Privacy Policy
Last updated: May 2026
1. Who we are
CBr Ops operates the platform at cbr-ops.com. Contact us at support@cbr-group.com.
2. Data we collect
- Account data: name, email, company name, hashed password.
- Usage data: actions performed (logins, uploads, queries) stored in our activity log.
- Content data: documents and files you upload to the platform.
3. How we use your data
- To provide and improve the Service.
- To send transactional emails (account creation, password reset).
- To detect and prevent fraud or abuse.
4. Data sharing
We do not sell your data. We share data only with sub-processors necessary to operate the Service (Neon for database, Anthropic for AI inference, Resend for email delivery, Stripe for payments). All sub-processors are bound by data processing agreements.
5. Your rights (GDPR)
If you are in the EU, you have the right to access, rectify, erase, and export your personal data. You can delete your account and all associated data directly from your account settings. To exercise other rights, email support@cbr-group.com. We will respond within 30 days.
6. Data retention
We retain your data for as long as your account is active. When you delete your account, all personal data and workspace content is permanently erased within 30 days.
7. Security
We use bcrypt password hashing (cost factor 12), TLS in transit, HttpOnly session cookies, and server-side access controls. No system is 100% secure; we will notify you promptly in the event of a breach.
8. Cookies
We use a single HttpOnly session cookie (cbr-token) to keep you signed in. No analytics cookies, no advertising cookies, no third-party tracking.
9. Analytics
We use Vercel Analytics to measure aggregated page traffic. No personal data is stored; no cross-site tracking is performed.
10. Changes
We will notify you by email at least 14 days before any material change to this policy.