Privacy Policy

Last Updated: December 2024

1. Introduction

This Privacy Policy describes how CREA (Contract Research & Evidence Assistant) collects, uses, and protects information when you use our grievance research service. We are committed to protecting your privacy and handling your data responsibly.

2. Information We Collect

2.1 Query Data

When you use CREA, we process the workplace situation descriptions you submit. This may include details about your employment situation, supervisors, workplace incidents, and other information you choose to provide.

2.2 Technical Data

We automatically collect certain technical information, including:

  • IP address (for rate limiting and security purposes)
  • Browser type and version
  • Device information
  • Timestamp of requests
  • Pages visited and features used

2.3 Session Data

We use session cookies to maintain your browsing session and provide CSRF (Cross-Site Request Forgery) protection. These cookies are temporary and expire when you close your browser.

3. How We Use Your Information

We use the information we collect to:

  • Process your queries and generate research results
  • Improve the accuracy and relevance of our search results
  • Maintain security and prevent abuse of the service
  • Enforce rate limits to ensure fair access for all users
  • Debug issues and improve service performance

4. Third-Party Data Sharing

4.1 AI Processing

Your queries are processed using the Anthropic Claude AI service. When you submit a query, the text of your workplace situation description is sent to Anthropic's servers for analysis. Please review Anthropic's Privacy Policy for information about how they handle data.

4.2 No Sale of Data

We do not sell, rent, or trade your personal information to third parties. We do not use your query data for advertising purposes.

4.3 Legal Requirements

We may disclose information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Retention

Query Data: By default, we do not permanently store the content of your queries. Query data is processed in memory and discarded after generating results. Server logs containing technical data may be retained for up to 30 days for security and debugging purposes.

Rate Limiting Data: IP addresses used for rate limiting are stored temporarily in memory and cleared when the server restarts.

6. Cookies

CREA uses the following types of cookies:

  • Session Cookies: Essential for the service to function. These maintain your session and expire when you close your browser.
  • CSRF Tokens: Security cookies that protect against cross-site request forgery attacks.

Google Analytics

We use Google Analytics to understand how visitors interact with our website. Google Analytics collects information such as how often users visit the site, what pages they visit, and what other sites they used prior to coming to our site. We use this information to improve our service. Google Analytics collects the IP address assigned to you on the date you visit the site, but not your name or other identifying information. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

7. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • HTTPS encryption for all data transmission
  • CSRF protection on all forms
  • Rate limiting to prevent abuse
  • Security headers to prevent common web attacks
  • Regular security updates and monitoring

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your information
  • Object to processing of your information
  • Request data portability

Since we do not permanently store query content, most data rights requests can be satisfied by simply not using the service. For technical data inquiries, please contact us at support@crearesearch.com.

9. Children's Privacy

CREA is not intended for use by individuals under 18 years of age. We do not knowingly collect information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by posting a notice on the service. Your continued use of CREA after changes are posted constitutes acceptance of the updated policy.

11. Contact Information

For questions about this Privacy Policy or our data practices, please contact us at support@crearesearch.com.

Summary: CREA processes your queries to provide research results. We send query text to Anthropic for AI analysis. We don't permanently store your queries or sell your data. We use minimal cookies for security purposes only.

Back to Home