Craxy AI

Privacy Policy

How we protect and handle your data

Last updated: November 2, 2025

Table of Contents

1. Introduction

Bluehall Technologies ("we," "our," or "us") operates the Craxy AI platform ("Service"), an AI-powered proposal writing and RFP analysis platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and ensuring the security of your personal and business data. This policy applies to all users of Craxy AI, including visitors to our website and registered users of our platform.

Key Privacy Commitment: We do not train AI models on your data. Your content remains private and is not used to improve AI systems.

2. Information We Collect

Account Information

  • Name and email address
  • Company information and job title
  • Password (encrypted and hashed)
  • Profile preferences and settings

Content Data

  • RFP documents you upload for analysis
  • Proposals and content you create
  • Knowledge base documents and files
  • Comments, notes, and annotations
  • Branding materials and templates

Usage Data

  • Platform usage patterns and feature interactions
  • Performance metrics and error logs
  • IP address and browser information
  • Session data and authentication tokens

Payment Information

Payment processing is handled by Stripe. We do not store credit card information on our servers. Stripe's privacy policy applies to payment data.

3. AI Processing & OpenAI

🛡️ We Do NOT Train AI on Your Data

Critical Privacy Protection: We explicitly do not use your data to train or improve AI models. Your content is processed for analysis and generation purposes only, and is not used for machine learning or model training.

OpenAI Integration

We use OpenAI's API services to provide AI-powered analysis and content generation. To protect your privacy, we have disabled the following OpenAI settings:

  • Model feedback sharing: Disabled - OpenAI cannot use your interactions to improve their models
  • Evaluation and fine-tuning data sharing: Disabled - Your data is not used for model evaluation
  • Input and output sharing: Disabled - Your content is not shared with OpenAI for training purposes

This ensures that your RFP documents, proposals, and other content are processed for your immediate needs only and are not used to improve AI systems.

OpenAI Privacy Policies

For complete transparency, please review OpenAI's privacy policies:

4. Data Storage & Security

Cloud Infrastructure

We host our platform on DigitalOcean cloud infrastructure, which provides enterprise-grade security and reliability. All data is stored in US-based data centers with appropriate physical and digital security measures.

DigitalOcean Privacy Policy

Security Measures

  • Encryption: All data encrypted in transit and at rest
  • Access Control: Role-based access control (RBAC) with multi-tenant isolation
  • Authentication: Secure authentication with session management
  • Audit Trails: Comprehensive logging of all system activities
  • Network Security: Firewalls, intrusion detection, and monitoring
  • Regular Backups: Automated backups with encryption

Data Isolation

Each customer's data is isolated through multi-tenant architecture, ensuring that your data cannot be accessed by other customers or unauthorized users.

5. Data Retention

We retain your data for as long as your account is active and for a reasonable period thereafter to comply with legal obligations and resolve disputes.

Immediate Hard Delete: When you request account deletion, either through your account settings or by contacting us, we perform an immediate hard delete. This means your data is permanently and irreversibly removed from our systems with no recovery option.

We do not implement soft delete processes. All account deletions are permanent and immediate. Some anonymized usage data may be retained for analytics purposes, but all personally identifiable information is permanently removed.

6. Your Rights

Data Access & Export

You can access and export all your data through your dashboard. This includes:

  • All proposals and documents
  • Knowledge base files
  • Account information and settings
  • Usage history and analytics

Data Deletion

You can request complete deletion of your account and all associated data. This can be done through your account settings (for account owners) or by contacting us directly.

Important: Account deletion is immediate and permanent. Once deleted, your data cannot be recovered. This includes all proposals, documents, knowledge base files, and account information. Please ensure you have exported any data you wish to keep before requesting deletion.

Data Correction

You can update and correct your personal information at any time through your account settings.

Opt-out Rights

You can opt out of marketing communications and certain data processing activities while maintaining access to core platform functionality.

7. Cookies & Analytics

We use cookies and similar technologies to provide and improve our Service. This includes:

  • Essential Cookies: Required for platform functionality and security
  • Session Management: To maintain your login state and preferences
  • Performance Monitoring: To analyze platform performance and identify issues
  • Analytics: To understand usage patterns and improve user experience

You can control cookie settings through your browser, though disabling certain cookies may affect platform functionality.

8. Third-Party Services

We integrate with several third-party services to provide our platform functionality:

  • OpenAI: AI processing and content generation
  • Stripe: Payment processing and subscription management
  • Email Providers: Transactional emails and notifications
  • DigitalOcean: Cloud hosting and infrastructure

Each third-party service has its own privacy policy, and we encourage you to review them. We only share data necessary for these services to function.

9. International Users

If you are located outside the United States, please note that your information will be transferred to and processed in the United States, where our servers are located.

For users in the European Union, we comply with the General Data Protection Regulation (GDPR) and provide additional rights and protections as outlined in this policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending an email notification to registered users
  • Displaying a notice in the platform

Your continued use of the Service after any changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Bluehall Technologies

Product: Craxy AI

Email: [email protected]

Location: Maryland, United States

We will respond to all privacy-related inquiries within 30 days.