This Privacy Policy outlines how Crestline Intelligence Inc. ('Crestline', 'we', 'our', or 'us') collects, uses, protects, and governs your personal data when you use our services, including but not limited to our web-based platform, mobile application, browser extensions, APIs, and integrations (collectively, the 'Services'). Crestline is a U.S.-based multinational software company committed to the highest global standards of data protection, including compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Digital Personal Data Protection Act (DPDP) of India, the UK GDPR, and other relevant regional frameworks.

1. Data Privacy Philosophy

We believe that privacy is a fundamental human right and have architected our systems, policies, and AI behaviors to uphold strict confidentiality, transparency, and user control. Our infrastructure is built on a zero-trust, privacy-first model where users — not the system — own and control their data and memories.

2. Data We Don't Collect

We do not collect IP addresses, precise device geolocation, MAC identifiers, or biometric information. We intentionally exclude these from all data flows and session logs. Instead, user interaction with our platform — including uploaded documents, chat messages, projects, task inputs, and knowledge feeds — is processed solely for functional purposes within our system.

3. Storage & Format

All user-generated content is converted into vector embeddings — anonymized, encrypted mathematical representations of data — and stored in an isolated, non-human-readable format. This data serves the purpose of enabling AI memory retrieval for the user and organization who originated it.

4. Human Access Restrictions

Crestline does not store or view raw user content. No employee, contractor, or system administrator has access to private files, personal memory, or conversations shared within the AI. Our internal teams are strictly prohibited, both technically and contractually, from viewing, annotating, monitoring, or analyzing user-specific data.

5. Moderation & Legal Exceptions

We do not conduct human moderation of AI interactions unless explicitly required for safety review by legal or regulatory mandate — and even then, data will be reviewed only in masked, non-identifiable formats.

6. AI Prompt Safety

Our AI is explicitly programmed to resist attempts by users to extract personal or organizational information about any other user, even within the same company. If a user attempts to trick or manipulate the system into revealing sensitive data, the AI will not comply.

7. Model Training Practices

When data is used to improve our AI models, it is first subjected to rigorous anonymization and semantic masking. Names, identifiers, organizational logic, and client references are permanently stripped before any contextual abstraction occurs. At no stage is individual user data used to directly train a model in a way that would allow future leakage or recognition.

8. No Surveillance or Ads

Crestline operates under a strict no-surveillance policy. We do not mine user data for profit. We do not display, sell, or rent your information to advertisers, data brokers, or any third parties for marketing purposes. No advertising scripts or analytics tags are installed on user-facing interfaces.

9. Analytics Practices

All analytics we use are aggregated, anonymized, and intended solely for internal performance improvement. We do not fingerprint users, assign persistent tracking IDs, or inject cookies without explicit consent where required.

10. Payment Data

All payments are securely processed by third-party gateways that comply with PCI-DSS standards. We do not store complete credit card details, CVV codes, or sensitive financial information. Subscription data is limited to billing email, plan type, transaction time, and payment status.

11. User Data Control

Users retain full control over their data. At any time, you may access your memory, download your projects, export your chat history, or request deletion of your account and associated memory embeddings.

12. Security & Infrastructure

Crestline’s servers and databases are hosted on ISO 27001-certified infrastructure partners with compliance for GDPR, HIPAA (where applicable), and SOC 2. We use AES-256 encryption at rest and TLS 1.3 in transit, with zero-access controls for sensitive vectors.

13. Children’s Data

Our platform is not intended for use by children under 16 years of age. We do not knowingly collect or process data from minors. If such data is discovered, it is deleted immediately in compliance with applicable law.

14. Policy Updates

We may update this Privacy Policy as our Services evolve or as legal frameworks change. When updates occur, we will revise the effective date and may notify users through email or in-app alerts.

15. Contact Us

For any questions or concerns about your data or privacy rights, contact privacy@crestlineintelligence.com or dpo@crestlineintelligence.com. Representatives for EU, UK, and India are available upon request.