Search Crucible processes the documents and data that power your search applications, and we treat that responsibility seriously. This page describes the measures we use to protect your data. It is a summary, not a contractual commitment; our contractual obligations are set out in our Terms of Service, Privacy Policy, and Data Processing Agreement (available on request).
Data is encrypted in transit using TLS and encrypted at rest. Connections to the Services and to our subprocessors use modern, encrypted protocols.
The Services run on Cloudflare's global edge network. Each workspace is provisioned with its own isolated storage and vector index, so one customer's content is kept logically separate from another's. Indexing, retrieval, and AI inference run within this infrastructure rather than being sent to general-purpose third-party model providers.
Authentication and organisation management are provided by Clerk. Access to your workspace is scoped to your organisation and its members. Internally, access to production systems follows the principle of least privilege, is limited to personnel who need it, and is authenticated and logged.
We do not use your uploaded content to train our own models, and we do not sell it. Cloudflare Workers AI, which we use for inference, does not store your inputs and outputs for its own purposes and does not use them to train its models. Documents that require conversion (for example PDFs) are parsed by LlamaParse and then returned to our pipeline. The third parties that may process your data are listed on our subprocessors page.
Our analytics data is hosted in the European Union. For customer content, our infrastructure providers offer regional options, and we can discuss residency requirements with enterprise customers. If you have a specific residency requirement, contact us before you onboard so we can confirm a suitable configuration.
You can delete content from the Services, and you can request deletion of your account data. On termination, we delete or return customer personal data in line with our Data Processing Agreement (available on request), subject to standard backup cycles and any legal retention obligations.
If you believe you have found a security vulnerability, please report it to security@searchcrucible.com. We welcome responsible disclosure and will work with you to validate and address genuine issues. Please give us a reasonable opportunity to remediate before any public disclosure, and do not access or modify data that is not yours while testing.
We design and operate the Services to meet our obligations under the UK GDPR and EU GDPR. We offer a Data Processing Agreement (available on request) with Standard Contractual Clauses for international transfers, and we maintain a public list of subprocessors. Formal third-party certification, including SOC 2, is part of our roadmap as we grow; we are happy to discuss our current posture and timeline with enterprise customers under NDA.
For security questions, security questionnaires, or to request our Data Processing Agreement, contact security@searchcrucible.com or our Data Protection Officer at dpo@searchcrucible.com.