Legal

Privacy Policy

Last updated: 2026-05-29

This Privacy Policy explains what personal data Cruxible processes, why, and the rights you have. It applies to the Cruxible website and service.

Cruxible is operated by an independent sole proprietor (the "operator", "we", "us"), providing the Service remotely. For any privacy request, or to obtain our full identification details, contact admin@trycruxible.com. For the purposes of the EU GDPR, the UK GDPR, and similar laws, the operator is the controller of the personal data described below. If we are required to designate an EU or UK representative, or a Data Protection Officer, their details will be published here.

Your country of residence determines which specific rights and lawful bases apply to you. Where local data-protection law gives you stronger rights, those rights apply.

1. Data we process

  • Account data: your name, email, and authentication identifiers, handled through our authentication provider (Clerk).
  • Idea and run data: the idea text and any context you submit, plus the research reports, build prompts, run status, and run history we generate for you. These are stored in our database (Neon).
  • Billing data: subscription and payment status, handled by our Merchant of Record (Polar.sh). We do not receive or store your full card details.
  • Usage and device data: server logs, IP address, browser and device information, and, only if you consent, analytics about how you use the site.
  • Communications: messages you send us and our replies.

2. Why we process it and the lawful basis

Purpose Lawful basis (GDPR / UK GDPR)
Provide the Service and your scout runs Performance of a contract
Operate billing and prevent abuse Contract; legitimate interests; legal obligation
Secure, debug, and improve the Service Legitimate interests
Measure site usage through analytics Consent
Respond to your messages Legitimate interests
Comply with legal, tax, and accounting duties Legal obligation

Where we rely on legitimate interests, we have balanced those interests against your rights. Where we rely on consent, you can withdraw it at any time.

3. Who we share it with

We share data with the third-party processors that run the Service on our behalf, listed in our Subprocessors notice. They process data under our instructions and appropriate contractual terms. We may also disclose data where required by law, to enforce our Terms, or to protect rights, property, and safety.

We do not sell your personal data, and we do not share it for cross-context behavioral advertising.

4. International transfers

Cruxible is operated remotely and uses processors located in different countries, including the United States and the European Union. Where personal data is transferred across borders, we rely on an appropriate transfer mechanism, such as the European Commission and UK standard contractual clauses, or transfers to countries with an adequacy decision, where these apply. You can ask us about the safeguards in place by contacting admin@trycruxible.com.

5. Retention

We keep personal data only as long as needed for the purposes above:

  • account and run data: while your account is active, and for up to 30 days after you delete it or close your account, except where we must keep it longer;
  • billing and tax records: for the period required by applicable law (commonly up to 7 years);
  • server logs: typically up to 90 days;
  • analytics data: per the retention settings of the analytics providers, where consented.

After these periods we delete or de-identify the data.

6. Your rights

Depending on your country, you may have the right to:

  • access the personal data we hold about you;
  • correct inaccurate data;
  • delete your data ("right to erasure");
  • restrict or object to processing;
  • receive your data in a portable format;
  • withdraw consent at any time (without affecting prior processing); and
  • not be discriminated against for exercising your rights.

To exercise any right, contact admin@trycruxible.com. We will respond within the time required by applicable law. You also have the right to complain to your local data-protection authority. In the EU this is your national supervisory authority; in the UK it is the Information Commissioner's Office.

US state privacy rights

If you are a resident of a US state with a privacy law (such as California), you have rights to know, access, delete, and correct your personal information, and to opt out of its sale or sharing. As stated above, we do not sell personal information or share it for cross-context behavioral advertising. To exercise these rights, contact admin@trycruxible.com.

7. Cookies and analytics

We use a small set of cookies and, only with your consent, analytics. See our Cookie Notice for detail and to change your choices at any time.

8. Security

We use reasonable technical and organizational measures to protect personal data, including access controls, encryption in transit, and per-user data isolation. No system is perfectly secure, but we work to protect your data and to address incidents promptly.

9. Children

The Service is not directed at children, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact admin@trycruxible.com and we will delete it.

10. Changes

We may update this policy. We will change the "Last updated" date and, for material changes, take reasonable steps to notify you.

11. Contact

For any privacy question or request, contact admin@trycruxible.com.