PRIVATE BETA · INVITATION ONLY
The World’s First True Digital Co-Founder™. Beta starts soon.
CR3SCENDO AI/Privacy Policy

Privacy Policy

Version 1.2-draft · Effective 2026-05-26

These terms are effective as of 2026-05-26. They may be updated before our platform reaches general availability. Material changes will be communicated to registered users.

Introduction

CR3SCENDO AI, Inc. ("CR3SCENDO AI," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and related services.

Data We Collect

We collect information you provide directly, information generated through your use of our services, and information from third-party sources. Categories include:

  • Account information: name, email address, organization details
  • Business data: formation documents, financial records, compliance filings you create through the platform
  • Payment information: processed securely by Stripe; we do not store full card numbers
  • Usage data: anonymized analytics collected via PostHog
  • AI interaction data: conversation logs and generated outputs, stored per-organization
  • Shared-content recipients: when you share content (such as a fireside episode) with someone, the recipient’s name and email, your name and email, and any optional note. We send one email per share, never a follow-up, and recipients can unsubscribe with one click

How We Use Your Data

  • To provide, maintain, and improve the CR3SCENDO AI platform
  • To process transactions and send related information
  • To execute business formations, filings, and compliance tasks on your behalf
  • To power AI-assisted features (with PII redaction before external processing)
  • To send service notifications and updates
  • To detect, prevent, and address fraud or technical issues

AI and PII Protection

All data sent to external AI providers (Anthropic, Google, xAI, Perplexity AI) passes through our ComplianceMux layer, which redacts personally identifiable information (PII) before transmission. Redacted fields include SSNs, EINs, email addresses, phone numbers, and payment card numbers. Token maps for re-hydration are stored ephemerally and expire within one hour.

Sub-Processors

We use third-party sub-processors to deliver our services. For the current list, see our Sub-Processor List. We will update this page when sub-processors change and notify affected customers.

Cohort Benefit Metadata

CR3SCENDO AI operates a Cohort Benefit Metadata capability so that what one founder learned (and what one founder did wrong) can help the next founder, without exposing any founder's private data to another founder. The architecture is structural, not promise-based: your raw data is technically incapable of reaching another tenant. The detail of how this works lives in the Cohort Benefit Policy. The privacy-relevant rules are summarized below.

Five-Class Data Taxonomy

Every event captured on the platform is classified, at the moment of capture, into one of five privacy classes:

  • C1, Private content. Your actual data. Raw text, numbers, PII, financial values, vault contents, document bodies. NEVER shared. NEVER leaves your tenant. Enforced by row-level security and column-level encryption.
  • C2, Identifying metadata. Anything that could re-identify you, your company, or your counter-parties: names, emails, addresses, EIN, distinctive customer counts, distinctive product names. NEVER shared. NEVER leaves your tenant in raw form. Used only for your own dashboard.
  • C3, Decision-shape metadata. The SHAPE of an interaction without its specifics. Example: "Founder asked a question in the formation domain at step X of the wizard." No identifying values. No content payload. Eligible, with your consent, for anonymized aggregation across founders.
  • C4, Outcome-shape metadata. What HAPPENED at the shape level after a decision. Example: "Founder filed entity within N days." No identifying values. No dollar amounts. No customer-specific specifics. Eligible, with your consent, for anonymized aggregation across founders.
  • C5, Pattern-level signal. "Founders in cohort X who chose option O at decision D experienced outcome Y at frequency F." Derived inside the platform from C3 and C4 across the cohort, fully aggregated and de-identified at construction. You never see who contributed. The founder receiving a recommendation never sees who contributed. C5 patterns are platform-internal and never exposed outside the platform.

What Is Never Shared

Class C1 (private content) and Class C2 (identifying metadata) are NEVER shared across tenants under any condition, including our own analytics. The data-flow architecture, row-level security, and tenant isolation make it technically incapable of reaching another founder's dashboard. There is no policy exception, no "internal research," no "business purpose" override. The trust chain is structural.

What Is Shared (With Consent)

Class C3 (decision-shape) and Class C4 (outcome-shape) enter the cross-tenant synthesis pipeline ONLY if you have not turned off consent for that category. Consent is default-on at signup, explained in plain language, and reversible at any time. The synthesis pipeline produces C5 patterns that flow back to other founders as recommendations.

K-Anonymity Threshold

No pattern leaves the synthesis layer unless at least K founders contributed to it. The default K is 5. For smaller cohorts where re-identification risk is higher (for example, the Researcher cohort), K is set higher. K is never below 3 for any pattern that names a specific decision. Below the threshold, the pattern is suppressed: we do not generate cohort-benefit signal from samples small enough to back-trace to an individual.

Per-Category Reversible Consent

You can toggle off C3, C4, both, or all at any time from your account settings. Past contributions stay aggregated (we cannot retroactively recall a contribution to a pattern already published to other founders), but no future contribution flows. Your consent settings are themselves audit-logged so you can see when they changed and who changed them.

Founder-Visible Audit Log

You can see, at any time, every cohort-benefit extraction performed on your data: the date, the event class (C3 or C4), the cohort pattern it contributed to, and the aggregate count your contribution joined. This is the trust receipt. Without it, the consent would be theatrical.

AI Training Posture

We do NOT train external AI models on your data, of any class, under any consent setting. The cohort-benefit synthesis pipeline produces platform recommendations, not training corpus for third-party models. See our AI Posture Statement for the full surface-by-surface breakdown.

Customer Zero Commitment

CR3SCENDO AI is itself a customer of the platform. Our own operational decisions emit the same C3 and C4 events any other founder's decisions emit, get the same classification, and, with our own consent, contribute to the same C5 patterns visible to other founders. We receive the same cohort-benefit recommendations any other founder receives. We are subject to the same rules.

Data Security

We employ industry-standard security measures including TLS 1.3 for data in transit, AES-256-GCM encryption for sensitive data at rest, row-level security for tenant isolation, and immutable audit trails with SHA-256 hash chains.

Data Sovereignty and Portability

You own your data. We provide full data export capabilities with one-click access. There is no lock-in: you may export all your organization data at any time in standard formats.

Your Rights

  • Access and receive a copy of your personal data
  • Request correction of inaccurate personal data
  • Request deletion of your personal data
  • Object to or restrict processing of your personal data
  • Data portability: receive your data in a structured, machine-readable format
  • Withdraw consent at any time where processing is based on consent

Contact

For privacy-related inquiries, contact us at privacy@cr3scendo.ai.