Privacy Policy
Cresva.ai provides a SaaS analytics platform (the "Service"). We respect your privacy and are transparent about how we collect and use data to deliver and improve the Service.
Legal name: Cresva.ai • Privacy Contact: hello@cresva.ai
California Residents (CCPA)
We do not sell or share your personal information. You have rights to access, delete, and opt-out. See Section 10 for details.
Request Data Deletion →Table of Contents
1. Information we collect
We collect the following categories of information:
a) Account Information
- Name, email address, company name
- Google OAuth profile data (if you sign in with Google)
- Timezone, language preferences
b) Service Usage Data
- Marketing data you provide (CSV URLs, campaign metrics, creative assets)
- Slack webhook URLs (if you connect Slack)
- Budget settings, alert configurations
- Feature usage, clicks, interactions within the Service
c) Technical Data
- IP address, browser type, device information
- Log data, error reports, performance metrics
- Cookies and similar tracking technologies (see Section 6)
d) Payment Information
- Billing details (processed by Stripe; we don't store full credit card numbers)
- Transaction history, invoices
e) Communications
- Support tickets, feedback, emails you send us
- Survey responses, product feedback
2. Legal basis for processing (GDPR)
For users in the EU/UK, we process your personal data under the following legal bases:
Contract Performance
We process your data to provide the Service you signed up for (account management, analytics, alerts, etc.)
Legitimate Interests
We process data to improve our Service, prevent fraud, ensure security, and send relevant product updates (you can opt out of marketing emails)
Consent
For cookies (other than essential ones), AI training on your data, and marketing communications, we ask for your explicit consent
Legal Obligations
We may process data to comply with laws, regulations, court orders, or tax requirements
3. How we use your data
We use the information we collect to:
Provide & maintain the Service
Process your marketing data, generate insights, send alerts and digests
Improve & develop features
Analyze usage patterns, fix bugs, develop new features
Customer support
Respond to your questions, troubleshoot issues
Security & fraud prevention
Detect and prevent abuse, unauthorized access, and security threats
Communications
Send service updates, billing notices, security alerts (you can opt out of marketing emails)
Legal compliance
Comply with laws, regulations, court orders, tax obligations
4. AI & machine learning
🤖 How we use AI
Cresva uses AI and machine learning to analyze your marketing data, detect anomalies, and provide insights. This processing happens in real-time and is essential to the Service.
AI Training & Your Data:
- We do NOT use your individual marketing data to train general AI models unless you explicitly opt in
- We may use aggregated, anonymized data (with no personally identifiable information) to improve our models
- If you want to opt out of even anonymized data usage for AI training, contact us at hello@cresva.ai
Third-party AI providers: We may use AI services from providers like OpenAI, Anthropic, or Google. Your data is processed according to their privacy policies and data processing agreements. We do not allow these providers to use your data for their own model training without your consent.
7. Security measures
We take data security seriously and implement industry-standard measures to protect your information:
Encryption
All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
Access Controls
Strict access controls, least-privilege principle, regular audits
Infrastructure Security
Hosted on SOC 2 compliant platforms (Vercel, AWS/GCP)
Monitoring & Logging
24/7 monitoring for suspicious activity, automated alerts
Regular Updates
Frequent security patches, dependency updates, penetration testing
Employee Training
All team members undergo security training and sign NDAs
Data breach notification: If a security breach affects your data, we'll notify you and relevant authorities within 72 hours (GDPR requirement) via email and in-app notification.
8. Data retention
We retain your data for as long as necessary to provide the Service:
Active Accounts
As long as your account is active, we retain your data to provide the Service.
After Account Deletion
- Account data: Deleted within 30 days
- Backups: Purged within 90 days
- Billing records: Retained for 7 years (tax compliance)
- Anonymized analytics: May be retained indefinitely
Legal Holds
We may retain data longer if required by law, legal proceedings, or to resolve disputes.
Want to delete your data? Visit /data-deletion or email hello@cresva.ai
9. International transfers
Cresva is based in the United States. If you're accessing the Service from outside the US, your data may be transferred to, stored, and processed in the US and other countries.
For EU/UK users (GDPR):
- We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers to the US
- All subprocessors handling EU data sign Data Processing Agreements (DPAs) with SCCs
- We implement additional safeguards (encryption, access controls) to protect your data
By using the Service, you consent to the transfer of your data to the US and other countries where we or our service providers operate.
10. Your rights & choices
Under GDPR, CCPA, and other privacy laws, you have the following rights:
Access
Request a copy of your personal data we hold
Rectification
Correct inaccurate or incomplete data
Erasure ("Right to be forgotten")
Request deletion of your account and data
Data portability
Download your data in a portable format
Object to processing
Object to certain uses (e.g., AI training)
Restrict processing
Limit how we use your data
Withdraw consent
Opt out of cookies, emails, AI training
Lodge a complaint
File a complaint with your data protection authority
California Residents (CCPA/CPRA)
You have additional rights under California law:
- Right to know what personal information we collect and how we use it
- Right to deletion
- Right to opt-out of "sale" or "sharing" (we do neither)
- Right to non-discrimination for exercising your rights
How to exercise your rights:
Email: hello@cresva.ai
Data deletion form: /data-deletion
Response time: We'll respond within 30 days (GDPR) or 45 days (CCPA)
Verification: We may ask for additional information to verify your identity before processing requests
No fees: We don't charge for requests unless they're excessive or repetitive
11. Children's privacy
Our Service is not intended for children under 16 years old (or 13 in the US). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately at hello@cresva.ai so we can delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We'll update the "Last updated" date at the top of this page.
For material changes: We'll notify you through the Service, via email, or with a prominent notice on our website at least 30 days before the changes take effect. For non-material changes, we encourage you to review this policy periodically.
Continued use of the Service after changes become effective constitutes acceptance of the updated policy. If you don't agree with the changes, you may close your account.
Contact us
Privacy questions or requests?
Contact our privacy team for any questions about this policy or to exercise your rights.
EU/UK residents: If you're not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.