Log in

Privacy Policy

Last updated: March 2026

Crux is an AI-powered advisor that helps you compare workflow automation platforms. This policy explains what data we collect, why, and what we do with it.

If something is unclear, ask us.

What we collect

Account information. Your email address. That's it. We use passwordless magic links for authentication, so you never set a password with us.

Conversations. The questions you ask and the recommendations you receive. This includes which advisor tools were used during your conversation.

Company context. If you choose to provide it, you can add up to 2,000 characters describing your organization in Settings. This is entirely optional and used only to personalize your recommendations.

AI Maturity Calculator. If you use this tool, we collect your assessment answers, calculated scores, and the email and company name you provide at the end.

Technical data. IP addresses for rate limiting and abuse prevention. Browser user agent for session management. That's the extent of it.

What we don't collect

  • No third-party analytics. No Google Analytics, no Mixpanel, no Segment.
  • No tracking pixels or advertising scripts.
  • No payment or financial information. Crux does not process payments or store financial data.
  • No passwords. Magic links only.

How we use your data

  • To provide the service. Your conversation messages are sent to OpenRouter's routed model API to generate recommendations. Your company context, if provided, is included to personalize responses.
  • To authenticate you. Your email is used to send magic link login emails via Resend.
  • To prevent abuse. IP addresses are used for rate limiting. We enforce burst, hourly, and daily limits to keep the service available for everyone.
  • To communicate with you. We may use your email address to contact you about Crux features, service updates, or business proposals related to workflow automation. You can opt out of non-essential communications at any time by replying to any email or contacting us.
  • To make shared content available. When you share a conversation or generate a research report link, that content is made publicly accessible to anyone with the link. Shared content may be indexed by search engines.

Third-party services

We share data with these services:

  • OpenRouter. Your conversation content is processed by OpenRouter to generate recommendations. See OpenRouter's privacy policy.
  • Resend. Your email address is used to deliver magic link authentication emails. See Resend's privacy policy.
  • Affiliate partners. When you click an affiliate link and sign up for a platform, that platform may share conversion data (that you signed up) with us for commission attribution. We do not receive your account details or usage data from these platforms.

We don't sell your data. We don't share it with advertisers. Crux earns revenue through affiliate commissions when users sign up for automation platforms through links on our site, not through advertising or data sales.

Data retention & deletion

  • You can delete any conversation from your conversation list. Deleted conversations are soft-deleted and purged from our systems.
  • Shared conversations and research reports are publicly accessible via their link and automatically expire after 120 days.
  • Conversations not associated with an account and not shared are cleaned up after 7 days.
  • You can request full account deletion by contacting us.

Communications

We may contact you at the email address associated with your account for:

  • Service emails. Magic link logins, account-related notices, and policy changes. These are necessary for the service to function.
  • Commercial communications. Product updates, feature announcements, or business proposals related to workflow automation. You can opt out of these at any time by replying to any email or contacting us at [email protected].

Cookies & local storage

We use the minimum necessary:

  • Session cookie. Keeps you logged in.
  • Free message counter. A signed cookie that tracks how many free messages you've used before signing up.
  • Theme preference. Stored in your browser's localStorage so we remember your dark/light mode choice.

No third-party cookies. No cross-site tracking.

Security

  • All connections are encrypted with HTTPS.
  • Credentials and secrets are stored in Rails encrypted credentials, never in plain text or environment variables.
  • Personally identifiable information is filtered from application logs.
  • CSRF protection is enabled on all forms.

Your rights

You have the right to:

  • Access your data: see your conversations and account information.
  • Correct your data: update your email or company context in Settings.
  • Delete your data: remove individual conversations or request full account deletion.
  • Export your data: contact us and we'll provide your data in a portable format.

Changes to this policy

We may update this policy to reflect changes in our practices or for legal reasons. When we make significant changes, we'll note the new date at the top of this page. For major changes, we'll make reasonable efforts to notify you via the email address associated with your account.

Contact

Questions about this policy? Email us at [email protected].