Security & Privacy policy

Last updated: 04/29/2025
Download PDF
Privacy Policy

CraftBase is deeply committed to maintaining your company’s privacy and data secure. If there are any questions or concerns, please do not hesitate to reach out to jrlatta@craftbase.ai or greg@craftbase.ai.

CraftBase handles customer project email data, tasks, reports, and other AI-generated content. We encrypt all customer data using industry standard AEC-256 Encryption at rest and HTTPS/TLS for in transit. 

We never share your private information with unauthorized third-parties or sell your data. 

We retain your data as long as is necessary to provide our services to you. If you would like us to cease all of the described uses of your personal data, you may delete your account at any time by sending us an email.

Per OpenAI’s statements on their business API usage, they do not train on the data being sent to the API. They assert all data is deleted after a short retention period.

Services

Our services are powered by Amazon Web Services (AWS), providing secure web server hosting and database management. We run an EC2 Ubuntu instance with an Nginx-Gunicorn-Django stack, protected with HTTPS/TLS encryption for data in transit. Our database uses Amazon RDS with PostgreSQL, featuring AES-256 encryption for data at rest. Security Groups are defined for both EC2 and RDS services, and multifactor authentication is enabled to enhance security. Learn more about AWS privacy and security.

https://aws.amazon.com/compliance/data-privacy-faq/

We also leverage the OpenAI API to make LLM (large language model) API calls. OpenAI maintains SOC 2 compliance and uses AES-256 encryption, with a strict enterprise privacy policy — they do not train their models on business data by default. Learn more about OpenAI privacy and security.

https://openai.com/enterprise-privacy/

For email services, we use Mailgun to handle project-related communications. Mailgun powers email for over 150,000 companies and is SSAE-16 SOC 1 & 2, HIPAA, ISO27001, SOC 2 Type II, and GDPR compliant. Learn more about Mailgun privacy and security.

https://www.mailgun.com/security/

https://www.mailgun.com/legal/privacy-policy/

Architecture Overview

Want to stay up to date on the latest news?

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.