Legal & Compliance
Privacy Policy, Terms of Service, Cookie Policy, Disclaimer and Compliance overview — covering how we handle data, deliverables, and accountability across EU regulation.
01 · Privacy Policy
Privacy Policy
1. Who we are
CRAVE STUDIO Ltd (the "Company", "we", "us") is a B2B performance marketing agency. Contact: marketing@crave-studio.art
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have under the EU General Data Protection Regulation (GDPR) and applicable local law.
2. What data we collect
We collect the following categories of personal data:
3. Legal basis for processing (GDPR Art. 6)
5. Sharing with third parties
We share personal data only with processors strictly necessary for service delivery, under written Data Processing Agreements (Art. 28 GDPR). Categories include:
6. International transfers
Where data is transferred outside the European Economic Area, we rely on Standard Contractual Clauses (2021/914) and assess any supplementary measures required under Schrems II.
7. Retention
You have the right to: access your data, rectify inaccurate data, erase data ("right to be forgotten"), restrict processing, object to processing based on legitimate interest, receive a portable copy of your data, and lodge a complaint with a supervisory authority.
To exercise any of these rights, write to marketing@crave-studio.art. We respond within 30 days.
You may also complain to the relevant supervisory authority — in Cyprus, the Office of the Commissioner for Personal Data Protection (dataprotection.gov.cy).
9. Data Processors and Sub-processors
We use Tilda Publishing as a sub-processor for hosting our website, processing form submissions, and storing visitor data.
10. Security
We apply appropriate technical and organisational measures, including encryption in transit (HTTPS), access controls and regular review of vendor security posture.
11. Changes to this Policy
We may update this Policy from time to time. Material changes are announced on this page with a new effective date.
Privacy Policy
1. Who we are
CRAVE STUDIO Ltd (the "Company", "we", "us") is a B2B performance marketing agency. Contact: marketing@crave-studio.art
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have under the EU General Data Protection Regulation (GDPR) and applicable local law.
2. What data we collect
We collect the following categories of personal data:
- Contact data you submit via forms or email — name, business email, company name, role, the content of your message.
- Technical data automatically processed by our server — IP address, browser type, language, timestamp of access, pages viewed, referrer URL.
- Cookie-based preference data — your age-acknowledgement and cookie consent choices (stored locally; no tracking identifiers).
- Commercial data generated through engagement — contracts, briefs, deliverables, invoices, performance metrics tied to your account.
3. Legal basis for processing (GDPR Art. 6)
- Contract performance (Art. 6(1)(b)) — to deliver services, manage invoices and contracts.
- Legitimate interest (Art. 6(1)(f)) — to respond to inquiries, maintain site security, prevent fraud, defend legal claims.
- Consent (Art. 6(1)(a)) — for any non-essential cookies, marketing communications you opt into.
- Legal obligation (Art. 6(1)(c)) — to comply with tax, accounting, anti-money-laundering and other statutory requirements.
- To respond to inquiries and provide quotes.
- To deliver agreed services, including creative production and performance reporting.
- To send transactional communications (project updates, invoices).
- To improve site security and detect abuse.
- To comply with statutory record-keeping obligations.
5. Sharing with third parties
We share personal data only with processors strictly necessary for service delivery, under written Data Processing Agreements (Art. 28 GDPR). Categories include:
- Email and communications providers.
- Hosting and infrastructure providers.
- Font delivery (Bunny.net — privacy-friendly, no tracking).
- Accounting and contract management tools.
6. International transfers
Where data is transferred outside the European Economic Area, we rely on Standard Contractual Clauses (2021/914) and assess any supplementary measures required under Schrems II.
7. Retention
- Inquiry data: up to 12 months from last contact.
- Commercial / contract data: 7 years after the end of the engagement (statutory accounting retention).
- Server logs: 30 days.
- Cookies: see Cookie Policy below.
You have the right to: access your data, rectify inaccurate data, erase data ("right to be forgotten"), restrict processing, object to processing based on legitimate interest, receive a portable copy of your data, and lodge a complaint with a supervisory authority.
To exercise any of these rights, write to marketing@crave-studio.art. We respond within 30 days.
You may also complain to the relevant supervisory authority — in Cyprus, the Office of the Commissioner for Personal Data Protection (dataprotection.gov.cy).
9. Data Processors and Sub-processors
We use Tilda Publishing as a sub-processor for hosting our website, processing form submissions, and storing visitor data.
- Sub-processor: Tilda Publishing Inc.
- Service provided: website hosting, form data collection and forwarding, basic analytics
- Categories of processed data: form submission contents (name, email, phone, message text), IP address, browser metadata (user agent, language, referrer), cookies set by the website
- Location of processing: servers in the EU/Russia (per Tilda Publishing's infrastructure)
- Data Processing Agreement: Tilda's terms include a DPA compliant with GDPR Art. 28 — available at tilda.cc/legal/dpa/
- Tilda's Privacy Policy: tilda.cc/privacy/
10. Security
We apply appropriate technical and organisational measures, including encryption in transit (HTTPS), access controls and regular review of vendor security posture.
11. Changes to this Policy
We may update this Policy from time to time. Material changes are announced on this page with a new effective date.
02 · Terms of Service
Terms of Service
1. Acceptance
By engaging CRAVE STUDIO Ltd ("we", "us") for services, you ("Client") agree to these Terms together with any Statement of Work signed between the parties. In case of conflict, the Statement of Work prevails.
2. Services
We provide creative production, paid media, SEO and related performance marketing services for legally operating businesses in the 18+ industry. Specific scope, deliverables, timelines and fees are defined in the applicable Statement of Work.
No guarantee of outcomes. Performance metrics depend on offer, geo, traffic source, platform policy and other factors outside our control. We commit to a defined process and quality standard, not to specific commercial results.
3. Client warranties
The Client represents and warrants that:
4. Our deliverables and IP
Upon full payment, we assign to the Client the rights necessary to use the final approved deliverables for the agreed purpose. We retain the right to use anonymised, aggregated case data and non-proprietary process artefacts (workflows, prompt templates, internal benchmarks) for internal R&D and marketing of our own services.
AI-generated assets. Where deliverables include AI-generated content, such content is labelled per EU AI Act transparency obligations and is supplied with documentation of the model used. AI personas are synthetic; we do not generate the likeness of identifiable real persons.
5. Fees and payment
Fees, currency, milestones and payment terms are set out in the Statement of Work. Default terms: 50% on signature, 50% on delivery, net 7 days. Late payment may attract statutory interest.
6. Confidentiality
Each party will protect the other's confidential information with the same care it applies to its own, and will not disclose it except to personnel or advisors bound by equivalent confidentiality obligations, or as required by law.
7. Limitation of liability
To the maximum extent permitted by applicable law, our aggregate liability for any claim arising under or in connection with these Terms is capped at the fees paid by the Client in the 12 months preceding the event giving rise to the claim. We are not liable for indirect, consequential, special or punitive damages, or for loss of profit, revenue, goodwill, data, or business opportunity.
Nothing in these Terms excludes liability that cannot be excluded by law (e.g. gross negligence, wilful misconduct, fraud).
8. Termination
Either party may terminate for material breach not remedied within 14 days of written notice. We may suspend or terminate services if the Client breaches its compliance warranties, falls behind on payment, or instructs us to produce content that we believe violates applicable law or platform policy.
9. Governing law & disputes
These Terms are governed by the laws of [Governing law jurisdiction]. Any dispute will be subject to the exclusive jurisdiction of the courts of [Forum], unless the parties agree in writing to arbitration.
10. Miscellaneous
If any provision is held invalid, the remaining provisions remain in force. These Terms together with the applicable Statement of Work form the entire agreement and supersede prior discussions. Notices must be given in writing to the address or email on file.
Terms of Service
1. Acceptance
By engaging CRAVE STUDIO Ltd ("we", "us") for services, you ("Client") agree to these Terms together with any Statement of Work signed between the parties. In case of conflict, the Statement of Work prevails.
2. Services
We provide creative production, paid media, SEO and related performance marketing services for legally operating businesses in the 18+ industry. Specific scope, deliverables, timelines and fees are defined in the applicable Statement of Work.
No guarantee of outcomes. Performance metrics depend on offer, geo, traffic source, platform policy and other factors outside our control. We commit to a defined process and quality standard, not to specific commercial results.
3. Client warranties
The Client represents and warrants that:
- The Client operates lawfully under the laws of every jurisdiction in which it does business.
- All models, performers and individuals depicted in materials supplied by the Client are 18 years or older and have provided valid consent (model release / 2257 documentation where applicable in the US).
- The Client holds all rights, licences and permissions needed for the assets and brand it provides.
- The Client will comply with platform policies and applicable advertising law in the markets where deliverables are deployed.
4. Our deliverables and IP
Upon full payment, we assign to the Client the rights necessary to use the final approved deliverables for the agreed purpose. We retain the right to use anonymised, aggregated case data and non-proprietary process artefacts (workflows, prompt templates, internal benchmarks) for internal R&D and marketing of our own services.
AI-generated assets. Where deliverables include AI-generated content, such content is labelled per EU AI Act transparency obligations and is supplied with documentation of the model used. AI personas are synthetic; we do not generate the likeness of identifiable real persons.
5. Fees and payment
Fees, currency, milestones and payment terms are set out in the Statement of Work. Default terms: 50% on signature, 50% on delivery, net 7 days. Late payment may attract statutory interest.
6. Confidentiality
Each party will protect the other's confidential information with the same care it applies to its own, and will not disclose it except to personnel or advisors bound by equivalent confidentiality obligations, or as required by law.
7. Limitation of liability
To the maximum extent permitted by applicable law, our aggregate liability for any claim arising under or in connection with these Terms is capped at the fees paid by the Client in the 12 months preceding the event giving rise to the claim. We are not liable for indirect, consequential, special or punitive damages, or for loss of profit, revenue, goodwill, data, or business opportunity.
Nothing in these Terms excludes liability that cannot be excluded by law (e.g. gross negligence, wilful misconduct, fraud).
8. Termination
Either party may terminate for material breach not remedied within 14 days of written notice. We may suspend or terminate services if the Client breaches its compliance warranties, falls behind on payment, or instructs us to produce content that we believe violates applicable law or platform policy.
9. Governing law & disputes
These Terms are governed by the laws of [Governing law jurisdiction]. Any dispute will be subject to the exclusive jurisdiction of the courts of [Forum], unless the parties agree in writing to arbitration.
10. Miscellaneous
If any provision is held invalid, the remaining provisions remain in force. These Terms together with the applicable Statement of Work form the entire agreement and supersede prior discussions. Notices must be given in writing to the address or email on file.
03 · Cookie Policy
Cookie Policy
This site uses a minimal set of essential first-party cookies. We do not currently load analytics, marketing, advertising or third-party tracking cookies.
1. Essential cookies (no consent required)
2. Third-party resources
We load the Inter font via Bunny Fonts (fonts.bunny.net), a privacy-friendly font CDN that does not track users or set cookies. No data is shared with Google Fonts or other tracking providers.
3. Cookies we do not set
This site does not currently include: Google Analytics, Meta Pixel, advertising trackers, A/B testing tools, or any third-party identifiers. If we introduce such tools in the future, we will update this page and request prior consent through the cookie banner.
4. Managing cookies
You can clear cookies and localStorage at any time through your browser settings. Doing so will re-trigger the age gate and the cookie banner on next visit.
5. Legal basis
Essential cookies are processed under the strictly-necessary exception of the ePrivacy Directive (Art. 5(3)) and GDPR Art. 6(1)(f) (legitimate interest in providing the requested service).
Cookie Policy
This site uses a minimal set of essential first-party cookies. We do not currently load analytics, marketing, advertising or third-party tracking cookies.
1. Essential cookies (no consent required)
- agency_gate — stores your 18+ acknowledgement. Lifetime: 30 days. Purpose: not to repeat the age confirmation on every visit.
- agency_cookies — stores your cookie choice. Lifetime: 365 days. Purpose: not to repeat the cookie banner on every visit.
- age_verified — Confirms visitor's age (21+) to comply with age-restricted content rules. Set after the visitor confirms their age on the age gate. Lifetime: 30 days. Category: Strictly Necessary.
2. Third-party resources
We load the Inter font via Bunny Fonts (fonts.bunny.net), a privacy-friendly font CDN that does not track users or set cookies. No data is shared with Google Fonts or other tracking providers.
3. Cookies we do not set
This site does not currently include: Google Analytics, Meta Pixel, advertising trackers, A/B testing tools, or any third-party identifiers. If we introduce such tools in the future, we will update this page and request prior consent through the cookie banner.
4. Managing cookies
You can clear cookies and localStorage at any time through your browser settings. Doing so will re-trigger the age gate and the cookie banner on next visit.
5. Legal basis
Essential cookies are processed under the strictly-necessary exception of the ePrivacy Directive (Art. 5(3)) and GDPR Art. 6(1)(f) (legitimate interest in providing the requested service).
04 · Disclaimer
Disclaimer
1. Audience & purpose
This site is a corporate website of CRAVE STUDIO Ltd, a B2B service provider. It is intended solely for business decision-makers aged 18 or older who operate or represent lawful businesses in the adult-adjacent marketing industry. It is not a content platform and does not host or distribute adult content.
2. No advice
Information on this site is provided for general informational purposes. It does not constitute legal, tax, regulatory, financial or compliance advice. Always consult qualified professionals before acting on information presented here.
3. Performance & results
All metrics, case studies and outcomes presented on this site are case-specific, verified with the relevant client at handover, and influenced by factors including offer quality, geo, traffic source, platform policy, market timing and macroeconomic conditions. Past performance does not guarantee future results.
4. AI-generated content
Imagery and certain creative samples shown on this site may be AI-generated. Such assets are labelled accordingly in line with the EU AI Act transparency obligations (effective August 2025). AI personas displayed are synthetic, with no real-person likeness; no identifiable individuals were modelled or replicated without rights clearance.
5. Affiliations & third-party marks
Ad-network names and platform names referenced on this site (e.g. Meta, Google, TikTok, ExoClick, TrafficJunky, JuicyAds, TrafficStars, Adsterra, Runway, Kling, Luma, Pika, MiniMax/Hailuo, Stable Video Diffusion) are trademarks of their respective owners and are used for descriptive purposes only. We are not affiliated with, endorsed by, or representatives of any of these companies unless explicitly stated.
6. External links
We are not responsible for the content, accuracy or privacy practices of external sites linked from this website.
7. Service eligibility
We provide services only to legally operating businesses. We do not work with content involving minors, non-consenting subjects, or otherwise unlawful material. We reserve the right to decline or terminate any engagement at our sole discretion.
Disclaimer
1. Audience & purpose
This site is a corporate website of CRAVE STUDIO Ltd, a B2B service provider. It is intended solely for business decision-makers aged 18 or older who operate or represent lawful businesses in the adult-adjacent marketing industry. It is not a content platform and does not host or distribute adult content.
2. No advice
Information on this site is provided for general informational purposes. It does not constitute legal, tax, regulatory, financial or compliance advice. Always consult qualified professionals before acting on information presented here.
3. Performance & results
All metrics, case studies and outcomes presented on this site are case-specific, verified with the relevant client at handover, and influenced by factors including offer quality, geo, traffic source, platform policy, market timing and macroeconomic conditions. Past performance does not guarantee future results.
4. AI-generated content
Imagery and certain creative samples shown on this site may be AI-generated. Such assets are labelled accordingly in line with the EU AI Act transparency obligations (effective August 2025). AI personas displayed are synthetic, with no real-person likeness; no identifiable individuals were modelled or replicated without rights clearance.
5. Affiliations & third-party marks
Ad-network names and platform names referenced on this site (e.g. Meta, Google, TikTok, ExoClick, TrafficJunky, JuicyAds, TrafficStars, Adsterra, Runway, Kling, Luma, Pika, MiniMax/Hailuo, Stable Video Diffusion) are trademarks of their respective owners and are used for descriptive purposes only. We are not affiliated with, endorsed by, or representatives of any of these companies unless explicitly stated.
6. External links
We are not responsible for the content, accuracy or privacy practices of external sites linked from this website.
7. Service eligibility
We provide services only to legally operating businesses. We do not work with content involving minors, non-consenting subjects, or otherwise unlawful material. We reserve the right to decline or terminate any engagement at our sole discretion.
05 · Compliance overview
Compliance Overview
This is a single-page summary of the regulatory framework we operate under and how it is reflected in our deliverables.
Three-tier creative output
Every concept is shipped in up to three policy tiers:
All AI-generated assets are labelled as such. AI personas are synthetic with no real-person likeness. Model provenance is documented and supplied to the client. We do not produce deepfakes of identifiable individuals.
GDPR (Regulation 2016/679)
Client and lead data is processed under documented legal bases and retention rules — see the Privacy Policy above. We sign Data Processing Agreements with every sub-processor.
DSA (Regulation 2022/2065)
This site is a corporate B2B website and not an intermediary service in the meaning of the DSA. However, we align our publication practices (transparency, contact information, AI disclosure) with DSA expectations as a matter of industry hygiene.
UCPD (Directive 2005/29/EC)
All quantitative claims on this site are case-specific and internally documented. We do not publish unverifiable or misleading performance guarantees. Service-level commitments are set out in the applicable Statement of Work.
Cyprus Electronic Commerce Law (N.156(I)/2004)
Company name, registered address and contact email are published in the footer of every page in line with EU e-commerce transparency obligations.
What we don't do
Compliance Overview
This is a single-page summary of the regulatory framework we operate under and how it is reflected in our deliverables.
Three-tier creative output
Every concept is shipped in up to three policy tiers:
- Website-safe (SFW) — fully dressed, suggestive only via composition. Suitable for public materials and platforms that prohibit adult imagery (Google Ads, mainstream B2B).
- Mainstream-safe (soft) — implied / lingerie-tier glamour acceptable on Meta, Google (soft), TikTok and mainstream dating apps in supported geos.
- Network-native — explicit-tolerant builds for adult ad-networks (ExoClick, TrafficJunky, JuicyAds, TrafficStars, Adsterra) under their stated policies.
All AI-generated assets are labelled as such. AI personas are synthetic with no real-person likeness. Model provenance is documented and supplied to the client. We do not produce deepfakes of identifiable individuals.
GDPR (Regulation 2016/679)
Client and lead data is processed under documented legal bases and retention rules — see the Privacy Policy above. We sign Data Processing Agreements with every sub-processor.
DSA (Regulation 2022/2065)
This site is a corporate B2B website and not an intermediary service in the meaning of the DSA. However, we align our publication practices (transparency, contact information, AI disclosure) with DSA expectations as a matter of industry hygiene.
UCPD (Directive 2005/29/EC)
All quantitative claims on this site are case-specific and internally documented. We do not publish unverifiable or misleading performance guarantees. Service-level commitments are set out in the applicable Statement of Work.
Cyprus Electronic Commerce Law (N.156(I)/2004)
Company name, registered address and contact email are published in the footer of every page in line with EU e-commerce transparency obligations.
What we don't do
- No CSAM, no content involving minors, no non-consenting subjects.
- No real-person deepfakes without explicit rights clearance.
- No misleading claims, fake testimonials, or fabricated case results.
- No services to clients we cannot verify as legally operating.
Still have questions?
Get a free 20-minute consultation. We'll tell you & show you.