Privacy Policy

This Privacy Policy describes how CSR Foundry ("we," "us," "our") collects, uses, and shares information about you when you access or use our service (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

Account information. When you register for an account, we collect your name, email address, company name, and password (stored as a secure hash). We may also collect billing information if you subscribe to a paid tier.

User content. We store the estimates, libraries, documents, comments, and other content you submit to the Service so we can provide the Service back to you. You own this content.

Usage data. We automatically collect information about how you interact with the Service, including pages viewed, features used, timestamps, and device and browser characteristics. This helps us understand how the Service is used and improve it.

Log data. Our servers automatically record standard log information such as IP addresses, request timestamps, and error traces. This data is used for security, debugging, and service reliability.

We use the information we collect to: (a) provide, maintain, and improve the Service; (b) process transactions and send related communications; (c) respond to comments, questions, and support requests; (d) detect, investigate, and prevent security incidents and misuse; (e) comply with legal obligations; and (f) send service-related notifications (account changes, feature announcements, security alerts).

We will not use your User Content to train AI models without your explicit opt-in consent.

Where applicable data protection law requires a legal basis for processing, we rely on: (a) performance of a contract (to provide the Service you signed up for); (b) legitimate interests (to operate and improve the Service, ensure security, and communicate with users); (c) legal obligations (to comply with applicable law); and (d) consent (for any processing that requires it, such as optional analytics or marketing communications).

Service providers. We share information with vendors who help us operate the Service — hosting providers, payment processors, email delivery, analytics, and customer support tools. These providers are bound by contractual obligations to handle information securely and only for the purposes we specify.

Legal and safety. We may share information when required by law, to respond to valid legal requests, to protect our rights or the rights of others, or to prevent fraud or illegal activity.

Business transfers. If CSR Foundry is involved in a merger, acquisition, or sale of assets, user information may be transferred as part of that transaction. We will notify users of any such change.

We do not sell personal information.

We retain personal information for as long as your account is active and for a reasonable period afterward to comply with legal obligations, resolve disputes, and enforce our agreements.

When you delete your account, we will delete or anonymize personal information within a reasonable time, except where retention is required by law or for legitimate business purposes (such as financial records).

We implement reasonable technical and organizational safeguards designed to protect information from unauthorized access, disclosure, alteration, and destruction. These include encryption in transit, access controls, logging, and regular security reviews.

No security program is perfect. If we become aware of a security incident that affects your information, we will notify you as required by applicable law.

Depending on where you reside, you may have rights with respect to your personal information, including the right to: access, correct, or delete information we hold about you; object to or restrict certain processing; receive a copy of your information in a portable format; and withdraw consent where processing is based on consent.

To exercise these rights, contact us at sales@csrfoundry.net. We will respond within the time frames required by applicable law.

We use cookies and similar technologies to authenticate users, remember preferences, understand how the Service is used, and improve performance. You can control cookies through your browser settings; disabling some cookies may affect Service functionality.

The Service is operated from the United States. If you access the Service from outside the United States, you understand that your information may be transferred to, stored in, and processed in the United States and other countries where our service providers operate. Where required by law, we use appropriate safeguards to protect information during international transfers.

The Service is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If we learn we have collected personal information from a child under 16, we will delete it.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" line at the top of this page and, for material changes, provide reasonable notice via email or in-product notification.

Questions about this Privacy Policy can be sent to sales@csrfoundry.net.