How Cruxi Protects Your Data
This page is the public source of truth for how the live Cruxi regulatory platform handles 510(k) workflow data, uploaded documents, microservice artifacts, exports, deletion, retention, and linked legal terms. It is written to verified-only standards so partners can review what is true in the product today.
Scope and platform data
What this page covers
The live regulatory application, including 510(k) workflow projects, uploaded submission documents, generated workflow artifacts, privacy requests, account controls, and the main regulatory microservices.
Data categories
- Account, onboarding, and billing context.
- Project and workspace metadata.
- Uploaded documents and generated regulatory artifacts.
- Messages, usage records, consent records, and privacy-request records.
Regulatory workflow scope
This trust page is intended to describe the core regulatory platform surfaces that support submission preparation, assessment, drafting, and related regulatory operations. It is not a statement about every unrelated service in the broader repository.
Operational controls
Access and authorization
- Project-level operations are scoped to the authenticated owner in the application.
- Privacy and deletion actions are available only to the authenticated user for their own account.
- Production access is restricted through application and infrastructure controls.
Audit and accountability
- Security audit logs are recorded for export, deletion actions, direct document download/view access, and current regulatory admin entry points tied to the 510(k) workflow and submission services.
- Formal privacy requests are tracked separately from immediate self-service deletion.
- Email/password accounts are required to use a strong password with at least 12 characters, uppercase, lowercase, number, and symbol.
- Public claims on this page are limited to controls that are live and evidenced today.
User rights and self-service controls
| Control | Current live behavior |
|---|---|
| Project deletion | Users can delete projects from the regulatory UI, which removes the project from the active workspace and triggers cleanup of linked workflow artifacts. |
| Account deletion | Users can delete their account from the app. This removes the active account and owned project data from the live product path. |
| Data export | Users can export profile, project, workflow, message, consent, and privacy-request data as JSON. |
| Formal privacy requests | Users can submit tracked access, portability, rectification, or erasure requests separately from immediate self-service deletion. |
Encryption and infrastructure
| Topic | Current implementation detail |
|---|---|
| Encrypted in transit | Traffic between users and the live service is served over HTTPS/TLS at the hosting edge and application entry points. |
| Encrypted at rest | The primary production Google Cloud Storage bucket that holds uploaded 510(k) documents and generated submission artifacts now uses a customer-managed Cloud KMS key by default. Managed database and other infrastructure layers continue to rely on provider-managed encryption at rest unless separately stated. |
| KMS-backed object protection | The live production configuration uses GCS_KMS_KEY_NAME for the primary regulatory storage path, and the production cruxi bucket default encryption is set to the same customer-managed key. That means new uploads and newly generated submission artifacts on the current production storage path are written with customer-managed KMS protection at the storage boundary. |
| Not yet app-layer encrypted | MongoDB records and other application-layer fields are not represented here as newly field-encrypted by Cruxi application code. This page does not claim that all database fields are application-layer encrypted by Cruxi. |
| Infrastructure providers | Application data is stored across managed hosting, file storage, database, and AI providers listed on the Subprocessors page. |
Retention, deletion, and backup posture
Retention automation
- A monthly scheduler-based internal retention job is deployed for stale inactive projects and accounts.
- Active subscriptions and memberships are excluded from automatic purge.
- Retention warnings can be sent before purge actions run.
Backup and restore limits
- Cruxi relies on managed-provider operational backups for service continuity.
- This page does not promise customer self-service restoration after hard deletion.
- Any exceptional restore activity is subject to remaining provider backup windows and incident-response handling.
AI processing and subprocessors
Cruxi uses external infrastructure and AI providers to deliver the regulatory workflows requested by the user. The current live 510(k) workflow stack includes Google Vertex AI / Gemini and OpenAI for supported AI-assisted analysis and drafting paths, along with the infrastructure providers listed on the Subprocessors page. This trust page does not claim zero-retention AI processing or any broader subprocessor commitment beyond what is separately documented and currently verified.
Linked legal and trust documents
Platform use terms, account responsibilities, and service limitations.
How Cruxi handles personal data in the live regulatory platform.
Partner-facing processing terms for controller/processor review.
Current third-party infrastructure and service providers used by the platform.
Cookie and similar technology disclosures for the public-facing web surfaces.
Formal request path for access, portability, rectification, and erasure.
Privacy and partner contact
Privacy and data-protection questions: privacy@cruxi.ai
General support and partnership requests: support@cruxi.ai
Recommended partner review set: this page, the Privacy Policy, the DPA, the Subprocessors page, and the Data Subject Request page.