Privacy Policy

How Through The Glass Creatives Global collects, uses, and protects your information.

Version2.0
Effective dateJanuary 10, 2026
Document IDPP-TTGC-2.0
SHA-256 hashpending — generated at publish
Last updatedJanuary 10, 2026
Download PDF
1. IntroductionThrough The Glass Creatives Global – FZCO (“TTGC”, “we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, share, and protect personal data when you visit ttgcreatives.com (the “Site”), engage our creative services, subscribe to any of our plans, or otherwise interact with us.
By using the Site or our services, you confirm that you have read and understood this Privacy Policy. If you do not agree, please do not use the Site or our services.
Controller details
Legal name: Through The Glass Creatives Global – FZCO
Trade license: 67626 (Dubai Integrated Economic Zones Authority)
Registered office: Building A1, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates
Data Protection Officer: legal@ttgcreatives.com (see §12)
2. Scope and Applicable LawsThis Privacy Policy is designed to comply with, and is interpreted consistently with:
UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the “PDPL”);
the EU General Data Protection Regulation (GDPR) and the UK GDPR, where you are located in or interacting with us from the EEA or United Kingdom;
the Philippines Data Privacy Act of 2012 (Republic Act 10173), where you are located in the Philippines; and
other applicable privacy laws where we do business.
Where there is a conflict, the stricter protection applies to the corresponding data subject.
3. What Data We Collect3.1 Data you provide to us directlyIdentity and contact data: name, email address, mailing address, phone number, job title, company name, country of residence or incorporation.
Account data: username, password (stored hashed), authentication tokens, account preferences.
Project and intake data: briefs, brand assets, content, files, logos, and any other material you share with us to perform the services.
Payment data: payment method, billing address, and transaction records. Full card numbers are processed by our PCI-DSS–compliant payment processors (Stripe and other regulated providers) and are not stored on our servers.
Contractual acceptance data: the information captured at acceptance of our Master Services Agreement or Subscription Terms (company name, signatory name and title, verified email, IP address, user agent, timestamp, SHA-256 hash of the accepted document version, and the state of each acknowledgment checkbox).
Correspondence: emails, chat messages, support tickets, and notes from calls or meetings.
3.2 Data we collect automaticallyTechnical data: IP address, browser type and version, device type, operating system, approximate location derived from IP, referring URLs, pages visited, session duration.
Cookie and similar technology data: see §10 (Cookies).
Analytics data: aggregated usage patterns via privacy-respecting analytics tools.
3.3 Data we receive from third partiesPayment confirmations from Stripe and other processors.
Authentication data where you log in using a third-party identity provider.
Public professional information from platforms such as LinkedIn, only when you have voluntarily made it public.
3.4 Special category dataWe do not seek or intentionally collect special category data (health, religion, political views, etc.). If such data is present in project material you provide, you authorize its processing solely to perform the services.
4. How We Use Your DataWe process your personal data only for specified, explicit, and legitimate purposes, including:
PurposeLegal basis (GDPR) / Legitimate basis (PDPL)
Providing the services you requested, including delivering creative work and supporting your subscriptionContract performance
Processing payments, issuing invoices, recovering debts, handling chargebacksContract performance; legal obligation
Sending operational communications (delivery notifications, approval requests, project updates)Contract performance
Sending marketing communicationsConsent (opt-in) — you can unsubscribe at any time
Complying with legal, tax, regulatory, or accounting obligationsLegal obligation
Protecting our rights, preventing fraud, enforcing our agreementsLegitimate interests
Improving the Site, our services, and client experienceLegitimate interests
Defending against legal claims and participating in arbitration or litigationLegitimate interests; legal obligation
5. Who We Share Your Data WithWe do not sell, rent, or trade your personal data. We share personal data only with:
Processors and service providers acting on our documented instructions, including payment processors (Stripe), transactional email providers (Postmark, SendGrid), cloud hosting and storage providers (AWS, Cloudflare, Google Cloud, Dropbox, Google Drive), customer support and CRM platforms, analytics providers, and project management tools.
Subcontractors and Design Agents engaged to deliver the services, each bound by written confidentiality and data-processing obligations.
Professional advisers (lawyers, accountants, auditors) under obligations of confidentiality.
Authorities and regulators where disclosure is required by law, a valid legal process, or to respond to a lawful request.
Successor entities in the event of merger, acquisition, or sale of all or part of our business.
A current list of key sub-processors is maintained and made available on request.
6. International Data TransfersWe are headquartered in the United Arab Emirates. When we transfer personal data out of your jurisdiction, we rely on:
UAE PDPL: transfers consistent with Article 22 of the PDPL, including through adequacy decisions or appropriate safeguards.
GDPR / UK GDPR: Standard Contractual Clauses (SCCs) adopted by the European Commission and the UK ICO, or other recognized transfer mechanisms.
Philippines DPA: appropriate safeguards consistent with NPC guidance.
Copies of the transfer mechanisms we rely on are available on request at legal@ttgcreatives.com.
7. How Long We Keep Your DataWe retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:
Account and project data: for the duration of your engagement plus seven (7) years thereafter, to meet UAE commercial record-keeping and tax requirements;
Contractual acceptance records: indefinitely, as evidence of your acceptance of our agreements;
Payment and invoicing data: seven (7) years after the transaction, in accordance with UAE VAT and corporate-tax requirements;
Marketing data: until you unsubscribe, plus a reasonable suppression period thereafter to honor your opt-out;
Correspondence and support tickets: up to three (3) years from closure, for quality assurance and dispute handling.
When retention periods expire, we delete, anonymize, or aggregate the data.
8. How We Protect Your DataWe apply administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, alteration, disclosure, loss, or destruction. Measures include:
encryption in transit (TLS 1.2 or higher) and at rest where appropriate;
access controls and role-based permissions;
logging and monitoring of access to sensitive data;
written confidentiality and data-processing agreements with all employees, Design Agents, and sub-processors;
secure development practices and regular review of our security posture.
No security measure is perfect. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify you and the competent supervisory authority within the timelines required by applicable law.
9. Your RightsDepending on your jurisdiction, you may have the right to:
access the personal data we hold about you;
rectify inaccurate or incomplete data;
erase your data (“right to be forgotten”), subject to legal retention requirements;
restrict or object to certain processing;
data portability — receive a copy of your data in a commonly used, machine-readable format;
withdraw consent where processing is based on consent;
lodge a complaint with your local supervisory authority, including the UAE Data Office, the European Data Protection Board member authorities, the UK Information Commissioner's Office (ICO), or the Philippines National Privacy Commission.
To exercise these rights, email legal@ttgcreatives.com. We will respond within thirty (30) days or as required by applicable law. We may need to verify your identity before processing your request.
10. Cookies and Similar TechnologiesWe use cookies and similar technologies to operate the Site, remember your preferences, analyze usage, and deliver relevant content.
Categories of cookies we use:
Strictly necessary — required for the Site to function (session management, security);
Functional — remember preferences and improve user experience;
Analytics — help us understand how visitors use the Site;
Marketing — used with your consent to personalize content and measure the effectiveness of marketing efforts.
Where required, we present a cookie banner on first visit to allow you to accept, reject, or customize non-essential cookies. You can change your preferences at any time via the cookie settings link in the Site footer. Most browsers also let you block or delete cookies through their settings.
11. Children's PrivacyThe Site and our services are not directed to children under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact legal@ttgcreatives.com and we will delete it promptly.
12. Data Protection Officer and ContactData Protection Officer (DPO): legal@ttgcreatives.com
General privacy queries: support@ttgcreatives.com
Postal address: Through The Glass Creatives Global – FZCO, Attention: DPO, Building A1, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates.
13. Data Processor Services (Business Clients)When TTGC is engaged to perform services that involve processing personal data belonging to our business clients' customers, users, or employees, TTGC acts as a Data Processor and the client acts as the Data Controller. The processor-specific obligations, instructions, and liabilities are governed by Appendix M (Data Privacy Addendum) of the Master Services Agreement, which operates as a Data Processing Agreement within the meaning of GDPR Article 28 and equivalent provisions of the PDPL and Philippines DPA.
This Privacy Policy applies to our processing as Controller of client and visitor data described in §§3–11.
14. Changes to this Privacy PolicyWe may update this Privacy Policy from time to time. The effective date at the top of this page reflects the current version. Prior versions are archived at ttgcreatives.com/legal/privacy-policy/archive/.
For material changes that affect your rights, we will provide at least thirty (30) days' advance notice by email (for registered users) and by a prominent notice on the Site. Continued use of the Site or services after the effective date of changes constitutes acceptance of the updated Privacy Policy.
Version 2.0 · Document ID: PP-TTGC-2.0 · Effective January 10, 2026
© 2026 Through The Glass Creatives Global – FZCO. All rights reserved.

Purpose	Legal basis (GDPR) / Legitimate basis (PDPL)
Providing the services you requested, including delivering creative work and supporting your subscription	Contract performance
Processing payments, issuing invoices, recovering debts, handling chargebacks	Contract performance; legal obligation
Sending operational communications (delivery notifications, approval requests, project updates)	Contract performance
Sending marketing communications	Consent (opt-in) — you can unsubscribe at any time
Complying with legal, tax, regulatory, or accounting obligations	Legal obligation
Protecting our rights, preventing fraud, enforcing our agreements	Legitimate interests
Improving the Site, our services, and client experience	Legitimate interests
Defending against legal claims and participating in arbitration or litigation	Legitimate interests; legal obligation

Privacy Policy

How Through The Glass Creatives Global collects, uses, and protects your information.

Version2.0
Effective dateJanuary 10, 2026
Document IDPP-TTGC-2.0
SHA-256 hashpending — generated at publish
Last updatedJanuary 10, 2026
Download PDF
1. IntroductionThrough The Glass Creatives Global – FZCO (“TTGC”, “we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, share, and protect personal data when you visit ttgcreatives.com (the “Site”), engage our creative services, subscribe to any of our plans, or otherwise interact with us.
By using the Site or our services, you confirm that you have read and understood this Privacy Policy. If you do not agree, please do not use the Site or our services.
Controller details
Legal name: Through The Glass Creatives Global – FZCO
Trade license: 67626 (Dubai Integrated Economic Zones Authority)
Registered office: Building A1, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates
Data Protection Officer: legal@ttgcreatives.com (see §12)
2. Scope and Applicable LawsThis Privacy Policy is designed to comply with, and is interpreted consistently with:
UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the “PDPL”);
the EU General Data Protection Regulation (GDPR) and the UK GDPR, where you are located in or interacting with us from the EEA or United Kingdom;
the Philippines Data Privacy Act of 2012 (Republic Act 10173), where you are located in the Philippines; and
other applicable privacy laws where we do business.
Where there is a conflict, the stricter protection applies to the corresponding data subject.
3. What Data We Collect3.1 Data you provide to us directlyIdentity and contact data: name, email address, mailing address, phone number, job title, company name, country of residence or incorporation.
Account data: username, password (stored hashed), authentication tokens, account preferences.
Project and intake data: briefs, brand assets, content, files, logos, and any other material you share with us to perform the services.
Payment data: payment method, billing address, and transaction records. Full card numbers are processed by our PCI-DSS–compliant payment processors (Stripe and other regulated providers) and are not stored on our servers.
Contractual acceptance data: the information captured at acceptance of our Master Services Agreement or Subscription Terms (company name, signatory name and title, verified email, IP address, user agent, timestamp, SHA-256 hash of the accepted document version, and the state of each acknowledgment checkbox).
Correspondence: emails, chat messages, support tickets, and notes from calls or meetings.
3.2 Data we collect automaticallyTechnical data: IP address, browser type and version, device type, operating system, approximate location derived from IP, referring URLs, pages visited, session duration.
Cookie and similar technology data: see §10 (Cookies).
Analytics data: aggregated usage patterns via privacy-respecting analytics tools.
3.3 Data we receive from third partiesPayment confirmations from Stripe and other processors.
Authentication data where you log in using a third-party identity provider.
Public professional information from platforms such as LinkedIn, only when you have voluntarily made it public.
3.4 Special category dataWe do not seek or intentionally collect special category data (health, religion, political views, etc.). If such data is present in project material you provide, you authorize its processing solely to perform the services.
4. How We Use Your DataWe process your personal data only for specified, explicit, and legitimate purposes, including:
PurposeLegal basis (GDPR) / Legitimate basis (PDPL)
Providing the services you requested, including delivering creative work and supporting your subscriptionContract performance
Processing payments, issuing invoices, recovering debts, handling chargebacksContract performance; legal obligation
Sending operational communications (delivery notifications, approval requests, project updates)Contract performance
Sending marketing communicationsConsent (opt-in) — you can unsubscribe at any time
Complying with legal, tax, regulatory, or accounting obligationsLegal obligation
Protecting our rights, preventing fraud, enforcing our agreementsLegitimate interests
Improving the Site, our services, and client experienceLegitimate interests
Defending against legal claims and participating in arbitration or litigationLegitimate interests; legal obligation
5. Who We Share Your Data WithWe do not sell, rent, or trade your personal data. We share personal data only with:
Processors and service providers acting on our documented instructions, including payment processors (Stripe), transactional email providers (Postmark, SendGrid), cloud hosting and storage providers (AWS, Cloudflare, Google Cloud, Dropbox, Google Drive), customer support and CRM platforms, analytics providers, and project management tools.
Subcontractors and Design Agents engaged to deliver the services, each bound by written confidentiality and data-processing obligations.
Professional advisers (lawyers, accountants, auditors) under obligations of confidentiality.
Authorities and regulators where disclosure is required by law, a valid legal process, or to respond to a lawful request.
Successor entities in the event of merger, acquisition, or sale of all or part of our business.
A current list of key sub-processors is maintained and made available on request.
6. International Data TransfersWe are headquartered in the United Arab Emirates. When we transfer personal data out of your jurisdiction, we rely on:
UAE PDPL: transfers consistent with Article 22 of the PDPL, including through adequacy decisions or appropriate safeguards.
GDPR / UK GDPR: Standard Contractual Clauses (SCCs) adopted by the European Commission and the UK ICO, or other recognized transfer mechanisms.
Philippines DPA: appropriate safeguards consistent with NPC guidance.
Copies of the transfer mechanisms we rely on are available on request at legal@ttgcreatives.com.
7. How Long We Keep Your DataWe retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:
Account and project data: for the duration of your engagement plus seven (7) years thereafter, to meet UAE commercial record-keeping and tax requirements;
Contractual acceptance records: indefinitely, as evidence of your acceptance of our agreements;
Payment and invoicing data: seven (7) years after the transaction, in accordance with UAE VAT and corporate-tax requirements;
Marketing data: until you unsubscribe, plus a reasonable suppression period thereafter to honor your opt-out;
Correspondence and support tickets: up to three (3) years from closure, for quality assurance and dispute handling.
When retention periods expire, we delete, anonymize, or aggregate the data.
8. How We Protect Your DataWe apply administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, alteration, disclosure, loss, or destruction. Measures include:
encryption in transit (TLS 1.2 or higher) and at rest where appropriate;
access controls and role-based permissions;
logging and monitoring of access to sensitive data;
written confidentiality and data-processing agreements with all employees, Design Agents, and sub-processors;
secure development practices and regular review of our security posture.
No security measure is perfect. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify you and the competent supervisory authority within the timelines required by applicable law.
9. Your RightsDepending on your jurisdiction, you may have the right to:
access the personal data we hold about you;
rectify inaccurate or incomplete data;
erase your data (“right to be forgotten”), subject to legal retention requirements;
restrict or object to certain processing;
data portability — receive a copy of your data in a commonly used, machine-readable format;
withdraw consent where processing is based on consent;
lodge a complaint with your local supervisory authority, including the UAE Data Office, the European Data Protection Board member authorities, the UK Information Commissioner's Office (ICO), or the Philippines National Privacy Commission.
To exercise these rights, email legal@ttgcreatives.com. We will respond within thirty (30) days or as required by applicable law. We may need to verify your identity before processing your request.
10. Cookies and Similar TechnologiesWe use cookies and similar technologies to operate the Site, remember your preferences, analyze usage, and deliver relevant content.
Categories of cookies we use:
Strictly necessary — required for the Site to function (session management, security);
Functional — remember preferences and improve user experience;
Analytics — help us understand how visitors use the Site;
Marketing — used with your consent to personalize content and measure the effectiveness of marketing efforts.
Where required, we present a cookie banner on first visit to allow you to accept, reject, or customize non-essential cookies. You can change your preferences at any time via the cookie settings link in the Site footer. Most browsers also let you block or delete cookies through their settings.
11. Children's PrivacyThe Site and our services are not directed to children under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact legal@ttgcreatives.com and we will delete it promptly.
12. Data Protection Officer and ContactData Protection Officer (DPO): legal@ttgcreatives.com
General privacy queries: support@ttgcreatives.com
Postal address: Through The Glass Creatives Global – FZCO, Attention: DPO, Building A1, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates.
13. Data Processor Services (Business Clients)When TTGC is engaged to perform services that involve processing personal data belonging to our business clients' customers, users, or employees, TTGC acts as a Data Processor and the client acts as the Data Controller. The processor-specific obligations, instructions, and liabilities are governed by Appendix M (Data Privacy Addendum) of the Master Services Agreement, which operates as a Data Processing Agreement within the meaning of GDPR Article 28 and equivalent provisions of the PDPL and Philippines DPA.
This Privacy Policy applies to our processing as Controller of client and visitor data described in §§3–11.
14. Changes to this Privacy PolicyWe may update this Privacy Policy from time to time. The effective date at the top of this page reflects the current version. Prior versions are archived at ttgcreatives.com/legal/privacy-policy/archive/.
For material changes that affect your rights, we will provide at least thirty (30) days' advance notice by email (for registered users) and by a prominent notice on the Site. Continued use of the Site or services after the effective date of changes constitutes acceptance of the updated Privacy Policy.
Version 2.0 · Document ID: PP-TTGC-2.0 · Effective January 10, 2026
© 2026 Through The Glass Creatives Global – FZCO. All rights reserved.