Privacy Policy

Last updated: January 11, 2026

Your privacy is important to us. This Privacy Policy explains how Crest collects, uses, and protects your personal information when you use our AI-powered content marketing platform.

1

Information We Collect

1.1 Information You Provide

  • Account Information: Email address, name, password when you create an account
  • Payment Information: Payment method details processed securely by Stripe (we do not store full card numbers)
  • Content Data: Writing samples, brand guidelines, personas, and other content you input for AI processing
  • Communications: Messages you send us through email or support channels

1.2 Information Collected Automatically

  • Usage Data: How you interact with the Service, features used, content generated
  • Device Information: Browser type, operating system, IP address
  • Cookies: Session cookies for authentication and analytics cookies (see Section 6)
  • Log Data: Server logs including access times and pages viewed

1.3 Information from Third Parties

  • Social Media Platforms: When you connect X (Twitter), LinkedIn, or Threads, we access your public profile and post engagement data
  • OAuth Providers: If you sign in with Google, we receive your email and name
2

How We Use Your Information

We use your information for the following purposes:

  • Provide the Service: Process your content, generate AI suggestions, and deliver features you request
  • AI Training and Improvement: Your content inputs help improve our AI models to generate better content. You can opt out of AI training (see Section 8)
  • Account Management: Create and manage your account, process payments, send service communications
  • Analytics: Understand usage patterns to improve the Service
  • Marketing: Send promotional communications (with your consent, which you can withdraw at any time)
  • Legal Compliance: Comply with legal obligations and protect our rights
3

Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Service you requested
  • Consent: Where you have given explicit consent (e.g., marketing communications, AI training)
  • Legitimate Interest: Processing necessary for our legitimate business interests, such as improving the Service and preventing fraud
  • Legal Obligation: Processing required to comply with applicable laws
4

Information Sharing

We share your information with the following parties:

4.1 Service Providers

Stripe - Payment processing

AWS - Cloud infrastructure

OpenAI/Anthropic - AI models

PostHog - Analytics

Sentry - Error tracking

4.2 Social Media Platforms

When you publish content through Crest, it is sent to your connected social media accounts (X, LinkedIn, Threads). These platforms have their own privacy policies governing how they handle your content.

4.3 Legal Requirements

We may disclose information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, prevent fraud, or ensure user safety.

5

Data Retention

Account Data: Retained while your account is active and for 30 days after deletion request

Content Data: Retained while your account is active; deleted within 30 days of account closure

Usage Logs: Retained for 12 months for analytics and security purposes

Payment Records: Retained for 7 years as required by tax regulations

6

Cookies and Tracking

We use the following types of cookies:

Essential Cookies: Required for authentication and basic functionality

Analytics Cookies: Help us understand how you use the Service (via PostHog)

Marketing Cookies: Track advertising effectiveness (only with your consent)

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect Service functionality.

7

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of your personal data

Correction: Request correction of inaccurate data

Deletion: Request deletion of your data

Portability: Request your data in a portable format

Objection: Object to certain types of processing

Restriction: Request restriction of processing

To exercise these rights, contact us at serbyn.vitalii@gmail.com. We will respond within 30 days.

8

AI and Your Data

How AI Uses Your Data: When you input content into Crest, our AI processes it to:

  • Learn your writing style and tone
  • Generate personalized content suggestions
  • Improve content quality over time

AI Model Training: By default, aggregated and anonymized usage patterns may be used to improve our AI models. Your specific content is not shared with third-party AI providers for their model training without your explicit consent.

Automated Decision-Making: Our AI provides content suggestions but does not make automated decisions that significantly affect you. You always have final control over what content is published.

9

Data Security

We protect your data through:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Secure authentication practices
  • Regular security assessments
  • Access controls limiting employee access to personal data
  • Incident response procedures

While we take reasonable measures to protect your data, no method of transmission or storage is 100% secure. Please use strong passwords and keep your credentials confidential.

10

International Data Transfers

Your data may be transferred to and processed in countries outside your residence, including the United States (where our cloud infrastructure is located). We ensure appropriate safeguards are in place, including Standard Contractual Clauses for transfers from the EEA.

11

Children's Privacy

Crest is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

12

Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

13

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service. Your continued use after changes constitutes acceptance of the updated policy.

14

Contact Us

For questions about this Privacy Policy or to exercise your data rights, contact us:

Email: serbyn.vitalii@gmail.com

Data Controller: Vitalii Serbyn