crevioCrevio
Startfree

Privacy Policy

Last updated May 17, 2026

This Privacy Policy explains how Crevio, Inc. ("Crevio," "we," "us," or "our") collects, uses, stores, and shares personal information when you use the Crevio website, product, API, MCP server, and related services (collectively, the "Service").

This policy is incorporated into and forms part of our Terms of Service. For a current list of third parties that process personal data on our behalf, see our Subprocessors page.

1. Information We Collect

  • Account information: email, name, profile fields, timezone, account role, and authentication metadata.
  • Authentication data: credentials, OAuth tokens (for connected sign-in providers such as Google, Discord, and Telegram), and magic-link session data.
  • Usage information: product actions, agent task history, generation logs, performance and diagnostic events.
  • Communication data: support messages, inbound and outbound emails, and related metadata.
  • Integration data: OAuth tokens, API keys, and configuration metadata for third-party services you connect (including Stripe Connect for payouts and any social or marketing accounts you authorize).
  • Device and network data: IP address, user agent, language, and session and cookie identifiers.
  • Billing data: saved payment method identifiers (held by Stripe; we do not store full card numbers), transaction records, subscription state, and Stripe Connect account identifiers for payouts.
  • Customer payment data: transaction records, subscription status, and chargeback or dispute metadata for payments your customers make through the Service (processed by Stripe).
  • AI generation data: prompts, generated media (text, image, video, audio), embeddings, and associated metadata, persisted to your media library.
  • Sandbox and infrastructure data: code, files, environment variables, and execution logs you place in provisioned sandboxes. Credentials used to access provisioned resources are encrypted at rest.
  • Marketing measurement data: conversion events, page views, and similar attribution data sent to advertising platforms (such as Meta and Google) via cookie or server-side API, subject to your consent where required.
  • Public storefront data: product listings, landing-page content, and any other content you choose to publish on a Crevio-hosted storefront, subdomain, or custom domain.

2. How We Use Information

  • Provide, operate, and secure the Service, including authentication, multi-tenant account management, and billing.
  • Execute autonomous and user-triggered workflows using your settings, prompts, and connected tools.
  • Generate AI content (text, image, video, audio) using third-party AI model providers.
  • Provision and manage cloud sandboxes and related infrastructure on your behalf.
  • Send outbound communications on your behalf (including customer receipts, drip emails, and operational notifications) and to you (including service notices and product updates).
  • Process subscriptions, AI-credit purchases, and merchant payouts via Stripe and Stripe Connect.
  • Display public, anonymized, or summarized activity on platform-wide pages (for example, a live activity dashboard) and host your storefront content where you have enabled public visibility.
  • Monitor quality, detect and prevent abuse and fraud, investigate incidents, and improve reliability.
  • Measure marketing and attribution performance, subject to consent where required.

3. Why We Process Data

We process personal data where needed to:

  • Perform our contract with you (service delivery, agent execution, infrastructure provisioning, and support).
  • Comply with legal and regulatory obligations.
  • Pursue our legitimate business interests (security, fraud prevention, account analytics, product improvement, and platform-wide aggregated reporting).
  • Rely on your consent for non-essential cookies and marketing analytics where applicable law requires consent.

4. How We Share Information

We share personal data with service providers that help us deliver the Service. We may also disclose data when required by law, to enforce our terms, or to protect rights, property, or safety. We may share aggregated or de-identified data that does not identify you.

We do not sell personal information.

Specific categories of sharing:

  • Payment processing. Stripe processes payments, payouts, and subscriptions. For merchant payouts we use Stripe Connect; see Stripe's privacy policy for further information.
  • AI model providers. Prompts and inputs are routed to one or more model providers (currently including OpenAI, Anthropic, Google, OpenRouter, and Cloudflare AI Gateway) for inference. We aim to use providers with zero data retention or short retention windows for API requests where available.
  • AI media providers. Generation requests for images, video, and audio are routed to providers such as fal.ai. Generated outputs are stored in your media library on our infrastructure.
  • Sandbox and compute providers. Provisioned sandboxes are operated using providers such as Daytona and Cloudflare. Sandbox execution data is processed by these providers under our agreement with them.
  • Email delivery. Transactional emails are sent via Resend; product and marketing email sequences may be sent via Loops.
  • Analytics and error monitoring. PostHog (product analytics, where consented), Ahoy (internal analytics), and Sentry (error monitoring) receive event and diagnostic data, which may include user identifiers and limited context.
  • Hosting and storage. Application data is hosted on cloud infrastructure providers; uploaded media is stored on AWS S3. DNS, CDN, and edge functions for storefront subdomains and custom domains are operated using Cloudflare.
  • Advertising platforms. Conversion and attribution events may be sent to platforms such as Meta and Google for advertising measurement, subject to your consent and applicable hashing or anonymization.
  • Public dashboards and hosted storefronts. Content you choose to make public is visible to anyone who visits the relevant page. Summarized or anonymized activity may appear on platform-wide showcases.

The full current list is at /legal/subprocessors.

5. Cookies and Tracking

Crevio uses cookies and similar technologies for authentication, fraud prevention, analytics, and (with consent where required) marketing measurement. You can manage cookie settings in your browser. Disabling required cookies may impact core product functionality.

6. Data Retention

  • Account and operational records are kept for as long as needed to provide the Service.
  • If you delete your account, we apply a soft-delete period of up to 30 days before permanent deletion, unless longer retention is required by law or for legitimate security, accounting, or fraud-prevention purposes.
  • AI generation data (prompts and generated media) is retained until you delete it, or until the soft-delete period following account termination expires.
  • Sandbox content (code, files, logs) is retained for the duration of the sandbox's lifetime and for up to 30 days in execution logs.
  • Sandbox and integration credentials are deleted on resource teardown.
  • Billing records are retained for the period required by tax and accounting law (typically several years).
  • Aggregated or de-identified data that does not identify you may be retained indefinitely.

7. Security

We use technical and organizational safeguards designed to protect personal data, including:

  • OAuth tokens and integration credentials encrypted at rest.
  • Sandbox and infrastructure credentials encrypted at rest.
  • Payment processing handled by Stripe; we do not store full card numbers.
  • Conversion events sent to advertising platforms use hashing for personally identifiable fields where supported.
  • Production access is restricted to authorized personnel; we maintain audit logging and error monitoring (via Sentry) for security events.

No method of storage or transmission is perfectly secure. Absolute security cannot be guaranteed.

8. Your Choices and Rights

  • Access and update profile information from your account settings.
  • Request account deletion from your settings or by contacting hello@crevio.co.
  • Export your data to the extent supported in-product before account deletion.
  • Manage marketing emails using the unsubscribe link in any marketing message. Operational and security emails are not opt-out.
  • Disconnect integrations in account settings at any time.
  • Manage cookie and tracking preferences in your browser and (where presented) our cookie banner.

9. US State Privacy Rights

If you are a resident of a US state with applicable privacy legislation (such as California, Colorado, Connecticut, Virginia, Texas, Oregon, or similar), you may have additional rights, including the right to access, correct, or delete your personal information, and the right to opt out of certain data sharing.

We do not sell personal information. We do not use personal information for targeted advertising beyond the marketing attribution described in this policy and our Subprocessors page. To exercise your rights, contact hello@crevio.co.

10. European and UK Data Rights

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have rights under applicable data protection law to access, correct, delete, restrict, or object to processing of your personal data, and to data portability. You may also withdraw consent at any time without affecting the lawfulness of prior processing.

You have the right to lodge a complaint with your local supervisory authority. To exercise your rights, contact hello@crevio.co.

11. International Data Transfers

Crevio and its providers may process data in countries outside your residence, including the United States. We use contractual and operational safeguards designed to protect transferred personal data, including standard contractual clauses where applicable.

12. Children

Crevio is not intended for individuals under 18, and we do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact hello@crevio.co and we will take appropriate steps to delete it.

13. Changes to This Policy

We may update this Privacy Policy. The effective date above indicates the current version. Continued use of the Service after updates means the updated policy applies. Material changes will be communicated in-product or by email.

14. Contact

For privacy questions or to exercise your rights, contact hello@crevio.co.