Last updated: April 16, 2026
We collect only what is necessary to provide the service: account credentials, subscription identifiers, and usage signals to maintain security and performance. We do not sell your data, share it across tenants, or use it for advertising.
We collect your name, email address, and organization details when you create an account. We collect usage data — pages visited, features used, queries run — to maintain platform security and improve the service. We do not collect data beyond what is required to operate the platform.
Your data is used solely to provide and improve CrestPoint AI services: authenticating your account, processing your subscription, delivering risk intelligence outputs, and maintaining audit logs in support of your compliance obligations. We do not use your data for marketing to third parties or sell it to any external party.
Payments are processed by Stripe. We do not store full card details on our servers. Stripe may store payment method details in accordance with their own privacy policy and PCI-DSS compliance program.
Risk signal history, alert records, and audit logs are retained for 24 months by default. Disclaimer acknowledgments are retained permanently as immutable compliance records. You may request deletion of your personal data at any time — deletion requests are honored with documented confirmation within 30 days.
Each organization's data is isolated at the database level. No data is shared across tenant accounts. Row-level security is enforced at the database layer, not just the application layer.
We apply reasonable administrative, technical, and physical safeguards to protect your data. All data is encrypted in transit and at rest. Access is controlled by role-based permissions. No system is perfectly secure — in the event of a breach affecting your data, we will notify you promptly.
You have the right to access, correct, export, or delete your personal data at any time. For EU-connected users, your rights under GDPR apply. For California-based users, your rights under CCPA apply. A data processing agreement (DPA) is available on request for regulated clients.
For privacy inquiries, data requests, or to request a data processing agreement, use the button below. We respond to all privacy inquiries within 5 business days.
CrestPoint AI / GDI Risk Advisory Group LLC · Dallas, Texas · Compliance & Audit Framework · Terms of Use