Logo

CraftCX

Back to Home

Privacy Policy for CraftCX

Our privacy policy explains how CraftCX collects, uses, stores, and shares data when you use CraftCX or visit our website.

Effective Date: March 19, 2026

1. Introduction

At CraftCX, we value privacy and aim to be clear about what we do with data.

This Privacy Policy explains how CraftCX LLC (“CraftCX,” “we,” “us”) collects, uses, stores, and shares information when you visit our website, engage with us as a business contact, or use CraftCX.

CraftCX helps organizations evaluate AI-supported customer service by analyzing support interactions and generating scores, summaries, classifications, and related insights.

This policy is written for a business-to-business service. It covers both data we control directly and data we process on behalf of customers.

2. Who This Policy Applies To

This policy applies to:

  • Website visitors who browse craftcx.com (including subdomains) or submit forms;
  • Customers and prospective customers who create accounts, request demos, buy subscriptions, or communicate with us;
  • Customer users who access CraftCX on behalf of their organization;
  • End users whose support interactions may be submitted to CraftCX by our customers for analysis.

Our role depends on the data

CraftCX acts as a controller for data about website visitors, prospective customers, customer users, billing contacts, and other direct business relationship data. That means we decide how that data is used for operating our business.

CraftCX generally acts as a processor for support conversations, tickets, transcripts, and related service data that customers submit to CraftCX for analysis. In those cases, the customer generally decides why the data was collected in the first place and why it is submitted to CraftCX.

For customer-submitted service data:

  • the relevant customer is generally responsible for providing any required privacy notices to its own end users;
  • the relevant customer is generally the first point of contact for end-user privacy requests relating to that data; and
  • CraftCX assists customers with such requests where required by contract or applicable law.

3. What Data We Collect

a) Account and business relationship data

This may include:

  • name, work email, company name, job title, and other business contact details;
  • account, login, workspace, and subscription records;
  • communications with us, including sales, support, and onboarding communications; and
  • billing and transaction records handled through our payment providers.

b) Customer-submitted service data

Customers may submit or connect support interaction data to CraftCX, including:

  • support messages, ticket content, chat transcripts, and email threads;
  • ticket or conversation metadata, such as identifiers, timestamps, subjects, status, or configured AI tool details;
  • internal notes or similar fields, if included by the customer in the source data;
  • attachments, exports, or linked content provided for analysis or export workflows; and
  • webhook or integration payloads sent from connected helpdesk systems.

c) Derived product data

When CraftCX products analyze submitted service data, we may generate:

  • QA assessments, labels, classifications, and confidence signals;
  • summaries, explanations, recommendations, and other model outputs; and
  • reporting, benchmarking, and analytics derived from submitted interactions.

d) Technical and usage data

We may collect technical and usage information such as:

  • IP address and approximate location inferred from IP;
  • browser, device, operating system, and session data;
  • product usage events, page views, and feature interaction data;
  • log data, diagnostic data, and error telemetry.

e) Cookies and similar technologies

We use cookies and similar technologies for site functionality, security, and analytics. You can manage certain browser-based controls through your browser settings.

Important note about submitted content

Support conversations submitted to CraftCX may include personal data. Depending on what a customer chooses to send us, that content may also incidentally include sensitive information. Customers are responsible for deciding what source data to submit to the service.

4. How We Use Data

We use data to:

  • provide, operate, secure, and maintain CraftCX and our website;
  • create and manage customer accounts, workspaces, and configured integrations;
  • analyze submitted support interactions and generate scores, summaries, classifications, QA results, and related insights for customers;
  • provide onboarding, customer support, troubleshooting, and service communications;
  • monitor reliability, investigate misuse, detect abuse, and protect the service;
  • process orders, subscriptions, invoices, and related billing operations;
  • understand product usage and improve our services;
  • create aggregated or de-identified analytics and benchmarking outputs, where applicable; and
  • comply with legal obligations and enforce our terms.

We do not use customer-submitted service data to train our own general-purpose models.

5. Legal Bases for Processing

Where GDPR or UK GDPR applies, our legal bases may include:

  • Contractual necessity — for example, to provide CraftCX, manage accounts, and fulfill our obligations to customers;
  • Legitimate interests — for example, to secure the service, respond to inquiries, improve functionality, and understand usage;
  • Consent — where required, such as for certain analytics or similar technologies; and
  • Legal obligation — for example, to maintain required records or respond to lawful requests.

When we process customer-submitted service data on behalf of a customer, the customer is generally responsible for identifying the appropriate legal basis for that processing.

6. Data Sharing and Subprocessors

We do not sell personal data.

We share data only as needed to operate our business and provide CraftCX, including with service providers that help us host the service, process payments, monitor performance, analyze usage, store export files, and process AI workloads.

Our current subprocessor list is published here:

We may also disclose information:

  • at a customer’s direction;
  • to comply with law or lawful process;
  • to protect rights, safety, and security; or
  • in connection with a merger, acquisition, financing, or similar corporate transaction.

7. International Transfers

Data may be processed in the United States and in other countries where CraftCX or our service providers operate.

Where required, we use contractual or other recognized safeguards for cross-border transfers. These safeguards are separate from our security practices.

Additional technical and organizational measures may include encryption, access controls, and logging.

8. Data Security

We use administrative, technical, and organizational measures designed to protect personal data, including:

  • encryption in transit and at rest where supported by our infrastructure and service providers;
  • access controls designed around role or least-privilege principles;
  • logging and monitoring for reliability and security events;
  • vendor-managed cloud infrastructure and managed services; and
  • backup and recovery measures appropriate to the service.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Data Retention

We retain different categories of data for different periods, depending on the purpose and legal requirements.

a) Website analytics, logs, and diagnostic data

We generally retain these records for a limited period needed for analytics, debugging, security, and service operations.

b) Account, contract, and billing data

We generally retain this data for the life of the account or business relationship and for a reasonable period afterward as needed for legal, tax, accounting, audit, fraud-prevention, and recordkeeping purposes.

c) Customer-submitted service data

We generally retain customer-submitted service data for the duration of the customer relationship, unless the customer deletes it earlier or different retention terms are agreed in writing.

After termination, we generally delete or de-identify customer-submitted service data within a reasonable wind-down period, unless retention is required by law or needed to resolve security, fraud, or legal issues.

d) Derived product data

Derived product data tied to customer-submitted service data is generally retained on a similar basis to the underlying customer-submitted service data, unless it has been aggregated or de-identified.

e) Backups and archived copies

Backups and archived copies may persist for a limited additional period before being overwritten or deleted.

If an individual wants deletion of data that a customer submitted to CraftCX, that request should generally be directed to the relevant customer first. We assist customers with such requests where required.

10. Privacy Rights

If GDPR, UK GDPR, or similar laws apply, individuals may have rights that can include access, correction, deletion, restriction, objection, withdrawal of consent where applicable, and data portability.

If CraftCX controls the data directly

For website, account, billing, or other direct business relationship data that CraftCX controls, you can contact us at privacy@craftcx.com.

If the data was submitted to CraftCX by a customer

If your data appears in support interactions submitted to CraftCX by one of our customers, you should generally contact that customer organization first. They are usually best positioned to authenticate and respond to the request.

CraftCX will assist customers with applicable requests relating to processor data where required by contract or law.

If you are not satisfied with our response where we act as controller, you may lodge a complaint with your local data protection authority.

11. AI Processing

CraftCX may use AI systems and service providers acting on our behalf to analyze customer-submitted service data.

Depending on the workflow, processing may produce:

  • scores and QA assessments;
  • classifications, labels, and flags;
  • summaries, explanations, and recommendations; and
  • analytics or benchmark outputs derived from submitted interactions.

Human review may also occur where appropriate for customer support, debugging, abuse prevention, reliability, quality review, or investigation of suspected misuse.

We do not use customer-submitted service data to train our own general-purpose AI models. If we materially change how customer content is used for AI training, we will update this policy and related customer documentation.

12. Children's Data

CraftCX is a business product and is not intended for children. We do not knowingly collect personal data directly from children through CraftCX.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version on our website and revise the effective date above.

14. Contact Information

CraftCX LLC
California, USA
Email: privacy@craftcx.com
General inquiries: hello@craftcx.com
Website: https://craftcx.com

Logo

CraftCX

Support is a craft. We measure it.

LinkedIn
HomeContactSign InSign UpDocumentation

Resources

PricingIntegrationsAXIS MetricTry AXIS

Legal

PrivacyTermsSubprocessors