Craxy AI

Privacy Policy

How we protect and handle your data

Last updated: June 5, 2026

Table of Contents

1. Introduction

Bluehall Technologies, LLC ("we," "our," or "us") operates the Craxy AI® platform ("Service"), an AI-powered proposal writing and RFP analysis platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and ensuring the security of your personal and business data. This policy applies to all users of Craxy AI, including visitors to our website and registered users of our platform.

Key Privacy Commitment: We do not train AI models on your data. Your content remains private and is not used to improve AI systems.

2. Information We Collect

Account Information

  • Name and email address
  • Company information and job title
  • Password (encrypted and hashed)
  • Profile preferences and settings

Content Data

  • RFP documents you upload for analysis
  • Proposals and content you create
  • Knowledge base documents and files
  • Comments, notes, and annotations
  • Branding materials and templates

Usage Data

  • Platform usage patterns and feature interactions
  • Performance metrics and error logs
  • IP address and browser information
  • Session data and authentication tokens

Error & Performance Data

We use Sentry for error monitoring and performance tracking. When errors occur, the following data may be collected automatically:

  • Error messages, stack traces, and browser console logs
  • Browser type, version, operating system, and device information
  • IP address (used for error grouping, not stored long-term)
  • Page URL and navigation path leading to the error
  • A session replay recording of user interactions immediately before and after an error (DOM snapshots, clicks, and scrolls — no passwords or sensitive input fields are captured)

Support Chat Data

Our in-app support chat is powered by AI with human intervention when needed. When you use the support chat, we collect:

  • Chat messages and conversation history
  • Name and email address you provide when starting a chat
  • The page URL you were on when you initiated the chat

Chat conversations are stored to provide continuity and improve support quality. They may be reviewed by our human support team when the AI is unable to resolve your inquiry or when escalation is needed.

Payment Information

Payment processing is handled by Stripe. We do not store credit card information on our servers. Stripe's privacy policy applies to payment data.

3. AI Processing & Google Gemini

🛡️ We Do NOT Train AI on Your Data

Critical Privacy Protection: We explicitly do not use your data to train or improve AI models. Your content is processed for analysis and generation purposes only, and is not used for machine learning or model training. We do not share or sell your data to third parties.

Google Gemini Integration

We use Google's Gemini AI models to provide AI-powered analysis and content generation. We take your privacy seriously:

  • No Data Training: Your data is never used to train or improve AI models
  • No Third-Party Sharing: We do not share your content with third parties
  • No Data Sales: We never sell your data to anyone
  • Immediate Processing Only: Your content is processed only for your immediate needs

Your RFP documents, proposals, and other content are processed for your immediate needs only and remain completely private.

AI-Powered Support Chat

Our in-app support chat uses AI to provide immediate assistance. Your chat messages are processed by AI to generate helpful responses in real time. When the AI cannot resolve your inquiry, the conversation is escalated to our human support team for follow-up. Chat transcripts may be reviewed by authorized support staff to ensure quality and resolve your issue.

Google AI Privacy Policies

For complete transparency, please review Google's AI privacy policies:

4. Data Storage & Security

Cloud Infrastructure

We host our platform on DigitalOcean cloud infrastructure, which provides enterprise-grade security and reliability. All data is stored in US-based data centers with appropriate physical and digital security measures.

DigitalOcean Privacy Policy

Security Measures

  • Encryption at Rest: All sensitive data including passwords and personal information is encrypted using AES-256-GCM encryption before storage
  • Encryption in Transit: All communications use TLS/HTTPS encryption
  • Access Control: Role-based access control (RBAC) with multi-tenant isolation
  • Secure Authentication: Passwords are hashed using bcrypt with secure session management
  • Audit Logging: Comprehensive audit trails of security-sensitive activities including login attempts, password changes, data exports, and account modifications
  • Network Security: Firewalls, intrusion detection, and continuous monitoring
  • Regular Backups: Automated encrypted backups for data recovery
  • Privacy: We do not share or sell your data to third parties

Data Isolation

Each customer's data is isolated through multi-tenant architecture, ensuring that your data cannot be accessed by other customers or unauthorized users.

5. Data Retention

We retain your data for as long as your account is active and for a reasonable period thereafter to comply with legal obligations and resolve disputes.

Immediate Hard Delete: When you request account deletion, either through your account settings or by contacting us, we perform an immediate hard delete. This means your data is permanently and irreversibly removed from our systems with no recovery option.

We do not implement soft delete processes. All account deletions are permanent and immediate. Some anonymized usage data may be retained for analytics purposes, but all personally identifiable information is permanently removed.

6. Your Rights

Data Access & Export

You have the right to access and export all your data at any time through your account settings. We provide comprehensive data export functionality that includes:

  • Profile Data: Your account information, email, name, and preferences
  • Proposals: All proposals and documents you have created
  • Knowledge Base: All uploaded knowledge base documents and files
  • Activity History: Usage history and activity logs
  • Team Data: Team member information and collaboration history (for organization owners)

Data exports are provided in JSON format for machine-readability and portability. All data exports are logged for security purposes and you will receive email confirmation when exports are generated.

Data Deletion

You can request complete deletion of your account and all associated data. This can be done through your account settings (for account owners) or by contacting us directly.

Important: Account deletion is immediate and permanent. Once deleted, your data cannot be recovered. This includes all proposals, documents, knowledge base files, and account information. Please ensure you have exported any data you wish to keep before requesting deletion.

Data Correction

You can update and correct your personal information at any time through your account settings.

Opt-out Rights

You can opt out of marketing communications and certain data processing activities while maintaining access to core platform functionality.

7. Cookies & Analytics

We use cookies and similar technologies to provide and improve our Service. This includes:

  • Essential Cookies: Required for platform functionality and security
  • Session Management: To maintain your login state and preferences
  • Performance Monitoring: To analyze platform performance and identify issues

Google Analytics

We use Google Analytics to understand how users interact with our platform. Google Analytics collects information such as:

  • Pages visited and time spent on pages
  • Browser type and device information
  • Geographic location (country/city level)
  • Referral sources (how you found us)

This data helps us improve our platform and user experience. Google Analytics uses cookies to collect this information. The data is processed by Google in accordance with their privacy policy.

Google Privacy Policy

Sentry Error Monitoring

We use Sentry to monitor application errors and performance. Sentry helps us identify and fix issues to improve your experience. Data collected by Sentry includes:

  • Error details (stack traces, error messages, breadcrumbs)
  • Browser and device information
  • Session replay recordings when errors occur (captures DOM state, clicks, and navigation — sensitive input fields like passwords are masked)
  • Performance metrics (page load times, API response times)

Session replays are only recorded when an error occurs, not during normal usage. This data is retained according to Sentry's data retention policies and is used solely for debugging and improving platform reliability.

Sentry Privacy Policy

You can control cookie settings through your browser, though disabling certain cookies may affect platform functionality. You can also opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

8. Third-Party Services

We integrate with several third-party services to provide our platform functionality:

  • Google Gemini: AI processing and content generation
  • Google Analytics: Website analytics and usage tracking
  • Sentry: Error monitoring, performance tracking, and session replay on errors
  • Stripe: Payment processing and subscription management
  • Email Providers: Transactional emails and notifications
  • DigitalOcean: Cloud hosting and infrastructure

Each third-party service has its own privacy policy, and we encourage you to review them. We only share data necessary for these services to function and we do not share or sell your data to third parties beyond what is required for service operation.

9. International Users

If you are located outside the United States, please note that your information will be transferred to and processed in the United States, where our servers are located.

For users in the European Union, we comply with the General Data Protection Regulation (GDPR) and provide additional rights and protections as outlined in this policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending an email notification to registered users
  • Displaying a notice in the platform

Your continued use of the Service after any changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Bluehall Technologies, LLC

Product: Craxy AI®

Email: [email protected]

Location: Maryland, United States

We will respond to all privacy-related inquiries within 30 days.