your country of residence or habitual workplace. Examples: UK ICO, Irish DPC, French CNIL, Hong Kong PCPD, California CPPA or Attorney General, Brazilian ANPD. If you are unsure which authority is appropriate, any of them will tell you. | |
Legal basis for the small amount of data we do hold: contract for billing (GDPR Article 6(1)(b)), legitimate interest for support correspondence (Article 6(1)(f)), legal obligation for tax records (Article 6(1)(c)).
Creative Machines is established in Hong Kong. We have not yet appointed an Article 27 representative in the EU or UK. We consider that an Article 27 representative is not currently required because we do not offer goods or services to EU/UK data subjects at a scale, nor do we monitor their behaviour, in a manner that triggers the Article 3(2) / UK GDPR extraterritorial test for the data we ourselves hold (billing, support, analytics). The local knowledge graph never reaches us and is not processed by Creative Machines, so it does not trigger the test either.
We recognise this analysis may shift as the product grows. We will appoint an Article 27 representative in the EU and in the UK within 90 days of Ostler acquiring a material EU or UK user base, and in any event before any feature launches that would cause Creative Machines to process EU/UK data subjects’ personal data on its own servers. When appointed, the representative’s contact details will be published in this section.
In the meantime, EU and UK residents can reach us at privacy@ostler.ai. This is a direct contact to Creative Machines, not a substitute for an Art. 27 representative.
CCPA / CPRA (California): we do not sell or share personal information. “Share” is used here in the CPRA-defined sense of cross-context behavioural advertising. The minimal data we hold (billing identifiers, support emails, aggregated website analytics) is not exchanged with third parties for monetary or other valuable consideration, and is not disclosed for cross-context behavioural advertising. California residents have the rights described above, the right to limit the use of sensitive personal information, and the right to non-discrimination for exercising any of them.
LGPD (Brazil): the rights above apply. For local data, you are the Controller and hold the rights against yourself. For data we hold, email privacy@ostler.ai.
PDPO (Hong Kong): we comply with the six Data Protection Principles. Because the data we hold is narrow, most principles are satisfied by design rather than by policy, but we want to be explicit about each:
Ostler is intended for use by adults only. You must be at least 18 years old to install and use Ostler. By installing, you confirm that you are 18 or older.
Ostler processes personal data belonging to other people – your contacts, conversation partners, and others whose information appears in your imports. Handling that data carries legal responsibilities that in our assessment require an adult user.
Age is enforced through self-declaration at install, acceptance of the Terms, and (for paid tiers) a payment method which typically requires the account holder to be 18 or older. We do not collect age data or identity documents. We have weighed this against the UK Age Appropriate Design Code (“Children’s Code”): the Code applies to services likely to be accessed by children. Because Ostler is a desktop installer distributed to adult-oriented channels, marketed at professionals managing their own relationships and careers, priced as a paid tool, and required to process the user’s own pre-existing adult datasets (GDPR exports, App Store payment history, contacts going back years), we assess that Ostler is not likely to be accessed by children in the Code’s sense. We consider mandatory identity verification to be a disproportionate additional processing of sensitive data given that assessment.
If we become aware that the App is being used by someone under 18, we will terminate the licence. If you are a parent or guardian and believe a minor has installed Ostler, contact privacy@ostler.ai; because data is stored locally, our direct ability to act is limited to revoking any subscription. Local data can be deleted by running ostler-uninstall or deleting the ~/.ostler/ directory and associated Docker volumes; instructions are linked from the email acknowledgement we send.
We will revisit this assessment if Ostler ships features (e.g. a mobile client, a social layer, or a network-delivered consumer tier) that change the risk profile. We treat the Children’s Code as a live document, not a one-off check-box.
Local databases are encrypted at rest with a passphrase derived using PBKDF2 (600,000 iterations) and stored using SQLCipher (AES-256). Without your passphrase, the data is unreadable to anyone, including us. You can rotate the passphrase at any time. There is a one-time recovery key generated at setup; we recommend storing it in macOS Keychain or a password manager, because if you lose both the passphrase and the recovery key your data is gone forever. That is intentional – it is the same reason we cannot read your data.
The three local databases (Qdrant, Oxigraph, Redis) run as Docker containers bound to 127.0.0.1 and are not exposed to the network. Ostler does not authenticate them because it doesn’t need to – they are only reachable from your own machine.
Data we do hold (billing via Stripe or Apple, support email correspondence) is protected by the normal security controls of those providers and of our email infrastructure. Support email is encrypted in transit (TLS) and at rest. Access is restricted to authorised personnel.
We welcome scrutiny from independent security researchers. If you identify a vulnerability in Ostler, please email security@ostler.ai with details; we aim to acknowledge within 72 hours and will work in good faith towards a coordinated disclosure. We are commissioning an independent security audit as part of our launch plans and will publish the resulting report, or a public summary of it, when the audit is complete. Our breach-notification commitments are at §10; our sub-processors are at §9.
This table lists every third party Creative Machines uses in operating Ostler, what data reaches them, and on what basis. It also lists parties you interact with directly when you use the app, which are suppliers to you rather than sub-processors of ours.
We distinguish between:
Our sub-processors cannot receive your knowledge graph because we do not hold it. The table below covers only the billing, support, and analytics data described in §4, plus the parties you interact with directly when you use the app. No sub-processor, present or future, can be given data Creative Machines does not have.
| Party | Role | Data received | Location |
|---|---|---|---|
| Stripe, Inc. | Sub-processor (payments, direct billing) | Name, email, payment method, billing address, transaction history – handled by Stripe under its own terms | USA (GDPR SCCs) |
| Apple Inc. | Sub-processor (App Store billing, if subscription purchased via the App Store); supplier to you for iCloud sync and macOS services | As required by the App Store for billing; iCloud sync data handled by Apple under its own terms | USA / Ireland |
| [TO BE CONFIRMED: email host, e.g. Fastmail or ProtonMail] | Sub-processor (support email infrastructure) | Support email content and metadata – encrypted in transit, at rest on the provider’s systems | [TO BE CONFIRMED at provider selection] |
| [TO BE CONFIRMED: analytics provider, e.g. Plausible, Fathom, or equivalent] | Sub-processor (website analytics) | Page-view counts, approximate geo (country only), referrer, device class. No cookies set. No cross-site tracking. IP not retained. | [TO BE CONFIRMED at provider selection] |
| [TO BE CONFIRMED: cloud / hosting provider] | Sub-processor (web and email hosting for creativemachines.ai / ostler.ai) | Web-request logs (including IP), bounce/queue handling for email | [TO BE CONFIRMED at provider selection] |
| Ollama, Hugging Face | Supplier to you (AI model distribution) | Your IP address, model name requested. They do not receive your graph. | USA |
| Docker, Homebrew | Supplier to you (software distribution) | Your IP address, package versions requested | USA |
| Wikimedia Foundation (Wikidata / Wikipedia) | Supplier to you (public data enrichment) | Your IP address, query terms (which may include third-party names from your graph – see §5) | USA |
| Your web search provider | Supplier to you (triggered only when you request a web search) | Your IP address, search query content | Per provider |
| GDPR export providers (LinkedIn, Meta, Google, Apple, etc.) | Source data providers to you | When you request your export, it travels directly from them to you – Ostler does not broker this | Per provider |
We review this list at each policy update. When we add a sub-processor that receives personal data about users we already have, we will notify existing users at least 30 days before the new sub-processor begins processing, giving you a chance to object or terminate. Material additions will also be flagged in the app.
Items marked [TO BE CONFIRMED] will be replaced with specific provider names in the public launch version of this policy. We are naming the placeholders here rather than leaving them silent because regulatory guidance (ICO, EDPB) favours disclosure of categories of recipients even where the specific entity is yet to be selected.
The data Creative Machines directly holds is narrow (billing identifiers, support correspondence, website analytics) but we still plan for the possibility of unauthorised access.
GDPR Art. 22 gives data subjects the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significant effects on them.
Ostler does not make such decisions. The app generates inferences (summaries, relationship-warmth scores, suggested actions, coaching observations) and surfaces them to you. You decide what, if anything, to do with them. We do not make any decision about you or about a third party in your graph; the user is always in the loop, and decisions about third parties are the user’s own under the household/controller analysis in §3.
For Creative Machines itself: we do not apply automated decision-making to billing, support, or any other interaction. We do not score users, rank them, or exclude them from services algorithmically.
If you ever believe an output of Ostler is being treated as a decision with legal or similarly significant effect (for example, because a third party is relying on a Ostler inference to make a decision about you), contact privacy@ostler.ai. You have the right to contest the inference, to request an explanation of how it was produced, and to ask us to suppress that inference in future.
An honest note on rectifying AI inferences. If you ask Ostler to correct an inference (for example, “the timeline says I worked at Company X from 2018 to 2020, that is wrong”), the inference can be removed or replaced in the local graph immediately. We cannot retrain the on-device language model to “unknow” the source fact that produced the inference, but we can ensure that fact is no longer surfaced as an inference. The same applies to inferences about third parties.
Article 25 requires controllers to implement appropriate technical and organisational measures designed to embed data protection principles into processing, and to ensure that by default only personal data necessary for each specific purpose is processed.
By default. A fresh install of Ostler imports nothing. Every data source – contacts, calendar, messages, browser history, mail – is opt-in and disabled until you explicitly enable it. Enrichment (outbound queries to Wikidata) is off by default. Web search is triggered only when you ask. Conversation capture is off by default. Telemetry of any kind is not present.
Technical measures. Local databases encrypted at rest (PBKDF2 600,000 iterations, SQLCipher AES-256), bound to 127.0.0.1 with no external listener, key material held only by the user, backed by an optional recovery key held only by the user. No Creative Machines server receives user graph data. See the Security architecture page for the full threat model.
Organisational measures. Architecture-first design where privacy is enforced by the codebase not by policy. Published security documentation. Planned independent audit (see §8). Hard-coded engineering rules against: telemetry, crash-reporters that include user data, analytics of user behaviour, any server that receives graph data. Regular review of this policy and of the sub-processor list.
Creative Machines is incorporated in Hong Kong SAR. Hong Kong has not been granted an EU adequacy decision under GDPR Art. 45, and is not recognised as an adequate jurisdiction under the UK adequacy framework. Transfers of personal data to Creative Machines from the EU or UK therefore require a specific transfer mechanism. For the limited categories of data that reach us from the EU or UK, the transfer bases are as follows:
We will review these transfer bases each time the Art. 27 representative analysis in §6 is revisited, and will implement SCCs directly with EU users if the product evolves to require them.
Creative Machines is incorporated in Hong Kong. We are subject to Hong Kong law, including the Personal Data (Privacy) Ordinance (PDPO) and any applicable court orders. We understand that our incorporation raises questions for some users; we try to answer them honestly here rather than leave them unaddressed.
What government requests could reach us. Only the data we hold: billing identifiers, support email correspondence, basic website analytics. We do not hold your knowledge graph, your messages, your contacts, your calendar, or any data you have imported into Ostler. No request – from any government – can compel us to produce data we do not possess and cannot access.
Our commitments.
What Hong Kong law specifically does and does not authorise. Under the PDPO and applicable criminal-procedure law, Creative Machines is required to assist law enforcement on production of a court order or warrant, and only in respect of data we actually hold. We are not subject to US National Security Letters, FISA orders, or similar non-judicial production orders that bind US-incorporated companies. We are not subject to the EU Law Enforcement Directive or to UK Investigatory Powers Act technical-capability notices that bind UK telecoms. The Hong Kong National Security Law’s production powers under Article 43 require a magistrate’s warrant; we will require sight of that warrant before any production. We will publicly disclose any change in this analysis in the next policy update.
Architectural defence. The strongest protection against compelled disclosure is not policy but architecture. Ostler is designed so that we cannot produce your knowledge graph even if compelled, because we do not have it and cannot decrypt it. This is a deliberate design choice for exactly this reason.
We may update this policy occasionally to reflect changes in the product, the law, or the jurisdictions where we operate. Material changes will be announced in the app and on the website at least 30 days before they take effect. The “Last updated” date at the top of this page reflects the current version.
We keep prior versions of this policy accessible for at least 24 months, so you can verify what the policy said when you installed Ostler or when any particular event occurred. Archived versions are linked from this section in the live policy.
Questions about this policy, or requests to exercise any of the rights described above:
Creative Machines Limited
Incorporated in Hong Kong SAR
Registered office: [TO BE CONFIRMED: registered office address, Hong Kong]
Privacy enquiries: privacy@ostler.ai
Security disclosures: security@ostler.ai
General enquiries: hello@ostler.ai
Support: support@ostler.ai
Data Protection Officer. Creative Machines has not appointed a formal Data Protection Officer. Our processing does not meet the Article 37 GDPR thresholds (we are not a public authority, we do not carry out large-scale systematic monitoring, and we do not process special categories at scale on our own servers). Privacy matters at Creative Machines are handled by a named accountable person within the company whose contact address is privacy@ostler.ai. We will reassess DPO appointment if our processing changes in a way that crosses the Art. 37 thresholds.