01Who we are
Craise ("we", "us") is the company behind craise.ai. When you sign up, drop a deck, or share a live page with an investor, this policy describes how we handle the data that flows through that.
If you're an investor opening a founder's link — same policy applies to the limited data we collect about your visit.
02What we collect
From founders (you have an account)
- Account details — name, email, password (hashed), tenant name, role.
- Content you upload — pitch decks, financial models, founder photos, data-room documents, legal templates, profile fields you fill in.
- Generated content — the live page Craise builds from your deck, the AI Coach conversation, edits you make, scenarios you save.
- Billing — handled by Razorpay/Stripe. We never see your card.
From visitors (someone opens your live page)
- Engagement signals — which sections were viewed, how long, scroll depth, downloads triggered.
- Device + network — IP address (resolved to city / country / ISP), browser, OS, screen size.
- Identity hints — name + email when a visitor leaves feedback, requests data-room access, or signs an NDA.
03Why we collect it
- Run the product — render your live page, keep state, surface analytics.
- AI features — your deck content is sent to LlamaParse + OpenAI (and, where you opt in, Anthropic / Gemini) to extract and refine. Outputs go back to your tenant only.
- Tell you who opened your page — that's the core value. We resolve IP → geo to make engagement legible.
- Communicate — confirmations, password resets, share invites, notifications when investors return.
- Security & abuse — rate-limiting, fraud detection, audit logs.
We don't use your content to train models. We don't sell to brokers. We don't run third-party ad pixels.
04Who we share it with
Sub-processors who run pieces of the stack on our behalf, under contract:
- Hostinger — application + database hosting (EU + US regions).
- OpenAI — AI Coach, naming pass, content refinement (data-retention: zero per API contract).
- LlamaIndex / LlamaParse — deck and spreadsheet parsing.
- Resend — transactional email.
- Razorpay / Stripe — billing (PCI-scoped, not shared with us).
- ip-api.com — IP → geo resolution (no PII sent).
We disclose data when legally compelled (subpoena, court order) and only the minimum required. We'll tell you when we can.
05Where it lives
Production servers in Mumbai, India (primary) and Frankfurt, Germany (backup region for EU customers). You can request EU-only residency on the Pro plan.
06How long we keep it
- Active account data — for the life of your account.
- After you delete — purged within 30 days, except where retention is legally required (invoices: 7 years).
- Engagement logs — 24 months rolling window.
- AI prompt logs — 30 days (debugging), then purged.
07Your rights
You can access, correct, export, or delete your data at any time. Email privacy@pitched.vc or use the controls in your account settings.
If you're in the EU/UK: GDPR rights apply. If you're in California: CCPA rights apply. If you're in India: DPDP rights apply. We honour all three by default — no escalation required.
08Security
- TLS 1.3 everywhere. HSTS preloaded.
- Passwords hashed with bcrypt (cost 12).
- Multi-tenant data isolation enforced at the model layer (every query auto-scoped).
- Audit logs on all writes.
- SOC 2 Type II in progress.
If you spot a security issue, email security@pitched.vc. We respond within 24 hours.
09Cookies & tracking
We use a small set of first-party cookies:
- PHPSESSID — authentication. Session-scoped.
- pv_visitor — anonymous visitor ID for engagement analytics. 90 days.
- pitched_theme — your light/immersive theme preference. 1 year.
No third-party advertising or marketing pixels. We use Dijji (our own analytics) on this marketing site to count pageviews — no personal data captured.
10Changes to this policy
If we make a material change, we'll email every active user at least 30 days before it takes effect. Minor edits (typos, clarifications) we log at the bottom of this page with a date stamp.
11Contact us
Privacy queries: privacy@pitched.vc
Security disclosure: security@pitched.vc
Everything else: hello@pitched.vc
Craise · craise.ai