Privacy Policy

This Privacy Policy describes how Zero Point Studio d.o.o. ("we", "us", "our"), operating the CRHQ platform at crhq.ai, collects, uses, stores, and protects your personal data. CRHQ is an AI agent platform that provides dedicated server environments ("satellites") where autonomous AI agents execute tasks on behalf of users.

Zero Point Studio d.o.o. is registered at Rudeška cesta 179, 10000 Zagreb, Croatia (OIB: 52438945902, VAT: HR52438945902).

By using CRHQ, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Account Information

When you create a CRHQ account, we collect your name, email address, and password (stored in hashed form). If you subscribe to a paid plan, we collect billing information through our payment processor — we do not store credit card numbers directly.

Third-Party Service Credentials

To enable AI agents to act on your behalf, you may connect third-party services to CRHQ via OAuth or API keys. These include but are not limited to: Google Workspace services (Calendar, Gmail, Docs, Sheets, Slides), Google Analytics, Google Ads, Google AdSense, and other platforms. When you authorize these connections:

• OAuth tokens are stored encrypted on your dedicated satellite server.
• Tokens are used solely to perform tasks you explicitly configure through skills, recipes, or agent instructions.
• You can revoke access at any time from your CRHQ dashboard or from the third-party service directly.

AI Model API Keys

CRHQ operates on a "Bring Your Own Key" (BYOK) model. You provide your own AI model API keys (e.g., Anthropic, OpenAI). These keys are stored encrypted on your satellite and are never shared with other users or accessed by us except for the purpose of running your agents.

Agent Activity Data

Your agents generate execution logs, session transcripts, and task outputs. This data is stored on your dedicated satellite server. We do not access, read, or analyze the content of your agent sessions unless required for technical support at your explicit request.

Usage and Technical Data

We collect basic usage data such as login timestamps, feature usage frequency, server resource utilization (CPU, memory, disk), and standard web server logs (IP address, browser type, pages visited). This data is used for platform operations, billing, and service improvement.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and operate the CRHQ platform and your satellite environment.
• Execute AI agent tasks using your connected services and API keys as instructed by you.
• Process billing and manage your subscription.
• Send transactional communications (account confirmations, billing notices, security alerts).
• Monitor platform health and prevent abuse.
• Respond to support requests.

We do not use your data, agent outputs, or connected service content for training AI models, advertising, or any purpose unrelated to providing the CRHQ service to you.

3. Google User Data

CRHQ's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only access Google user data that is necessary to provide the features you have configured (e.g., reading/writing calendar events, sending emails, managing documents, retrieving analytics data).
• Google user data is used exclusively to execute agent tasks on your behalf within your CRHQ satellite.
• We do not use Google user data for advertising, market research, or to train AI models.
• We do not sell, rent, or share Google user data with third parties, except as necessary to provide or improve the service (e.g., passing data to the AI model you have configured, using your own API key).
• Google user data is stored encrypted on your dedicated satellite server and is not aggregated with data from other users.
• You can revoke CRHQ's access to your Google account at any time through your Google Account permissions or from the CRHQ dashboard.

4. Data Storage and Security

Each CRHQ user operates on a dedicated satellite — an isolated virtual private server. Your data, credentials, agent sessions, and files are stored exclusively on your satellite. Satellites are hosted on Hetzner Cloud infrastructure in the European Union (Germany and Finland).

We implement the following security measures:

• All data in transit is encrypted via TLS (HTTPS).
• Sensitive credentials (OAuth tokens, API keys, passwords) are stored encrypted at rest.
• Each satellite is network-isolated from other satellites.
• Access to satellite infrastructure requires SSH key authentication.
• Administrative access is limited and logged.

5. Data Sharing and Third Parties

We do not sell your data. We share data only in these circumstances:

• AI Model Providers: When your agents run, prompts and context are sent to the AI model provider you have configured (e.g., Anthropic, OpenAI) using your own API key. These providers' privacy policies apply to that data.
• Infrastructure: Your satellite runs on Hetzner Cloud. Hetzner provides the underlying compute infrastructure but does not have access to application-level data.
• Payment Processing: Billing is handled by Stripe, Inc. Stripe receives only the data necessary to process transactions (name, email, payment method details). We do not store credit card numbers directly. For details on how Stripe handles your data, see Stripe's Privacy Policy.
• Legal Requirements: We may disclose data if required by law, court order, or governmental regulation.

6. Data Retention

Your data is retained for as long as your account is active. Agent session logs and task outputs are stored on your satellite and can be deleted by you at any time.

If you cancel your subscription, your satellite is decommissioned within 30 days. All data on the satellite, including credentials, files, agent logs, and connected service tokens, is permanently deleted when the server is destroyed.

7. Your Rights

Under the EU General Data Protection Regulation (GDPR), you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate personal data.
• Erase your personal data ("right to be forgotten").
• Restrict processing of your personal data.
• Port your data to another service.
• Object to processing based on legitimate interest.
• Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at hello@crhq.ai.

8. Cookies

CRHQ uses essential cookies for authentication and session management. We do not use advertising or tracking cookies. No third-party analytics scripts are loaded on the platform.

9. Children's Privacy

CRHQ is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of CRHQ after changes constitutes acceptance of the updated policy.