This Privacy Policy describes how Crystl AI ("Crystl AI", "we", "us", or "our") collects, uses, shares, and protects information when you visit our website or use our campaign intelligence platform (the "Service"). By using the Service, you agree to this policy.
1. Information We Collect
Account information
When you create an account, we collect your name, email address, password (hashed), workspace name, and profile details you choose to provide.
Campaign content
We process the campaign briefs, brand inputs, audience data, prompts, generated assets, edits, comments, and optimization feedback you submit to the Service. This content belongs to you.
Usage data
We automatically collect log data, device and browser information, IP address, pages viewed, features used, and timestamps to operate and improve the Service.
Cookies and similar technologies
We use cookies for authentication, preferences, security, and analytics. See our Cookies notice for details.
2. How We Use Information
- Operate, maintain, and improve the Service, including AI-powered planning, generation, and optimization features.
- Authenticate users, secure accounts, and prevent abuse or fraud.
- Provide customer support and respond to requests.
- Send transactional and service-related communications.
- Send product updates and marketing messages where permitted (you can opt out anytime).
- Analyze aggregate usage patterns to improve features and performance.
- Comply with legal obligations and enforce our Terms.
3. AI Processing
To generate and optimize campaign assets, we send your prompts and the relevant context to trusted AI model providers acting as our subprocessors. We do not permit these providers to use your content to train their foundation models. Your campaign content is not used to train Crystl AI's own models without your explicit opt-in.
4. How We Share Information
- Service providers who help us run the Service (hosting, databases, AI inference, analytics, email delivery, payment processing) under contractual confidentiality and data protection terms.
- Workspace members you collaborate with - campaigns and assets are visible to people in your workspace based on their role.
- Legal and safety when required by law, subpoena, or to protect rights, property, or safety.
- Business transfers in a merger, acquisition, or asset sale, with notice to you.
We do not sell your personal information.
5. Data Retention
We retain account and campaign data for as long as your account is active. When you delete a campaign, it is removed from active systems and purged from backups within 30 days. When you close your account, we delete or anonymize personal data within 90 days, except where retention is required by law.
6. Security
We use encryption in transit (TLS) and at rest, role-based access controls, audit logging, isolated workspaces, and regular security reviews. No system is perfectly secure; please use a strong password and enable any available account protections.
7. Your Rights
Depending on where you live, you may have rights to access, correct, export, or delete your personal information, restrict or object to processing, and withdraw consent. You can exercise most of these rights from your account settings or by contacting us at hello@crystl.ai.
8. International Transfers
We operate globally and may transfer information to countries other than your own. Where required, we use appropriate safeguards such as Standard Contractual Clauses.
9. Children
The Service is not directed to children under 16, and we do not knowingly collect personal information from them.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email or in-product notice. Continued use after changes take effect constitutes acceptance.
11. Contact
Questions about this policy or our data practices? Email hello@crystl.ai.