CorpusFabric, Inc. (“CorpusFabric,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, and share information when you use the CorpusFabric platform, website, and related services (collectively, the “Service”).

1. Information We Collect

Account Data

When you create an account, we collect your name, email address, organization name, and authentication credentials managed through our authentication provider (Clerk). If you subscribe to a paid plan, we collect billing information through our payment processor (Stripe).

Usage Data

We automatically collect information about how you interact with the Service, including:

Pages visited, features used, and actions taken within the platform
Search queries and chat interactions with the AI system
Device information, browser type, IP address, and general location data
Log data, timestamps, and session identifiers

Document Data

When you upload documents to the Service, we process and store the content of those documents to provide our document intelligence features. This may include PDFs, Word documents, text files, and other file formats you choose to upload. Document content is processed to generate embeddings, summaries, and searchable indexes.

2. How We Use Your Information

We use your information for the following purposes:

To provide, maintain, and improve the Service
To process your documents and generate AI-powered search results and responses
To process transactions and manage your subscription
To communicate with you about the Service, including support requests and product updates
To monitor and analyze usage patterns and trends to improve user experience
To detect, prevent, and address technical issues, fraud, or security concerns
To comply with legal obligations

We do not use your document data to train machine learning models. Your documents are processed solely to provide the Service to you.

3. Data Storage and Security

Your data is stored on secure infrastructure provided by Amazon Web Services (AWS) in the United States. We employ industry-standard security measures including:

Encryption of data at rest using AES-256 encryption
Encryption of data in transit using TLS 1.2 or higher
Access controls and authentication requirements for all systems
Regular security assessments and vulnerability scanning
Network isolation and firewall protection
Audit logging of administrative actions

4. Third-Party Services

We use the following third-party services to operate the platform. Each has its own privacy policy governing the data they process:

Clerk — Authentication and user management. Processes account credentials, session data, and authentication tokens.
Stripe — Payment processing and subscription billing. Processes payment card information and billing details. CorpusFabric does not store full credit card numbers.
Amazon Web Services (AWS) — Cloud infrastructure, data storage, and computing. Hosts all application data and document storage.
Anthropic — AI language model provider. Document content and user queries may be sent to Anthropic's API to generate responses. Anthropic does not use API inputs to train its models.
Voyage AI — Embedding model provider. Document content is sent to Voyage AI to generate vector embeddings for semantic search. Voyage AI does not use API inputs to train its models.

5. Data Retention

We retain your account data for as long as your account is active or as needed to provide the Service. When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain data for legal, regulatory, or legitimate business purposes.

Document data is deleted within 30 days of account cancellation or upon your request. Backups containing document data are purged within 90 days of deletion.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

Access — You can request a copy of the personal data we hold about you.
Correction — You can request that we correct inaccurate personal data.
Deletion — You can request that we delete your personal data, subject to certain legal exceptions.
Portability — You can request a machine-readable export of your personal data and documents.
Restriction — You can request that we limit how we process your personal data.
Objection — You can object to our processing of your personal data in certain circumstances.

To exercise any of these rights, contact us at privacy@corpusfabric.com. We will respond within 30 days.

7. Cookies and Tracking

We use cookies and similar technologies to:

Maintain your session and authentication state
Remember your preferences and settings
Analyze usage patterns and improve the Service

We use essential cookies required for the Service to function. We do not use third-party advertising cookies. You can control cookie settings through your browser preferences, though disabling essential cookies may affect Service functionality.

8. GDPR (European Economic Area)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following additional provisions apply:

Legal basis for processing: We process your personal data based on contractual necessity (to provide the Service), legitimate interests (to improve and secure the Service), consent (where required), and legal obligations.
International transfers: Your data is transferred to and processed in the United States. We use Standard Contractual Clauses (SCCs) approved by the European Commission to safeguard transfers outside the EEA.
Data Protection Officer: You may contact our Data Protection Officer at dpo@corpusfabric.com.
Supervisory authority: You have the right to lodge a complaint with your local data protection authority.

9. CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

Right to know: You may request information about the categories and specific pieces of personal information we have collected about you.
Right to delete: You may request that we delete the personal information we have collected from you.
Right to opt out: We do not sell personal information to third parties. If this changes, we will provide an opt-out mechanism.
Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your CCPA rights, contact us at privacy@corpusfabric.com or call us using the contact information below.

10. Children's Privacy

The Service is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. For significant changes, we will also notify you by email.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: privacy@corpusfabric.com
Mail: CorpusFabric, Inc.
Web: corpusfabric.com/contact