Skip to main content
California Privacy Rights

CCPA / CPRA Compliance

This page describes how Cresva, Inc. complies with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). It supplements our Privacy Policy.

Last updated: February 6, 2026

Legal name: Cresva, Inc. • Privacy Contact: hello@cresva.ai

Quick Summary for California Residents

We do not sell or share your personal information. You have the right to know, delete, correct, and opt-out. We will never discriminate against you for exercising your rights.

Request Data Deletion →

Table of Contents

1. Scope & applicability

This notice applies to California residents ("consumers") as defined under the CCPA (Cal. Civ. Code § 1798.100 et seq.) as amended by the CPRA. It describes our practices regarding the collection, use, and disclosure of personal information.

This notice covers:

  • California residents who use Cresva as individual users
  • California-based employees of business customers
  • Visitors to our website from California

Terms used in this notice have the same meaning as defined in the CCPA/CPRA unless otherwise stated.

2. Categories of personal information

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

A. Identifiers

Name, email address, IP address, account name, unique personal identifiers

B. Customer Records (Cal. Civ. Code § 1798.80(e))

Name, company name, billing address, payment information (via Stripe)

D. Commercial Information

Subscription plan, transaction history, connected ad platform data

F. Internet/Electronic Activity

Browsing history on our site, feature usage, log data, cookies

G. Geolocation Data

Approximate location derived from IP address (city/region level only)

K. Inferences

AI-generated marketing insights and forecasts derived from your connected platform data

Note: We do NOT collect categories C (protected classifications), E (biometric), H (sensory data), I (professional/employment), or J (education) unless voluntarily provided through support communications.

3. Sources of collection

We collect personal information from the following sources:

Directly from you

Account registration, support requests, survey responses

Automatically

Cookies, log files, analytics when you use our Service

From third-party platforms

Meta Ads, Google Ads, TikTok, LinkedIn, Shopify (via OAuth, read-only)

From service providers

Payment processors (Stripe), analytics providers (PostHog)

4. Business purposes

We use personal information for the following business and commercial purposes:

Providing the Service

Account management, analytics, forecasts, AI insights

Auditing & compliance

Verifying transactions, maintaining records for tax/legal obligations

Security & fraud prevention

Detecting and preventing security incidents and fraudulent activity

Debugging & quality

Identifying and fixing bugs, improving service reliability

Product development

Developing new features, improving existing ones based on usage patterns

Customer communications

Service updates, billing, support, and (with opt-in) marketing emails

5. Sale & sharing of data

⚠️ We do NOT sell or share your personal information

As defined under the CCPA/CPRA, Cresva does not sell and does not share your personal information for cross-context behavioral advertising. We have not sold or shared personal information in the preceding 12 months.

Disclosures for business purposes:

We disclose personal information to our service providers under written contracts that restrict them from using the data for any purpose other than providing services to us:

  • Cloud hosting providers (Vercel, AWS/GCP)
  • Payment processors (Stripe)
  • AI service providers (OpenAI, Anthropic - with DPAs)
  • Analytics providers (PostHog - anonymized data)
  • Email providers (SendGrid, Resend)

6. Your CCPA rights

As a California resident, you have the following rights under CCPA/CPRA:

Right to Know

Request disclosure of what personal information we collect, use, and disclose

Right to Delete

Request deletion of your personal information

Right to Correct

Request correction of inaccurate personal information

Right to Opt-Out

Opt-out of sale or sharing (we do neither, so this is already respected)

Right to Limit Use

Limit use and disclosure of sensitive personal information

Right to Non-Discrimination

Not be discriminated against for exercising your rights

7. How to exercise your rights

Submit a request:

Email: hello@cresva.ai with subject "CCPA Request"

Data deletion form: /data-deletion

Request process:

  • Verification: We'll verify your identity using your account email and may ask additional questions
  • Timeline: We respond within 45 days; may extend by an additional 45 days with notice
  • Authorized agents: You may designate an authorized agent to submit requests on your behalf with proper documentation
  • No fees: We do not charge for processing requests unless manifestly unfounded or excessive

8. Non-discrimination

We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices or rates, provide you a different level or quality of goods or services, or suggest that you may receive a different price or rate or different level or quality of goods or services.

9. Retention periods

We retain each category of personal information only as long as reasonably necessary:

  • Identifiers & account data: Duration of account + 30 days
  • Commercial/transaction data: 7 years (tax compliance)
  • Internet activity data: 90 days (log files), 2 years (analytics)
  • Geolocation data: 90 days
  • Backups: Purged within 90 days after deletion

10. Sensitive personal information

Under the CPRA, "sensitive personal information" includes categories like Social Security numbers, financial account details, precise geolocation, racial or ethnic origin, and more.

Cresva does not collect sensitive personal information as defined by the CPRA. We do not process Social Security numbers, precise geolocation, genetic data, or any other category of sensitive personal information. Payment card data is processed exclusively by Stripe and never stored on our systems.

11. Request metrics

As required by the CCPA, we will publish annual metrics on consumer requests received, complied with, and denied. Given that Cresva launched recently, we have not yet received a reportable volume of requests.

We will update this section annually with the number of requests to know, delete, correct, and opt-out received, complied with (in whole or part), and denied, along with median response times.

12. Contact us

CCPA questions or requests?

Contact us for any questions about this notice or to exercise your California privacy rights.

Email: hello@cresva.ai

Company: Cresva, Inc.

Response time: Within 45 days

California Attorney General: If you are not satisfied with our response, you may contact the California Attorney General at oag.ca.gov/privacy.