Privacy Policy

CroJack Capital Inc. ("we," "our," or "us") respects your privacy and is committed to protecting personal information collected through this website ("Website"). This Privacy Policy explains how information is collected, used, and safeguarded when you visit or interact with the Website.

1. Information We Collect

We may collect limited personal information that you voluntarily provide, including but not limited to:

• Name
• Email address
• Company name
• Any information submitted through contact or inquiry forms

We do not collect payment information or conduct transactions through this Website.

2. How We Use Information

Information collected through the Website may be used to:

• Respond to inquiries or requests
• Communicate about services or opportunities
• Improve the Website and its content
• Maintain internal records

We do not sell, rent, or trade personal information.

3. Confidentiality and Discretion

While CroJack Capital Inc. operates with discretion, information submitted through this Website is not guaranteed to be confidential unless expressly agreed to in writing outside of the Website.

4. Cookies and Analytics

The Website may use cookies or similar technologies to improve user experience and analyze website performance. These tools may collect non-identifying information such as browser type, pages visited, and general usage data.

You may disable cookies through your browser settings; however, some features of the Website may not function as intended.

5. Third-Party Services

The Website may use third-party tools or services, such as analytics or hosting providers, that process data on our behalf. These providers are only permitted to use information as necessary to perform services for us.

The Website may also contain links to third-party websites. We are not responsible for the privacy practices or content of those websites.

6. Data Security

We take reasonable administrative and technical measures to protect personal information submitted through the Website. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

7. Data Retention

Personal information is retained only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law.

8. Gmail and Email Correspondence

CroJack’s platform integrates with the Gmail mailboxes of CroJack employees who choose to connect them. This section explains what we collect, why, how long we keep it, and what rights you have over it. A full version of this section, including the in-app consent disclosure, is also available at /privacypolicy/gmail-extraction.

8.1 What we collect

We access Gmail through Google’s official APIs under the read-only scope (https://www.googleapis.com/auth/gmail.readonly). When you connect your mailbox, CroJack extracts message bodies (plain text and HTML), headers (sender, recipient, subject, timestamps, thread IDs), attachments, Gmail labels, and message metadata. We collect only from the mailbox you yourself connect. Our use of data obtained through Google APIs is subject to, and complies with, the Google API Services User Data Policy — including the Limited Use requirements — and the Google Workspace API User Data and Developer Policy.

8.2 CroJack Deal Engine

CroJack uses Gmail content for two distinct purposes. We ask for your consent to each one separately at the time you connect.

Purpose 1 — Operational features (required).CroJack reads your connected mailbox so you, the connecting employee, can search, summarize, and reconstruct deal threads inside CroJack. Outputs are visible to you and to CroJack colleagues who already have access to the underlying deal. Under Google’s Workspace API policy, this is operational-tier permitted use: we process a user’s own data to provide that same user a feature. Under PIPEDA / CPPA, this falls within CroJack’s lawful basis to process its own business records for the purpose of carrying on its business.

Purpose 2 — CroJack Deal Engine (optional). If you separately opt in, CroJack retains your mailbox content as part of an internal training and grounding corpus used to power company-wide search across deal correspondence, ground AI-assisted drafting of sell sheets, follow-ups, and intake responses, extract deal-pattern features (counterparties, terms, freight conventions, pricing priors), and improve predictive features (lead scoring, supplier-fit, pricing). The Deal Engine is not the same as Purpose 1: it uses your data for purposes that go beyond serving you a feature in your own mailbox.

CroJack does not use Workspace API data to train AI or machine-learning models that operate beyond the specific user’s personalized context except where that user has explicitly opted in to the CroJack Deal Engine and has acknowledged that CroJack — not Google — is the recipient and controller of the data once it has been lawfully obtained for an operational purpose and the user has separately authorized its retention for Deal Engine purposes.

8.3 Third parties in your mailbox

Connected mailboxes contain correspondence with suppliers, buyers, and other third parties who did not separately consent to CroJack reading them. We rely on the connecting employee’s authority — confirmed at the time of consent — to share that correspondence with CroJack’s internal systems for the operational and (where opted in) Deal Engine purposes described above.

Third parties whose personal information is contained in connected mailboxes may have rights under PIPEDA / CPPA (Canada), GDPR (EU/UK), CCPA / CPRA (California), Quebec Law 25, and similar laws. These rights include access, correction, deletion, and (where applicable) the right to limit use of sensitive personal information. Requests should be sent to privacy@crojack.com.

Outbound emails sent from CroJack on a connected employee’s behalf, or by CroJack-authored AI features, carry a short footer notifying recipients that correspondence with CroJack may be retained in CroJack’s internal systems including AI-assisted features, and pointing to this Privacy Policy. This is intended to put correspondents on constructive notice of CroJack’s processing, in support of CroJack’s transparency obligations under GDPR Art. 13 / 14 and OPC PIPEDA Findings 2026-002.

8.4 Retention

Operational tier (Purpose 1). Extracted messages and attachments are retained while your mailbox connection is active and for 30 days after the connection is disconnected or after consent is withdrawn.

Deal Engine tier (Purpose 2).If you have opted in, extracted messages and attachments are retained indefinitely as part of CroJack’s training and grounding corpus, subject to annual review for minimization. On withdrawal of Purpose 2 consent: raw extracts purged within 30 days; derived embeddings and indices removed within 30 days; future fine-tunes and retrainings exclude the withdrawn content. Content already incorporated into a fine-tuned model in production cannot be retroactively removed from that model under current technology; we document this limitation in our consent flow.

Backup copies.Standard business-records backups are retained for 7 years per CroJack’s business-records policy. Backups are encrypted at rest, are not used for AI training, and are restored only for disaster recovery and legal-hold purposes.

8.5 Lawful bases

Depending on the jurisdiction that applies to you (or to a third party whose data appears in a connected mailbox), CroJack relies on the following lawful bases:

• Canada (PIPEDA / CPPA).Express, purpose-specific consent under CPPA s.15 (Purpose 1 and Purpose 2). Business-records basis for Purpose 1 (CroJack employee correspondence). Compliance with the OPC’s PIPEDA Findings 2026-002 framing of AI training as a distinct purpose requiring distinct consent.
• Quebec (Law 25). Express consent for processing personal information for a purpose other than the one for which it was originally collected. A French-language version of the consent disclosure is available on request.
• EU / UK (GDPR / UK GDPR).Consent under Art. 6(1)(a) for Purpose 2. Legitimate interest under Art. 6(1)(f) for Purpose 1, subject to the documented Legitimate Interest Assessment available on request. Transparency to third-party data subjects under Art. 14 is provided by the outbound footer plus this Privacy Policy; CroJack documents the Art. 14(5)(b) “disproportionate effort” assessment where direct notice is not practicable.
• California (CCPA / CPRA). This Privacy Policy section, together with the in-app consent disclosure, serves as the Notice at Collection. California residents have the rights to know, delete, correct, opt out of sale/sharing, and limit use of sensitive personal information (which includes contents of email under CPRA §1798.121). Email contents are treated as Sensitive Personal Information under California law.

8.6 Your rights (withdrawal, access, correction, deletion, opt-out)

You may at any time:

• Withdraw consent to either purpose in Settings → Privacy → Gmail integration. Withdrawal stops new use immediately and triggers the retention timelines described above.
• Request access to the personal information CroJack holds about you.
• Request correction or deletionof personal information, subject to CroJack’s legal-hold and business-records obligations.
• Opt out of any processing that constitutes a sale or share under California law (CroJack does not sell personal information; we list this right because it is required).
• Limit use of sensitive personal information under CPRA §1798.121.
• Request your information in a portable format (data portability under PIPEDA / GDPR).

Send requests to privacy@crojack.com. We will respond within statutory timelines (30 days under PIPEDA / GDPR; 45 days extendable under CCPA).

9. Your Rights

Depending on applicable law, you may have the right to request access to, correction of, or deletion of your personal information. Requests may be submitted using the contact information below. For data collected through the Gmail integration described in Section 8, see Section 8.6 — Your rights.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. Continued use of the Website constitutes acceptance of the updated policy.

11. Contact Information

If you have questions about this Privacy Policy or how your information is handled, please contact:

CroJack Capital Inc.
General privacy: privacy@crojack.com
Website inquiries: contact@crojack.com
+1 410 693 2010