CreditGPT

Privacy Policy

Last Updated: January 1, 2026 — v1.2

Security Contact: security@creditgpt.com

This Privacy Policy describes how Pillar Technology Inc. (“CreditGPT,” “we,” “us,” or “our”) collects, uses, shares, and protects information in connection with our websites and the CreditGPT platform (the “Services”). This policy is intended for business users and customer representatives.

1. Information We Collect

We collect information in three main categories:

  • Account and Contact Information: name, business email, company name, role/title, authentication identifiers, and billing/admin contacts.
  • Customer Content: documents and data you upload to the Services (e.g., agreements, indentures, related materials), plus outputs generated by the Services from such content.
  • Usage and Technical Information: log data, device/browser information, IP address, approximate location (derived from IP), timestamps, feature usage, and diagnostic/telemetry data.

2. How We Use Information

We use information to:

  • Provide, maintain, and secure the Services (including authentication, access control, monitoring, and fraud prevention).
  • Process Customer Content to generate outputs you request (e.g., summaries, extractions, models, and reports).
  • Provide customer support and respond to inquiries.
  • Improve and develop the Services (including debugging, analytics, and performance optimization).
  • Comply with legal obligations and enforce our agreements.

3. How We Share Information

We do not sell personal information. We share information only as necessary to operate the Services, including with:

  • Service Providers/Subprocessors: vendors that help us host, operate, secure, and support the Services (e.g., cloud hosting, databases, monitoring, authentication, and AI inference providers).
  • Professional Advisors: legal, accounting, and other professional services providers as necessary.
  • Legal and Safety: if required by law or to protect rights, safety, and security (e.g., responding to lawful requests).
  • Business Transfers: in connection with a merger, acquisition, financing, reorganization, or sale of assets (subject to appropriate confidentiality protections).

Where applicable, we maintain and provide a list of subprocessors upon request or via a published subprocessor summary.

4. AI and Model Providers

The Services may use third-party AI providers to process Customer Content to generate requested outputs. We configure such providers consistent with our security and data-handling commitments, and we restrict access to Customer Content to authorized processing necessary to provide the Services.

5. Cookies and Similar Technologies

We may use cookies and similar technologies to operate our websites and Services (e.g., session management, security, and analytics). You can control cookies through your browser settings; however, disabling cookies may impact functionality.

6. Data Retention

We retain information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Customer Content is retained according to the customer relationship and deleted or returned upon written request or termination, subject to legal holds and reasonable backup retention/expiry.

Deletion timelines: upon confirmed written request, we aim to delete Customer Content from active systems within 14 days (and often sooner where feasible). Backup media is deleted according to normal backup rotation.

7. Security

We maintain administrative, technical, and organizational measures designed to protect information, including access controls, encryption in transit, and monitoring. No method of transmission or storage is 100% secure; therefore, we cannot guarantee absolute security.

8. Your Choices and Rights

Depending on your location and applicable law, you may have rights to access, correct, delete, or obtain a copy of certain personal information. For account-related requests, contact us using the information in Section 12. Customer administrators may also manage certain account information within the Services.

9. International Data Transfers

We may process and store information in the United States and other jurisdictions where we or our service providers operate. Where required, we implement appropriate safeguards for international transfers.

10. Children’s Privacy

The Services are not directed to children and are not intended for use by individuals under 16. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy and update the effective date above. Your continued use of the Services after an update constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or our privacy practices, contact us at:

Pillar Technology Inc.
Privacy & Security Contact: security@creditgpt.com