Craaft - AI Coding Assistant for Your Favorite IDE

1 - Introduction

Welcome to Craaft ("Craaft", "we", "us" and "our").

Craaft provides software and services that enhance your AI coding workflow, helping developers work better with AI assistants.

The "Websites" means Craaft websites (including without limitation www.craaft.ai, app.craaft.ai and any successor URLs, mobile or localized versions and related domains and subdomains), and the "Services" means Craaft products, applications and services, in each case in whatever format they may be offered now or in the future.

As you use the Services, we collect and process information from and about you in order to provide you with access to the Services, enhance your experience while using the Service, and communicate with you.

2 - Applicability of this Privacy Policy

This policy (the "Privacy Policy") applies to your use of the Services and other interactions (e.g., customer service inquiries) you may have with Craaft. If you do not agree with this Privacy Policy, do not access or use our Services.

A separate agreement (the "Customer Agreement") may be in place between your organization and Craaft that governs delivery, access and use of the Service by users who are authorized by your organization to use its instance of the Service (such Customer-specific instance of the Service is referred to herein as the "Customer Workspace").

The entity who enters into the Customer Agreement with Craaft controls the Customer Workspace used by its authorized users and may set certain rules related to your utilization of the Service, including limitations regarding which third party applications you can connect to via the Service.

If you have questions about your organization's specific Service settings and practices you should contact them directly.

3 - Personal Data We Collect

Account Registration Data That You Provide To Us

When you register for a Craaft account you are required to provide certain personal information (the "Personal Data"), such as your name, and email address, as well as other information that you voluntarily choose to add to your account profile, like a profile photo.

If you choose to register for an account utilizing your credentials from a third party service (such as Google), then your name and email address will be provided to us as permitted by your profile settings within that third party services.

If you are registering for a paid account you will also be required to provide payment information, such as payment card details (collected by our payment service provider), and Single Sign On (SSO) SAML 2.0 credentials.

We will inform you, when requesting your Personal Data, if certain data must be provided or if it is optional. We will also inform you of the consequences should you not wish to provide this data. We also collect the information that you may choose to submit to our customer support team, for example regarding a question you have or a problem you are experiencing with our Services.

This may include your contact information, a summary of the problem you are experiencing and any other documentation or information that would be helpful in resolving the issue (which, at your option, may include Personal Data).

Automatically Collected Data

When you interact with Craaft through the Services, we automatically collect information about you through cookies (small text files placed on your device), mobile device identifier and other technologies.

Please read the "Cookies" section below to learn more about how we use cookies and other technologies. When you visit our Websites, our servers record information ("log data"), including information that your browser automatically sends whenever you visit the Website. This log data includes your Internet Protocol ("IP") address (from which we understand the country you are connecting from at the time you visit the Site), browser type and settings, and the date and time of your request.

Data From Other Services You Link To Your Account

We receive information about you when you or your administrator integrate or link a third-party service with our Services (a "Third Party Service"). For example, if you create an account or log into our Services using your Google credentials, we receive your name and email address as permitted by your Google profile settings in order to authenticate you.

You or your administrator may also integrate other Third Party Services you use with and into our Services. The information we receive when you integrate our Services with a Third Party Service depends on the settings, permissions and privacy policy associated with that Third Party service. Please check the privacy settings and privacy policy of these Third Party Services to understand what data may be disclosed to and shared with us.

Data from Business Partners

If you purchase our Services through a reseller or other Craaft business partner (a "Business Partner"), that Business Partner may provide certain information to us, such as your name, email address, company information, and financial information related to the Services you purchase.

4 - How We Use Your Personal Data

We collect Personal Data for the following purposes:

To Provide The Services And Manage Your Access To And Use Of The Services

We use information about you to provide the Services to you, including to register you for the Services, process transactions with you, authenticate you when you log in, provide customer support, and operate and maintain the Services.

To Communicate With You About The Services And Provide You With Customer Support

We use your contact information to communicate with you about the Services, respond to your customer support questions and requests, and to provide you notices regarding the Services (including notices about your account, product update announcements, security alerts, administrative notifications and the like).

In connection with providing you with customer support, we may also use the information we automatically collect and information that you provide to us and consent for us to view and utilize as part of a support request so that we can respond to your request, analyze information related to your support request, and to repair or improve the Services.

For Research And Development to Improve our Service

So that we can continually improve the functionality of our Services, we utilize our collective learnings about the way users interact with and use the Services, as well as feedback provided directly to us, to troubleshoot issues, fix bugs, enhance functionality, and identify areas for integration and improvement of the Services.

To Market And Promote Our Services

We use your contact information and information about how you use the Services to communicate directly with you, including by sending you newsletters, promotions or information about current and future products and services. You may opt out of receiving such communications at any time by (i) clicking the unsubscribe link included in all the emails you receive or (ii) contacting us as indicated in Section 11 below ("Contact").

For Safety And Security

We use information about you and the way in which you use the Services to verify and authenticate accounts and activity, monitor for suspicious or fraudulent activity and identify violations of our Services policies.

To Protect Our Legitimate Business Interests And Legal Rights

Where required by law, or where we think it is necessary to protect our legal rights and interests or the legal rights and interests of others, we use information about you in connection with legal claims, compliance and regulatory functions. If you ask us to delete your data or to be removed from our marketing lists and we are required to fulfill your request, we will keep basic data to identify you and prevent further unwanted processing. As used above, "legitimate interests" means our interests in conducting our business and managing and delivering the best Services to you. We will not use your Personal Data for activities where the impact on you overrides our interests, unless we have your consent or those activities are otherwise required or permitted by law.

With Your Consent

We use Personal Data about you where you have given us consent to do so for a specific purpose not listed above. For example, with your permission we may publish testimonials or featured customer stories on our Websites to promote the Services, including names and profile photo of representatives of our customers alongside the testimonial.

While providing our Services, we may collect on behalf of our customers information related to our customers' employees, business partners and other individuals. Our use of such information on behalf of our customers is governed by our Customer Agreement with that customer and the customer's own privacy policies. We are not responsible for the privacy policies or privacy practices of customers or other third parties.

5 - How We Share Your Personal Data

In order to provide you with the Service and operate our business effectively, we may need to share your Personal Data with certain third parties and service providers. This section explains when and why we share your information.

Sharing With Third Party Service Providers for Business Purposes

We may share your Personal Data with third party service providers for business purposes.

This Personal Data may include personal identifiers (such as your name and email address), and internet or other electronic network activity information (such as your IP address, type of browser, version of operating system, carrier and/or manufacturer, device identifiers, and mobile advertising identifiers), and location data.

We disclose these categories of Personal Data to service providers who assist us in fulfilling the following business purposes:

Maintaining and delivering the Service (including hosting, back-up and other IT service providers, billing and payment processing services),
Providing you with customer service,
Detecting and preventing fraud,
Analyzing and improving the Service (including via website analytics and data science service providers)
Providing marketing and advertising services for Craaft (including digital advertising services, CRM services, and marketing and sales software solutions).

These third party service providers are provided only with that Personal Data that is necessary to perform the services we have hired them to provide.

Sharing With Our Subsidiaries And Affiliates

Craaft is managed and operates primarily out of France. We allow our French subsidiary, Craaft SAS, and its employees and agents to access your Personal Data for the purposes described in this policy (this sharing is in our legitimate interest).

For Legal Purposes to Protect Craaft and the Service

We may disclose your Personal Data if required to do so by law or if we have a good faith belief that such action is necessary to (i) comply with a legal obligation or lawful requests by public authorities, including to meet national security or law enforcement requirements, (ii) protect and defend the rights or property of Craaft, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability.

In Connection With a Sale or Merger

As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets.

With Your Consent

We may share Personal Data about you with third parties when you give us consent to do so. For example, with your permission we may publish and display testimonials or featured customer stories on our Websites, including names and profile photo of representatives of our customers alongside the testimonial.

6 - Data Retention

Craaft generally retains your Personal Data for a period of time consistent with the original purpose of collection. For instance, we may retain your Personal Data during the time you have an account to use our Websites or Services, or as agreed in our subscription agreements, and for a reasonable period of time thereafter. We also may retain your Personal Data as necessary to comply with our legal obligations, to establish proof of a right or a contract, resolve disputes, enforce our agreements, in accordance with the law.

Your credit card information is stored no longer than the time necessary to allow the fulfillment of the transaction, except in the case of a subscription, to facilitate the payment of regular customers. In that case, credit card information is stored for the whole duration of your subscription and at least until the date at which you carry out your last transaction. Such storage is implemented by our secured payment service provider Stripe. By subscribing to our Services, you agree to this storage. Data relating to the visual cryptogram or CVV2 on the back of your credit card is not stored.

7 - Privacy Shield

Craaft complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union and Switzerland to the United States. Craaft has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit privacyshield.gov.

JAMS is the US-based independent organization responsible for reviewing and resolving complaints about our Privacy Shield compliance – free of charge to you. We ask that you first submit any such complaints directly to us at kevin@craaft.ai.

If you are not satisfied with our response, please contact JAMS at www.jamsadr.com/eu-us-privacy-shield. In the event that your concern still is not addressed by JAMS, you may be entitled to a binding arbitration under Privacy Shield and its principles.

Craaft is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with respect to its compliance with the provisions of the EU-US and Swiss-US Privacy Shield. Within the scope of our authorization to do so, and in accordance with our commitments under the Privacy Shield, Craaft will provide individuals access to Personal Data about them.

Craaft also will take reasonable steps to enable individuals to correct, amend, or delete Personal Data that is demonstrated to be inaccurate. Craaft is responsible for the processing of Personal Data it receives, under the Privacy Shield Framework, and subsequently transfers to service providers. Craaft complies with the Privacy Shield Principles for all onward transfers of Personal Data from the EU and Switzerland, including the onward transfer liability provisions.

8 - European Union (EU) Individuals

Scope

This section applies if you are an individual in the EU (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, to the extent applicable, Switzerland).

Data Controller

Craaft is the data controller for processing of your Personal Data. We act as a data processor (or service provider) in relation to the Services we provide to our Customers.

Your Rights

Subject to EU data protection law, you have the following rights in relation to your Personal Data:

Right Of Access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data along with certain other details.
Right To Rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it.
Right To Erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent.
Right To Restrict Processing: You may ask us to restrict or 'block' the processing of your Personal Data in certain circumstances.
Right To Data Portability: You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you.
Right To Object: You may ask us at any time to stop processing your Personal Data.
Right To Withdraw Consent: If you have consented to our use of your Personal Data for a specific purpose, you have the right to change your mind at any time.
Right To Make A Complaint: If you have a concern about our privacy practices, you can report it to the data protection authority that is authorized to hear those concerns.

9 - California Residents

Scope

This section applies only if you are a resident of California and describes the rights granted to you pursuant to the California Consumer Privacy Act of 2018 ("CCPA").

Your California Rights

Right to Know: You can request information about how we have collected and used your Personal Information during the past 12 months.
Right of Access: You can request a copy of the personal information that we have collected about you during the past 12 months.
Right to Delete: You can ask us to delete the personal information we have collected from you.
Opt-out of Sales: If we sell your personal information, you can opt-out of such sales in the future.
Nondiscrimination: You are entitled to exercise the rights described above free from discrimination.

How to Exercise Your California Privacy Rights

You may exercise your California privacy rights by contacting us using the information shown in Section 12 below. We do not sell your Personal Information in the conventional sense (i.e., for money). You have the right to direct us not to "sell" your personal information by contacting us by email at kevin@craaft.ai.

10 - Cookies and Similar Technologies

Cookies are small text files that are placed on your computer or mobile device when you visit a website, mobile app or use an online platform. Cookies and similar technologies are widely used by online service providers to facilitate and help to make the interaction between users and websites, mobile apps and online platforms faster and easier, as well as to provide reporting information.

Why Do We Use Cookies?

We use first party and third party cookies for several reasons. Some cookies are required for technical reasons in order for our Websites to operate, and we refer to these as "essential" or "strictly necessary" cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our Websites.

Managing Cookies

Most internet browsers allow you to erase cookies from your computer hard drive, block all cookies (or just third-party cookies), or warn you before a cookie is stored on your device. Please note, if you choose to block all cookies, our Services will not function as intended and you will not be able to use or access many of the features of the Services we provide.

11 - Modifications

We reserve the right, at our sole discretion, to modify this Privacy Policy or any portion thereof. Any changes will be effective from the time of publication of the new privacy policy. If we believe that the changes are material, we will let you know by doing one (or more) of the following: (i) posting the changes on or through the Services, (ii) sending you an email or message about the changes. Your continued use of the Services after the changes have been implemented shall indicate your agreement with the terms of such revised privacy policy. Otherwise, and if the new privacy policy does not suit you, you must no longer use the Services.

12 - Contact

Have questions or concerns about Craaft and privacy?