Privacy Policy for CraftCX

1. Introduction

At CraftCX, we value privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our AXIS product and visit our website.

AXIS is a service provided by CraftCX that enables organizations to evaluate the performance of AI support agents by analyzing customer support interactions.

2. Who This Policy Applies To

This policy applies to:

Visitors to our website;
Customers who sign up for AXIS;
End users whose support interactions are analyzed through AXIS (on behalf of our customers).

We act as a data controller for visitors and customers, and a data processor for end user support data analyzed on behalf of customers.

3. What Data We Collect

a) Data You Provide

Contact information (e.g. name, email, organization)
Account credentials (when applicable)
Support transcripts or tickets submitted for analysis
Billing and payment data (handled via Polar/Stripe)

b) Data We Collect Automatically

IP address, device/browser info, and location (approximate)
Analytics and usage behavior via:
- PostHog (product analytics)
- Google Analytics (website analytics)
- Vercel (hosting and performance metrics)

c) Cookies

We use cookies for functionality, analytics, and marketing attribution. You can manage your cookie preferences through your browser or opt-out of analytics [via link or settings panel].

4. How We Use Your Data

We process data to:

Provide and improve the AXIS platform
Analyze usage patterns and improve product features
Deliver customer support and technical help
Process billing and manage subscriptions
Ensure security and monitor for abuse
Comply with legal obligations

5. Legal Bases for Processing

Under GDPR, our lawful bases include:

Contractual necessity (e.g., delivering AXIS to customers)
Legitimate interest (e.g., improving service, analytics)
Consent (e.g., cookies)
Legal obligation (e.g., tax or compliance records)

6. Data Sharing and Subprocessors

We never sell your data. We use trusted subprocessors who are contractually obligated to safeguard data:

Vercel (hosting - US)
Supabase (database - US)
Trigger.dev (background task processing)
Polar + Stripe (billing)
Google Analytics (analytics)
PostHog (product analytics)

A full list of subprocessors can be requested by emailing [privacy@craftcx.com].

7. International Transfers

Your data may be processed in the United States. We ensure appropriate safeguards are in place, including:

Data encryption at rest
Access controls and audit logging
Standard Contractual Clauses (SCCs) for international data transfers

8. Data Security

We implement industry-standard security practices including:

Encryption at rest and in transit
Role-based access control
Periodic audits and monitoring
Secure hosting environments (e.g. Vercel, Supabase)

9. Data Retention

We retain personal data only as long as necessary to provide the AXIS service and for legitimate legal or operational purposes. You can request data deletion at any time (see Section 10).

10. Your Rights (GDPR / UK GDPR)

If you are in the UK or EEA, you have the right to:

Access your data
Rectify inaccurate data
Request deletion
Restrict or object to processing
Withdraw consent (where applicable)
Data portability

To exercise these rights, contact: privacy@craftcx.com

If you're not satisfied with our response, you may lodge a complaint with your local data protection authority.

11. Children's Data

AXIS is not intended for use by children under 16, and we do not knowingly collect personal data from minors.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on our website with an updated effective date.

13. Contact Information

CraftCX, LLC.
Email: privacy@craftcx.com
Website: https://craftcx.com