This policy explains what personal information CrossRow (“CrossRow,” “we,” “us”) collects when you use our website and application at crossrow.ai and app.crossrow.ai (the “Service”), how we use it, and the choices you have. CrossRow generates synthetic data, so by design the Service does not require you to upload real customer or production data.
1. Information we collect
We collect only what we need to run the Service:
- Account information. When you register, we collect your email address and, optionally, your name. Authentication is handled through Amazon Cognito; we do not store your password in plaintext.
- Content you submit. To generate data, you provide database schemas, SQL DDL, plain-English descriptions, and generation hints. This is your input, and we process it to produce your synthetic data. You should not submit real personal data or production records; the Service is built so you do not have to.
- Generated output. The synthetic datasets we produce for you are stored in cloud storage (Amazon S3) associated with your account until you delete them.
- Technical and usage data. Our infrastructure logs standard technical information such as IP address, request timestamps, and error diagnostics, used to operate and secure the Service.
We do not use advertising or analytics tracking cookies. Your session token is stored in your browser’s local storage to keep you signed in, not in a tracking cookie.
2. How we use your information
- To provide the Service: analyze your schema, plan generation, produce and score synthetic data, and deliver the output to you.
- To secure and maintain the Service, prevent abuse, and debug problems.
- To communicate with you about your account, security, and material changes to the Service.
We do not sell your personal information, and we do not use your submitted schemas or generated data to train our own models.
3. Language-model processing
CrossRow uses large language models to infer the structure of your schema, plan how each column should be generated, and evaluate the quality of the output. To do this, your schema descriptions and small samples of generated data are sent to our language-model providers (currently OpenAI and Anthropic) solely to perform these tasks and return a result. Because the Service generates synthetic data, this material describes the shape of data you want, not your real records.
4. Service providers (sub-processors)
We rely on a small set of infrastructure and processing providers who handle data on our behalf under their own security and privacy commitments:
- Amazon Web Services: hosting, storage (S3), authentication (Cognito), and content delivery, in the United States.
- OpenAI and Anthropic: language-model processing as described in Section 3.
5. Data retention
We retain your account information for as long as your account is active. Generated datasets remain in your storage until you delete them or close your account. When you delete data or your account, we remove the associated content from active systems, subject to routine backups that expire on a rolling basis.
6. Security
We protect your information with encryption in transit, access controls, and reputable cloud infrastructure. No system is perfectly secure, but because the Service does not require real production data, the sensitivity of what you place in it is materially lower than a system that ingests live records.
7. Your rights
You may access, correct, export, or delete your account information and generated data at any time from within the application, or by contacting us. Depending on where you live, you may have additional rights under laws such as the GDPR or CCPA, including the right to object to or restrict certain processing. We honor valid requests to exercise these rights.
8. International users
CrossRow is operated from and hosted in the United States. If you access the Service from outside the United States, you understand that your information will be processed in the United States.
9. Children
The Service is intended for business use and is not directed to children under 16. We do not knowingly collect personal information from children.
10. Changes to this policy
We may update this policy as the Service evolves. When we make material changes, we will update the effective date above and, where appropriate, notify you.
11. Contact
Questions about this policy or your data can be directed to our contact form.