Privacy Policy

Last updated: February 2026

1. Information We Collect

Account information: Email address, name, and password hash when you create an account.

Payment information: Processed securely by Braintree (a PayPal company). We never store your credit card details.

Usage data: Number of prediction runs, plan type, and feature usage for billing purposes.

2. Customer Data You Upload

ChurnGuard AI is built with a privacy-first, zero-PII-at-rest architecture:

  • Your CSV files are processed entirely in memory and discarded immediately after analysis. They are never written to disk or any database.
  • PII is never persisted at rest. Per-customer engagement state (risk tiers, coupon assignments) is stored exclusively as SHA-256-hashed identifiers (lead keys) that cannot be mathematically reversed to the original email, phone, or name.
  • Bulk messaging recipient details (email addresses for campaign sends) are AES-encrypted at rest and automatically purged after the send completes, or within 48 hours — whichever comes first.
  • Your browser-side result cache is encrypted with AES-GCM-256 in IndexedDB and is cleared on logout. Prediction results never leave your browser in plaintext.
  • We do not sell, share, or use your uploaded data for any purpose other than generating predictions for your account.

3. How We Use Your Information

  • To provide and maintain the Service.
  • To process payments and manage subscriptions.
  • To enforce plan limits and usage quotas.
  • To send transactional emails (password reset, billing receipts).

4. Data Storage

Account data is stored on enterprise-grade cloud infrastructure with SOC 2 Type II certification. All data is encrypted in transit and at rest. Authentication uses industry-standard secure token-based identity verification.

5. Third-Party Services

  • Cloud Authentication Provider — secure user sign-in and identity verification.
  • Enterprise Cloud Infrastructure — backend hosting and encrypted data storage.
  • PCI-DSS Compliant Payment Processor — secure payment processing. We never store credit card details.

6. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights:

  • Right to Access (Art. 15): Request a copy of all data we hold about you.
  • Right to Rectification (Art. 16): Update your profile information in Settings.
  • Right to Erasure (Art. 17): Permanently delete your account and all data via Settings → Security & Privacy → Delete My Account.
  • Right to Data Portability (Art. 20): Download all your data as JSON via Settings → Security & Privacy → Download My Data.
  • Right to Object (Art. 21): Contact us to object to specific processing activities.

7. Data Retention

  • Raw CSV data: Never stored. Processed in memory and discarded immediately after analysis.
  • Prediction results: Encrypted with AES-GCM-256 in your browser's IndexedDB only. Cleared on logout. We never store your prediction rows server-side.
  • Per-customer engagement state: Stored only as non-reversible SHA-256 hashes — never as raw email addresses, phone numbers, or names.
  • Bulk messaging recipients: AES-encrypted at rest, auto-purged within 48 hours of send completion.
  • Account metadata: Retained (Fernet-encrypted) until you delete your account. No PII from your uploads is ever stored.
  • Audit logs: Retained for 12 months for compliance, containing no customer PII.

8. Data Processing Agreement

For enterprise customers and GDPR compliance, we provide a Data Processing Agreement (DPA) covering sub-processors, technical measures, and data subject rights.

9. Contact

For privacy-related questions: privacy@churnguardai.com

Data Protection Officer: privacy@churnguardai.com

Back to home