Cresard
Back to Home

Privacy Policy

Last Updated: January 6, 2026

Our Privacy Pledge

Cresard is designed so that even we cannot "peek" into your company's isolated database. Your business strategy, payroll and communications are your property, secured by physical isolation.

1. Introduction

At Cresard, we are building the Operating System for modern companies. Privacy isn't a feature; it's the foundation of everything we build. This Privacy Policy explains how we collect, use and protect your data within the Cresard ecosystem, including our multi-tenant architecture and AI-driven features.

2. Data Isolation & Multi-Tenancy

Unlike traditional SaaS platforms that share databases across customers, Cresard employs a strict "Database-per-Tenant" strategy.

  • Physical Isolation: Your company's data (users, roles, projects, chat history) resides in a physically isolated database instance.
  • Zero Cross-Contamination: Our architecture ensures that data from one company can never be accessed or leaked to another.
  • Tenant-Specific JWTs: Every request is validated against your unique tenant ID and cryptographically signed tokens.

3. Cue AI & Data Ethics

Our "Cue" AI engine is designed with privacy-first principles. We distinguish between internal processing and high-stakes reasoning.

  • No Global Training: We do NOT train our global foundation models on your proprietary company data.
  • Private LLMs: For sensitive internal data (HR, sentiment), we utilize local processing (Ollama) on private servers within the Cresard ecosystem.
  • Hybrid Transparency: When GPT-4 is used for external sentiment analysis, data is anonymized before processing to protect identity while maintaining nuance.

4. Information We Collect

We collect minimal data necessary to run your Management OS effectively.

  • Account Data: Names, corporate emails, and hashed credentials for authentication.
  • Global Email Mapping: We maintain a high-security global index (users_index) to allow users to access multiple tenant subdomains with one identity.
  • Engagement Metadata: Timestamps and feature usage to help Cue AI provide proactive management cues.

5. Data Ownership & Sovereignty

You own your data. Period.

  • Right to Export: Admin users can request a full export of their tenant-specific database at any time.
  • Right to Erasure: Deleting your Cresard organization triggers a permanent wipe of your isolated database instance from our servers.
  • SOC-2 Compliance: We adhere to industry-leading standards for data availability, integrity, and confidentiality.
Questions about this policy? Contact our Data Protection Officer at privacy@cresard.com.