Privacy Policy
1. Data We Collect
Conversation data. When you interact with crest's AI chat interface, we store the messages you send and the responses generated. This data is used solely to provide the service and is never shared with other users.
Trace data. crest records API call logs and provenance records as part of its witnessed computation infrastructure. Traces contain metadata about AI inference calls, including timestamps, model identifiers, and content hashes.
Usage data. We collect basic usage data such as page views and feature usage to improve the product. This data is aggregated and not tied to individual identities.
Account data. If you create an account, we store the information you provide, which may include your email address and name.
2. How Data Is Stored
All data is stored in Supabase (PostgreSQL) with AES-256 encryption at rest and TLS 1.2+ encryption in transit. Row-level security ensures strict tenant isolation between users.
3. AI and Third-Party Inference
To generate AI responses, we send your prompts to third-party model providers via OpenRouter. These providers include Anthropic, OpenAI, and Google. We use API tiers that contractually prohibit training on inputs.
Your data is never used for AI model training. Your data is never shared between users.
4. Sale of Personal Data
We do not sell, rent, share, or trade your personal data to third parties. We do not engage in cross-context behavioral advertising.
5. Cookies
crest uses only essential session cookies required to operate the service. We do not use third-party tracking cookies, advertising cookies, or analytics cookies.
6. Third-Party Processors
| Processor | Purpose | Data Handled |
|---|---|---|
| Supabase | Database, authentication | Account, conversation, trace data |
| Vercel | Hosting and CDN | Request logs, static assets |
| OpenRouter | AI inference routing | Conversation content for responses |
| Twilio | SMS communication | Phone numbers, message content |
7. Data Retention
Trace data is retained for 90 days, then permanently deleted. Conversation data is retained while your account is active and deleted within 30 days of a deletion request. Witness chain records are permanent but contain only cryptographic hashes, not personal data.
8. Your Rights
You have the right to access, correct, and delete the personal data we hold about you. To exercise these rights, email andysalvo26@gmail.com. We will respond within 30 days.
9. Children
crest is not directed at children under 13. We do not knowingly collect personal data from children under 13.
10. Changes
We may update this policy from time to time. Changes will be posted to this page with a revised effective date. Continued use of the service after changes are posted constitutes acceptance.
11. Governing Law
This policy is governed by the laws of the Commonwealth of Pennsylvania.
Questions? Contact us at andysalvo26@gmail.com