This Privacy Policy outlines how Crestline Intelligence Inc. ('Crestline', 'we', 'our', or 'us') collects, uses, protects, and governs your personal data when you use our services, including but not limited to our web-based platform, mobile application, browser extensions, APIs, and integrations (collectively, the 'Services'). Crestline is a U.S.-based multinational software company committed to the highest global standards of data protection, including compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Digital Personal Data Protection Act (DPDP) of India, the UK GDPR, and other relevant regional frameworks.

1. Data Privacy Philosophy

We believe that privacy is a fundamental human right and have architected our systems, policies, and AI behaviors to uphold strict confidentiality, transparency, and user control. Our infrastructure is built on a zero-trust, privacy-first model where users — not the system — own and control their data and memories.

2. Data We Don't Collect

We do not intentionally store or retain IP addresses, precise device geolocation, MAC identifiers, or biometric information for tracking or profiling purposes. Any transient technical data processed during network communication is not logged or used beyond ensuring basic service functionality.

3. Storage & Format

All user-generated content is converted into vector embeddings — anonymized, encrypted mathematical representations of data — and stored in an isolated, non-human-readable format. This data serves the purpose of enabling AI memory retrieval for the user and organization who originated it.

4. Human Access Restrictions

Crestline does not access or manually review raw user content for monitoring or profiling purposes. User content is processed automatically by secure systems to deliver requested functionality. No employee, contractor, or administrator is permitted to access private user files, conversations, or memories except where legally required and in a restricted, masked format.

5. Moderation & Legal Exceptions

We do not conduct human moderation of AI interactions unless explicitly required for safety review by legal or regulatory mandate — and even then, data will be reviewed only in masked, non-identifiable formats.

6. AI Prompt Safety

Our AI is explicitly programmed to resist attempts by users to extract personal or organizational information about any other user, even within the same company. If a user attempts to trick or manipulate the system into revealing sensitive data, the AI will not comply.

7. Model Training Practices

When data is used to improve our AI models, it is first subjected to rigorous anonymization and semantic masking. Names, identifiers, organizational logic, and client references are permanently stripped before any contextual abstraction occurs. At no stage is individual user data used to directly train a model in a way that would allow future leakage or recognition.

8. No Surveillance or Ads

Crestline operates under a strict no-surveillance policy. We do not mine user data for profit. We do not display, sell, or rent your information to advertisers, data brokers, or any third parties for marketing purposes. No advertising scripts or analytics tags are installed on user-facing interfaces.

9. Analytics Practices

All analytics we use are aggregated, anonymized, and intended solely for internal performance improvement. We do not fingerprint users, assign persistent tracking IDs, or inject cookies without explicit consent where required.

10. Payment Data

All payments are securely processed by third-party gateways that comply with PCI-DSS standards. We do not store complete credit card details, CVV codes, or sensitive financial information. Subscription data is limited to billing email, plan type, transaction time, and payment status.

11. User Data Control

Users may request permanent deletion of their account and associated data by contacting privacy@crestlineintelligence.com or through in-app account deletion controls where available.

12. Security & Infrastructure

Crestline’s servers and databases are hosted on ISO 27001-certified infrastructure partners with compliance for GDPR, HIPAA (where applicable), and SOC 2. We use AES-256 encryption at rest and TLS 1.3 in transit, with zero-access controls for sensitive vectors.

13. Children’s Data

Our platform is not intended for use by children under 16 years of age. We do not knowingly collect or process data from minors. If such data is discovered, it is deleted immediately in compliance with applicable law.

14. Mobile App Data Usage

Crestline Intelligence’s mobile application may collect basic identifiers such as user account information (email, name), app interaction data, and uploaded content strictly to provide core functionality. The app does not collect precise location, background data, or device identifiers for tracking or advertising purposes.

15. Policy Updates

We may update this Privacy Policy as our Services evolve or as legal frameworks change. When updates occur, we will revise the effective date and may notify users through email or in-app alerts.

16. Contact Us

For any questions or concerns about your data or privacy rights, contact info@crestlineintelligence.com. Representatives for EU, UK, and India are available upon request.