This Privacy Policy explains how Crosspond Software Solutions Ltd (“Crosspond”, “we”, “us”) collects, uses and protects your personal data when you use our platform, websites, dashboard and API (the “Services”). We are the data controller for that personal data.
1. Who we are
Crosspond Software Solutions Ltd, registered in England and Wales (company number 12555350), registered office Suite LP48647, 20-22 Wenlock Road, London, N1 7GU, United Kingdom. For any privacy questions, contact support@crosspond.uk.
2. Information we collect
- Account data: your email address and account identifiers, created when you sign up.
- API keys: we store only a one-way hash of each API key, plus a short non-sensitive prefix and a name you choose. We cannot recover the full key after it is created.
- Usage data: records of your API requests — such as the model used, token counts, the amount charged and timestamps — used for billing and to show your activity history.
- Transaction data: records of your top-ups and balance (amount, package, date). Payments are handled by our payment providers; we receive confirmation and limited metadata, but not your full card number.
- Technical data: limited information such as IP address, device/browser information and essential cookies needed to operate the Services securely.
- Communications: messages you send us (e.g. support requests).
3. Your prompts and content
To provide the Services, the content you submit through the API (your prompts and inputs) is transmitted to third-party AI model providers, who process it to generate a response that is returned to you. We do not use the content of your prompts or the responses to train AI models, and we do not sell your content. Third-party model providers process your content under their own terms and privacy policies to deliver the model output.
4. How we use your data and our legal bases
- To provide the Services (create your account, authenticate you, route requests, meter usage) — performance of a contract.
- To take payment and manage your balance — performance of a contract and compliance with legal obligations (e.g. accounting/tax).
- To secure and improve the Services, prevent fraud and abuse, and maintain records — our legitimate interests in running a safe, reliable service.
- To communicate with you about your account and important service notices — performance of a contract and legitimate interests.
- To comply with the law and respond to lawful requests — legal obligation.
5. Who we share data with
We share personal data only as needed, with categories of recipients including:
- cloud hosting and database/authentication providers that run the platform;
- payment service providers that process top-ups;
- third-party AI model providers that process your requests to generate responses;
- professional advisers, and authorities where required by law.
These providers act as our processors or as independent controllers, under appropriate agreements. We do not sell your personal data. A current list of key sub-processors is available on request.
6. International transfers
Some of our providers are located outside the UK. Where we transfer personal data internationally, we rely on appropriate safeguards, such as UK adequacy regulations or the UK International Data Transfer Agreement / Standard Contractual Clauses.
7. How long we keep data
We keep personal data for as long as your account is active and as needed to provide the Services. Transaction and billing records are kept for the period required by law (for example, tax and accounting rules). When data is no longer needed, we delete or anonymise it.
8. Security
We use appropriate technical and organisational measures to protect your data, including encryption in transit, hashing of API keys, access controls and outsourcing card processing to PCI-DSS-compliant providers. No system is completely secure, so we cannot guarantee absolute security.
9. Your rights
Under UK data protection law you have the right to access, rectify, erase or port your personal data, to restrict or object to certain processing, and to withdraw consent where processing is based on consent. To exercise these rights, contact support@crosspond.uk. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk, though we’d appreciate the chance to help first.
10. Cookies
We use a small number of essential cookies, primarily to keep you signed in and to operate the Services securely. We do not use cookies for advertising.
11. Children
The Services are not directed at children and are intended for users aged 18 and over. We do not knowingly collect data from children.
12. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version with a new “last updated” date and, for material changes, take reasonable steps to notify you.
13. Contact
Data protection enquiries: support@crosspond.uk. Postal: Crosspond Software Solutions Ltd, Suite LP48647, 20-22 Wenlock Road, London, N1 7GU, United Kingdom.