Privacy Policy

Last Updated: January 2025

1. Introduction

Welcome to Datacrumb (“we,” “our,” or “us”). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our enterprise AI knowledge management platform (the “Service”).

By accessing or using Datacrumb, you agree to the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

We collect information that you directly provide to us:

  • Account Information: Name, email address, password, organization name, and profile information
  • Organization Data: Team structure, department information, project details, and workspace configurations
  • Content Data: Documents, files, messages, conversations, workflow configurations, and any other content you upload, create, or share through the Service
  • Payment Information: Billing details, payment method information (processed securely through third-party payment processors)
  • Communications: Information you provide when contacting our support team or participating in surveys

2.2 Information from Connected Services

When you connect third-party services to Datacrumb, we collect:

  • Integration Data: Content and metadata from connected services including Google Workspace, Microsoft 365, Slack, Notion, Linear, Jira, GitHub, and other supported integrations
  • Authentication Tokens: OAuth tokens and API credentials necessary to access your authorized data from connected services
  • Permission Information: Access control lists and permission settings from source systems to maintain security boundaries

2.3 Automatically Collected Information

We automatically collect certain information when you use our Service:

  • Usage Data: Search queries, workflow executions, document access patterns, feature usage, and interaction data
  • Technical Data: IP address, browser type, device information, operating system, and access times
  • Performance Data: System performance metrics, error logs, and diagnostic information
  • Cookies and Tracking: Session cookies, authentication tokens, and analytics data (see Section 8 for details)

2.4 AI and Machine Learning Data

To provide AI-powered features, we process:

  • Vector Embeddings: Mathematical representations of your content for semantic search (we use OpenAI's text-embedding-3-small model)
  • Conversation Context: Chat history and message threads to maintain conversation continuity
  • Query Patterns: Aggregated and anonymized search patterns to improve relevance

3. How We Use Your Information

We use the information we collect to:

  • Provide Core Services: Enable search, document processing, workflow automation, and AI-powered features
  • Maintain Security: Authenticate users, enforce permissions, detect unauthorized access, and prevent fraud
  • Improve Performance: Optimize search relevance, enhance AI model accuracy, and improve system performance
  • Enable Collaboration: Facilitate team communication, shared workspaces, and activity feeds
  • Provide Support: Respond to inquiries, troubleshoot issues, and deliver customer assistance
  • Send Communications: Deliver service notifications, security alerts, and (with your consent) product updates
  • Ensure Compliance: Meet legal obligations, enforce terms of service, and maintain audit trails
  • Develop Features: Research and develop new capabilities based on aggregated usage patterns

4. Data Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information or organizational data to third parties for their marketing purposes.

4.2 Third-Party Service Providers

We share data with trusted service providers who assist us in operating the Service:

  • AI and Machine Learning: OpenAI, Anthropic, Google AI, and AWS Bedrock for AI processing (subject to their enterprise data processing agreements)
  • Cloud Infrastructure: AWS for hosting, storage, and computing resources
  • Search and Database: OpenSearch for search indexing, PostgreSQL for data storage
  • Authentication: OAuth providers (Google, Microsoft) for secure sign-in
  • Payment Processing: Payment processors for billing (they handle payment data directly)
  • Analytics: Analytics providers for usage insights (with anonymized data where possible)

All service providers are contractually bound to protect your data and use it only for the purposes we specify.

4.3 Within Your Organization

Data is shared within your organization according to the permissions you configure. We respect source system permissions and maintain fine-grained access controls using SpiceDB.

4.4 Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal processes or government requests
  • Enforce our Terms of Service
  • Protect our rights, privacy, safety, or property
  • Prevent fraud or security threats
  • Protect the rights and safety of our users

4.5 Business Transfers

If Datacrumb is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

5. Data Security

We implement comprehensive security measures to protect your information:

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Fine-grained permissions with SpiceDB, role-based access control, and multi-factor authentication
  • Infrastructure Security: Secure cloud infrastructure with AWS, isolated databases, and network segmentation
  • Authentication: OAuth 2.0, secure session management, and API key protection
  • Monitoring: Real-time security monitoring, intrusion detection, and comprehensive audit logging
  • Data Isolation: Organization-level data segregation with strict multi-tenant boundaries
  • Regular Audits: Security assessments, penetration testing, and compliance reviews
  • Incident Response: Dedicated security team and incident response procedures

While we use industry-standard security measures, no system is 100% secure. We cannot guarantee absolute security but continuously work to improve our protections.

6. Data Retention and Deletion

6.1 Retention Periods

We retain different types of data for varying periods:

  • Active Account Data: Retained while your account is active and for a reasonable period after account closure
  • Document and Content Data: Retained until you delete it or close your account
  • Audit Logs: Retained for 90 days to 7 years depending on compliance requirements
  • Backup Data: Retained in backups for up to 90 days after deletion
  • Aggregated Analytics: May be retained indefinitely in anonymized form

6.2 Your Right to Delete

You have the right to request deletion of your data:

  • Personal Data Clearing: You can clear connector-specific data or all personal index data through your settings
  • Account Deletion: Request complete account deletion, which removes all associated data
  • GDPR Right to Erasure: EU users can exercise their right to be forgotten

Note: Some data may be retained in backups for up to 90 days after deletion, and we may retain anonymized data for analytics.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (right to erasure)
  • Data Portability: Request your data in a structured, machine-readable format
  • Restriction: Request restriction of processing under certain circumstances
  • Objection: Object to processing of your personal information
  • Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at privacy@datacrumb.ai. We will respond to your request within 30 days.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Essential Cookies: Required for authentication, security, and core functionality
  • Performance Cookies: Help us understand how users interact with the Service
  • Functional Cookies: Remember your preferences and settings

You can control cookies through your browser settings, but disabling essential cookies may affect functionality.

9. International Data Transfers

Datacrumb is operated from the United States. If you access the Service from outside the U.S., your information may be transferred to, stored, and processed in the U.S. or other countries where our service providers operate.

We ensure appropriate safeguards are in place for international transfers, including:

  • Standard Contractual Clauses approved by the EU Commission
  • Data Processing Agreements with service providers
  • Compliance with applicable data protection regulations

10. Children's Privacy

Datacrumb is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately.

11. Third-Party Integrations

When you connect third-party services (Google Drive, Slack, Jira, etc.) to Datacrumb:

  • We access only the data you explicitly authorize through OAuth consent screens
  • We respect the privacy policies and terms of service of connected platforms
  • We maintain permission synchronization to ensure you only see data you're authorized to access
  • You can disconnect integrations at any time through your settings

Please review the privacy policies of third-party services you connect to Datacrumb.

12. AI and Machine Learning

12.1 How We Use AI

We use AI and machine learning to power features including:

  • Semantic search with vector embeddings
  • Natural language processing for chat and queries
  • Document summarization and analysis
  • Workflow automation and intelligent routing
  • Knowledge graph generation

12.2 AI Provider Data Processing

We use enterprise-grade AI providers (OpenAI, Anthropic, Google AI, AWS Bedrock) with the following protections:

  • No Training on Your Data: Your data is not used to train provider models under enterprise agreements
  • Data Processing Agreements: Contractual protections for how your data is handled
  • Temporary Processing: Data sent to AI providers is processed and not retained by them
  • Encryption in Transit: All AI API calls use encrypted connections

12.3 Vector Embeddings

We generate vector embeddings (mathematical representations) of your content for semantic search. These embeddings:

  • Are stored securely in our OpenSearch infrastructure
  • Cannot be reverse-engineered to recreate original content
  • Are isolated by organization and respect access permissions
  • Are deleted when you delete the associated content

13. Business Customers

If you use Datacrumb through an organization or enterprise account:

  • Your organization's administrator controls your account and may access your usage data
  • Organization policies may apply in addition to this Privacy Policy
  • Data processing terms are governed by our enterprise agreements
  • Organization administrators can configure data retention and deletion policies

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated policy on this page
  • Updating the “Last Updated” date at the top of this policy
  • Sending email notification for significant changes (if you have an account)
  • Displaying a prominent notice within the Service for major updates

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@datacrumb.ai

Support: support@datacrumb.ai

Privacy Inquiries: For GDPR-related inquiries, contact privacy@datacrumb.ai

We are committed to resolving privacy concerns in a timely and transparent manner. We will respond to your inquiry within 30 days.

Effective Date: January 2025

This Privacy Policy applies to all users of Datacrumb's services, including our web application, API, and integrations.

Datacrumb

From promise to proof. Track every commitment from sold to delivered.

Company

AboutCareersContact

Legal

Privacy PolicyTerms and Conditions

© 2026 Datacrumb, Inc. All rights reserved.