Privacy Policy
1. Data We Collect
Account and contact data. When you get started or fill in our onboarding questionnaire, we collect what you provide, such as your name, company, work email, phone number, and information about your software stack.
Payment data. Payments are processed by Stripe. We receive confirmation and limited billing details (such as the last four digits and billing country); we never store your full card number.
Managed-systems data. To run your software, we access the systems, accounts, and credentials you authorize us to manage, and data within them. We handle this only to deliver the Service and treat it as confidential.
Communications. When you contact us by email or SMS, we keep those messages to support you.
Usage data. We collect basic, aggregate usage of the website (such as page views) to improve it. We do not use third-party advertising or tracking.
2. How We Use Data
We use your data to provide and operate Crest Solutions, to bill your subscription, to communicate with you, to provide support, and to improve the Service. We do not use it for advertising.
3. How Data Is Stored
Data is stored in Supabase (PostgreSQL) with encryption at rest and TLS in transit. Each client is isolated; one client's data is never exposed to another.
4. AI and Third-Party Inference
To do its work, the Service sends content to frontier AI models through third-party providers (including Anthropic, Google, and others) via OpenRouter. We use provider tiers that contractually prohibit training on inputs.
Your data is never used to train AI models, and is never shared between clients.
5. Payment Processing
We use Stripe to process payments and manage subscriptions. Your card details are entered with and held by Stripe, not by us. Stripe's handling of your payment data is governed by Stripe's privacy policy.
6. Sale of Personal Data
We do not sell, rent, or trade your personal data, and we do not engage in cross-context behavioral advertising.
7. Cookies
We use only essential cookies required to operate the site. We do not use advertising or third-party tracking cookies.
8. Third-Party Processors
| Processor | Purpose | Data Handled |
|---|---|---|
| Stripe | Payments and subscriptions | Billing details, payment status |
| Supabase | Database and authentication | Account, contact, service data |
| Vercel | Hosting and CDN | Request logs, static assets |
| OpenRouter | AI inference routing | Content sent for AI processing |
| Twilio | SMS communication | Phone numbers, message content |
9. Data Retention
We retain your data while your account is active and for as long as needed to provide the Service and meet legal obligations. We delete personal data within 30 days of a verified deletion request, except where we must retain it by law.
10. Your Rights
You may access, correct, or delete the personal data we hold about you. To exercise these rights, email andy@crestsystems.ai or jameson@crestsystems.ai. We respond within 30 days.
11. Children
Crest Solutions is a business service and is not directed at children under 13. We do not knowingly collect data from children under 13.
12. Changes
We may update this policy. Changes are posted here with a revised effective date.
13. Governing Law
This policy is governed by the laws of the State of New Jersey.
Questions? Reach a founder directly — Andy at andy@crestsystems.ai or Jameson at jameson@crestsystems.ai. Crest Deployment Systems LLC.