Privacy Policy

1. Information We Collect

We collect only the minimum data necessary for CRED to function properly. This may include:

• Account Information — your email address or login credentials used for authentication (e.g., via Clerk or other login providers).
• Usage Metrics — data you choose to share (e.g., productivity statistics, time tracking, or business metrics) to generate insights within your own dashboard.
• Connected Integrations — if you connect services like Stripe, we access only the data required to display verified metrics within your account (e.g., revenue totals, refund rates).
• Device & Log Data — basic diagnostic data automatically collected for error reporting and debugging (e.g., crash logs, API errors).

We do not collect personal content, messages, private documents, or browsing data beyond what you explicitly authorize.

2. How We Use Your Information

Your data is used only to:

• Provide you with analytics, insights, and dashboards.
• Maintain and improve CRED's core functionality.
• Authenticate and secure your account.
• Respond to support requests or bug reports.

We never:

• Sell your data.
• Share your data with advertisers, marketers, or data brokers.
• Train AI models or analytics tools using your personal or business data.

3. Data Ownership

You retain full ownership and control over your data at all times.

You may export or delete your data at any time through your account settings or by contacting us at aiden@thecred.ai.

When you delete your account, all associated data — including backups and connected integrations — are permanently erased from our systems within 30 days.

4. Data Security

We use modern security best practices to protect your data:

• End-to-end encryption for sensitive fields.
• Secure storage using industry-standard providers (e.g., encrypted databases, managed keys).
• Role-based access control — only you and authorized CRED systems can view your data.
• No human access to user data without your explicit written permission.

5. Integrations

If you connect external services (e.g., Stripe), CRED accesses only read-only data required to deliver core features.

We never request write access, and we never modify, create, or delete data within your connected accounts.

You may disconnect any integration at any time.

6. Data Sharing

We do not share your data with anyone except when required by:

• Law enforcement with valid legal process.
• Service providers that host or process data on our behalf (e.g., cloud infrastructure) — bound by strict confidentiality and data-processing agreements.

7. Google Calendar API Disclosure

CRED's use and transfer of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only access calendar data you explicitly authorize
• Calendar data is used solely to calculate productivity metrics and operator scores
• We do not use calendar data for advertising or remarketing
• We do not sell calendar data to third parties
• You can revoke calendar access at any time in Settings

8. Your Rights

You have the right to:

• Access the data we store about you.
• Request corrections or updates.
• Delete your data permanently.
• Withdraw consent for integrations or analytics features.
• File a complaint if you believe your data has been mishandled.

To exercise these rights, contact aiden@thecred.ai

9. Data Retention

We keep your data only as long as your account is active. Once deleted, data is permanently removed from our systems and backups within 30 days.

10. Children's Privacy

CRED is not intended for children under 16. We do not knowingly collect or process data from minors.

11. Changes to This Policy

We may update this Privacy Policy as CRED evolves. Any changes will be posted with a new "Last updated" date. Significant updates will be communicated to users directly.

12. Contact Us

If you have questions or concerns about this Privacy Policy or your data, contact us at: