Privacy Policy

This is a plain-language summary. The long-form policy is available on request at legal@cruma.ai. If anything here contradicts the long-form, the long-form controls.

What we collect

To run your workspace, Cruma needs: your email and name, workspace and agent names you choose, content you or your crew create (leads, drafts, invoices, proposals), and integration tokens for the tools you connect.

We also collect technical data: IP address, browser, device, pages visited, and actions taken inside the app. We use this for security monitoring and to improve the product.

How we use it

• To operate your workspace and the crew's actions on your behalf
• To send transactional email (receipts, security alerts, approval notifications)
• To surface insights and improvements inside your workspace
• To detect and respond to security issues

What we never do

• Sell your data to anyone, ever
• Train AI models on your content (contractually guaranteed with our model providers)
• Share your workspace data with other customers

Your rights

You can request a copy of your data, correction of inaccurate data, or deletion of your account and all associated data at any time. Write to privacy@cruma.ai. We respond within 14 days.

Sub-processors

Cruma uses vetted sub-processors for hosting, database, email delivery, and LLM model inference. The current list is available at /security under "Pulls context from" and "Builds on."

Retention

Active workspace data is retained while your account is active. Closed accounts: data deleted within 30 days. Backups: purged within 90 days. Audit logs: retained 12 months for security.

Changes

We'll email you about any material change to this policy 30 days before it takes effect. Date at the top of this page reflects the last update.

Contact

Questions: privacy@cruma.ai. For security issues: security@cruma.ai.