Legal

Privacy Policy

This policy explains what personal data Crowdproof collects, why, who we share it with, how long we keep it, and the rights you have over it. The short version: we collect what we need to run your studies and operate the Service, and we never use your product inputs to train models.

last updated June 15, 2026
1 · Who we are

The data controller.

Crowdproof, Inc. (“Crowdproof”, “we”, “us”) operates crowdproof.ai and is the controller of the personal data described here. Questions or requests go to [email protected].

2 · What we collect

The data we collect.

We collect only what we need to provide and improve the Service. We group it into four categories.

account dataName, email address, organization, and authentication identifiers when you sign up — including profile basics from an identity provider (e.g. Google) if you sign in that way. We do not receive your provider password.
usage dataHow you use the Service: pages and features visited, studies run, log and device information, IP address, browser type, and timestamps. Used for security, debugging, and product analytics.
payment dataWhen you pay, billing details are collected and processed by Stripe. We receive limited information such as the last four digits, card brand, and billing country — we do not store full card numbers.
product inputsThe content you submit to run studies — URLs, prototypes, screenshots, PRDs, copy, and questions (“Your Content”). We process this to generate your studies; we do not use it to train general models.
3 · How we use it

Why we process your data.

We use personal data for the purposes below, each on a lawful basis (performance of our contract with you, our legitimate interests in running and securing the Service, your consent where required, or legal obligation).

provide the serviceCreate and manage your account, run studies, deliver reports and transcripts, and provide support.
billingProcess payments and manage subscriptions and credits via our payment processor.
improve & secureMonitor performance, debug, prevent abuse and fraud, enforce our Terms, and improve features. We do not use Your Content (product inputs) to train models.
communicateSend transactional messages (e.g. study completion, security, billing) and, where permitted, product updates you can opt out of.
4 · Sub-processors

Who we share data with.

We do not sell your personal data. We share it only with vendors that help us run the Service, under contracts that require them to protect it and use it only on our instructions.

AWSAmazon Web Services — cloud hosting, compute, and storage for the application and your data.
StripePayment processing. Stripe is the processor for card and billing data under its own terms.
supabaseManaged database and authentication infrastructure used to store account and run-state data.
LLM providersAI model providers used by the simulation engine to generate agent behavior. Product inputs may be processed to run your studies; we contract for confidentiality and no-training where available.
analytics & emailPrivacy-conscious product analytics and a transactional email provider, used to operate and improve the Service.
legal & transfersWe may disclose data to comply with law or protect rights and safety, and may transfer data as part of a merger or acquisition. International transfers use appropriate safeguards (e.g. standard contractual clauses).
5 · Retention

How long we keep it.

We keep personal data only as long as needed for the purposes above, then delete or anonymize it.

account dataKept while your account is active and for a limited period afterward to handle disputes and meet legal obligations.
product inputsTwins, PRDs, questions, and derived artifacts can be deleted by you at any time, and are removed on account deletion. We hold them only to provide your studies.
logs & billingOperational logs are retained for a limited window for security and debugging; billing records are kept as long as required by tax and accounting law.
6 · Your rights

Access, deletion, and control.

Depending on where you live (including under GDPR and US state privacy laws such as the CCPA/CPRA), you have rights over your personal data. We honor these regardless of where you are.

access & portabilityRequest a copy of the personal data we hold about you in a portable format.
correctionUpdate inaccurate account details in settings, or ask us to correct them.
deletionDelete your data and account from settings, or email [email protected]. We will delete or anonymize it subject to legal retention requirements.
object & opt outObject to or restrict certain processing, withdraw consent, and opt out of non-essential communications. We do not sell personal data.
complaintsIf you are in the EEA/UK you may also lodge a complaint with your local data-protection authority.
7 · Cookies & analytics

Cookies and tracking.

We use cookies and similar technologies to keep you signed in, remember preferences, and understand product usage.

essentialStrictly-necessary cookies enable sign-in, security, and core functionality. The Service does not work without them.
analyticsPrivacy-conscious analytics help us understand aggregate usage so we can improve the Service. We do not use cross-site advertising trackers.
controlYou can manage cookies in your browser settings. Where required, we ask for consent before setting non-essential cookies.
8 · Children & changes

Children and updates to this policy.

childrenThe Service is for business use and not directed at children under 16. We do not knowingly collect their personal data; if we learn we have, we will delete it.
changesWe may update this policy. For material changes we will provide reasonable notice — by updating the date here, in-app, or by email — before they take effect.
9 · Contact

Reaching us.

Crowdproof, Inc. To exercise a right or ask a privacy question, contact us — we read every message.

privacy[email protected]
general[email protected]

Draft notice — this is a good-faith starting draft, not finished legal advice. It must be reviewed and adapted by qualified counsel (including jurisdiction-specific disclosures and a confirmed sub-processor list) before public launch. · last updated June 15, 2026