← Back to Home

Cradle Privacy Policy

Last updated: June 2025

Introduction

Cradle ("Cradle", "we", "our", or "us") provides a real-time meeting companion designed to support users during virtual conversations. This Privacy Policy outlines how we collect, use, disclose, and protect personal information when you interact with our services.

By using Cradle, you agree to the practices described in this policy.

Information We Collect

We collect personal information to provide and improve our services. This includes:

a. Information You Provide

  • Name and email address (when registering or connecting accounts)
  • Meeting metadata (e.g., timestamps, meeting titles, calendar links)
  • Transcripts generated from meetings

b. Information Collected Automatically

  • Device and browser information
  • Usage and interaction data (e.g., feature usage, session durations)
  • IP address and timezone

How We Use Your Information

We use collected data to:

  • Provide and improve Cradle's features (e.g., real-time guidance, transcription)
  • Personalize your experience
  • Analyze usage trends to enhance performance and UX
  • Prevent fraud and ensure system security
  • Comply with legal obligations

Transcript data may be reviewed internally to improve product performance and accuracy, but only with appropriate access controls and for specific debugging or improvement tasks.

Data Sharing and Disclosure

We do not sell your personal information. We may share your data under the following circumstances:

  • Service Providers: For infrastructure, analytics, and storage (e.g., Supabase)
  • Legal Requirements: In response to lawful requests (e.g., subpoenas, legal obligations)
  • Business Transfers: In the event of a merger, acquisition, or other business event

Data Retention

We retain your information only for as long as necessary to deliver services or meet legal and business requirements:

  • Transcripts and user data may be stored for up to 12 months unless deleted earlier by the user
  • Operational metadata is retained for up to 90 days
  • Upon request, user data will be securely deleted or anonymized

Data Security

We implement technical and organizational measures to protect your information, including:

  • Encryption of data in transit and at rest
  • Role-based access controls
  • Multi-factor authentication (MFA) across all internal systems
  • Row Level Security (RLS) in our Supabase database to restrict access at the record level
  • Temporary authorization tokens for third-party integrations like Google Calendar

These safeguards help ensure that only authorized systems and personnel can access your data. However, no system can guarantee absolute security, and we encourage users to contact us if they suspect any issues.

Your Rights and Choices

Depending on your location, you may have rights including:

  • Accessing or correcting your personal data
  • Requesting data deletion
  • Requesting a copy of your data (data portability)
  • Withdrawing consent (if applicable)

You may exercise these rights at any time by contacting jaredgaynes@gmail.com.

International Data Transfers

Your data may be processed and stored in jurisdictions outside of your home country, including the United States. We ensure all international data transfers comply with applicable laws.

Changes to This Policy

We may update this policy as needed to reflect changes in our practices, services, or legal requirements. When material changes are made, we will notify users through the product or via email.