Privacy Policy

1. Introduction

Cradexa LLC ("Cradexa," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, store, and protect information when you use our website (www.cradexa.com), application (app.cradexa.com), and related services (collectively, the "Platform").

By using the Platform, you consent to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, phone number, and password when you create an account.
• Billing Information: Payment card details and billing address. Payment information is processed by our third-party payment processor and is not stored on our servers.
• Credit Information: Credit reports, credit scores, and related financial data that you voluntarily upload or input into the Platform for analysis.
• Documents: Letters, documents, and other files you create or upload through the Platform.
• Communications: Messages you send to us through customer support or email.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent on the Platform, and other interaction data.
• Device Information: Browser type, operating system, device type, and screen resolution.
• Log Data: IP address, access times, and referring URLs.
• Cookies: We use cookies and similar technologies to improve your experience. See Section 7 for details.

3. How We Use Your Information

We use the information we collect to:

• Provide and maintain the Platform and its features.
• Process your subscription payments.
• Analyze your credit data using our AI tools (this processing occurs securely and is used solely to provide you with insights and recommendations).
• Generate documents based on your input.
• Send you service-related communications (account updates, billing notices, feature announcements).
• Send you marketing communications (only with your consent; you can opt out at any time).
• Improve the Platform through analytics and usage patterns (aggregated, non-identifiable data).
• Respond to your customer support inquiries.
• Comply with legal obligations.

4. How We Protect Your Information

We take the security of your data seriously and implement industry-standard measures including:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL.
• Encryption at Rest: Sensitive data, including any Social Security Numbers (SSNs), is encrypted using AES-256-GCM encryption.
• Access Controls: Access to user data is restricted to authorized personnel only.
• Secure Infrastructure: Our Platform is hosted on Vercel and Supabase, both of which maintain SOC 2 compliance and enterprise-grade security.
• Regular Security Reviews: We conduct periodic reviews of our security practices.

Important: While we implement strong security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

5. How We Share Your Information

We do not sell your personal information to third parties. We may share information in the following limited circumstances:

5.1 Service Providers

We share information with trusted third-party service providers who assist in operating the Platform, including:

• Payment Processing: To process subscription payments.
• Email Services: To send transactional and marketing emails.
• Analytics: To understand usage patterns and improve the Platform (using aggregated, non-identifiable data).
• Credit Monitoring Partners: If you choose to connect a credit monitoring service (e.g., IdentityIQ), data is shared per that provider's own terms.

5.2 Legal Requirements

We may disclose information if required by law, regulation, legal process, or government request.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred to the acquiring entity.

5.4 With Your Consent

We may share information for any other purpose with your explicit consent.

6. Data Retention

• Active Accounts: We retain your data for as long as your account is active.
• Canceled Accounts: After cancellation, we retain your data for 30 days to allow for reactivation. After 30 days, your personal data is deleted from our active systems.
• Backup Systems: Data may persist in encrypted backups for up to 90 days after deletion from active systems.
• Legal Obligations: We may retain certain data longer if required by law.

You may request deletion of your data at any time by contacting info@cradexa.com.

7. Cookies

We use cookies and similar technologies to:

• Keep you logged in to your account.
• Remember your preferences and settings.
• Analyze usage patterns to improve the Platform.
• Deliver relevant marketing content (with your consent).

You can control cookies through your browser settings. Disabling cookies may limit some features of the Platform.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your personal data.
• Portability: Request a copy of your data in a portable format.
• Opt-Out: Opt out of marketing communications at any time.

To exercise any of these rights, contact us at info@cradexa.com.

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected and the right to request deletion. We do not sell personal information.

Texas Residents

We comply with applicable Texas privacy laws, including the Texas Identity Theft Enforcement and Protection Act.

9. AI Processing

We use artificial intelligence to analyze credit data and generate insights and documents. Your data is processed securely by our AI system to identify patterns and provide recommendations. Your personal data is not used to train AI models or shared with AI providers in a way that identifies you.

10. Children's Privacy

The Platform is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected information from a child under 18, we will delete it promptly.

11. Third-Party Links

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal information.

12. International Users

The Platform is operated from the United States. If you access the Platform from outside the United States, your information may be transferred to and processed in the United States, where privacy laws may differ from those in your jurisdiction.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. We will notify you of material changes via email or a notice on the Platform.

14. Federal Privacy Notice (Gramm-Leach-Bliley Act)

This notice is provided in accordance with the Gramm-Leach-Bliley Act (GLBA), 15 U.S.C. §§ 6801–6809, which requires financial institutions to explain how they share and protect customer information.

What We Share

We share personal information only for everyday business purposes — such as processing your transactions and responding to court orders or legal requirements.

What We Do NOT Share

We do not share your personal information for the following purposes:

• Marketing or promotional purposes
• Joint marketing with other financial companies
• Affiliates' everyday business purposes
• Nonaffiliates to market to you

CRADEXA LLC has no affiliates.

Your Right to Limit Sharing

To limit sharing or ask questions about our privacy practices, call us at (346) 419-1155.

15. Contact Us