Privacy Policy

Last updated: May 11, 2026.

1. Scope

This Privacy Policy describes how CADABRA, Inc. ("CADABRA," "we") handles information when you:

• visit any page on cadabra.ai, including the marketing pages and pricing page;
• use the CADABRA dashboard at the /dashboard/ path, including sign-in and the post-payment welcome flow;
• use the CADABRA AI CAD copilot and any related features we offer; and
• contact us through any of our forms or email addresses.

If you reach CADABRA through an Enterprise account that your employer set up, your employer is the party that decides how your data is used inside that account, and we handle data on their behalf under our agreement with them.

2. Information we collect

2.1 Information you give us directly.

• Demo and contact form. When you open the "Get a demo" or contact form on the site, we collect the name, email, company name, and any message you submit. We also store the time you submitted it and which page you submitted from.
• Newsletter signup. If you join the newsletter on the homepage, we collect your email address.
• Pricing signup. When you start a paid plan on the pricing page, we collect your name, email, and (for Student plans) your school or university before sending you to Stripe to pay. We also record that you accepted the Terms & Conditions and the Privacy Policy at that moment.
• Account activation. After Stripe confirms payment, the dashboard's welcome page asks you to pick a password and confirm the Terms again. We store your name, email, hashed password (SHA-256 with a per-application salt), plan, the Stripe session ID for that purchase, and the time you accepted the Terms.
• Support and other messages. If you email team@cadabrai.com or talk to us through the community Discord we link to, we'll have whatever you send us.

2.2 Information we collect automatically.

• Technical data. When you load the site or the dashboard, our servers see your IP address (often shortened), your browser type and version, your operating system, your time zone, the page you came from, and which page on cadabra.ai you visited. We use this for site operation, security, and basic analytics.
• Local storage. The dashboard stores a small amount of information in your browser's local storage so you can stay signed in and so we can carry your checkout details across the Stripe redirect. We currently use these three keys: cadabra_auth_session (your active session), cadabra_users (your stored user record for this device), and cadabra_checkout_intent (the pending checkout details we hand off to the welcome page). This data lives in your browser, not on our servers.
• Error and performance logs. When something on the site or dashboard fails, we may log the error along with the request path, a timestamp, and basic device information so we can fix bugs.

2.3 Information from third parties.

• Stripe, when you complete a checkout, Stripe sends us a confirmation that includes your email, plan, billing country, the Stripe session ID, and tax information. Card numbers stay with Stripe; we never see them. Stripe's own handling of your data is governed by Stripe's privacy policy.
• Cloud infrastructure. Our hosting providers may pass us standard request metadata (like your IP address and request headers) so the site can respond to your browser.

3. How we use information

We use the information described above to:

• run cadabra.ai and the dashboard, including signing you in, remembering your plan, and showing you the right pages;
• process your payments through Stripe and prevent fraud;
• generate responses from the AI CAD copilot to your prompts;
• reply to your messages, demo requests, and support tickets;
• send you transactional emails (receipts, account notices, security alerts) and, only if you opt in, newsletter or product-update emails, which you can unsubscribe from at any time;
• keep the Service secure: detect abuse, debug errors, rate-limit traffic, and investigate suspicious activity;
• understand how the site and dashboard are used so we can make them better;
• comply with legal obligations (such as tax recordkeeping) and to enforce our Terms & Conditions.

4. Your CAD designs & AI training

We do use your inputs to:

• generate the response you asked for at the time you asked for it;
• operate, secure, and debug the AI copilot, for example, to investigate why a request failed;
• where we offer it, fine-tune a model that runs only for your own account or organization; and
• derive de-identified, aggregated data (such as "most users issue commands in this category") that no longer identifies you or your designs.

If we ever want to use your identifiable inputs to improve models used by other customers, we'll ask you to opt in first.

5. Cookies & local storage

We keep cookies to a minimum. We use:

• Essential storage, the three local-storage keys listed in §2.2 are needed to keep you signed in and to carry checkout state across the Stripe redirect. Disabling them will prevent the dashboard from working.
• Stripe, when you go to checkout, Stripe sets its own cookies under checkout.stripe.com to process the payment. Those cookies are controlled by Stripe.
• Third-party widgets, when you open the "Schedule a demo" Calendly widget or click a YouTube or LinkedIn link embedded on the site, those services may set their own cookies under their own domains.

Your browser settings let you block or clear cookies and local storage. If we add analytics or marketing cookies in the future, we'll update this section and, where required, show you a consent banner first.

6. Who we share information with

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share information only with:

• Stripe, to process payments and (if relevant) refunds;
• our cloud infrastructure providers who host cadabra.ai, the dashboard, and our databases;
• AI model providers whose APIs we call to generate Outputs for you, we only work with providers who contractually agree not to retain your prompts for their own training and to delete them after processing;
• email and support tools we use to send you transactional emails and answer your tickets;
• Enterprise administrators, if your account is part of an organization, who may see usage and billing information for accounts in their workspace;
• law enforcement or other authorities, only when we believe we are legally required to (for example, a valid subpoena), or when needed to protect the rights, property, or safety of CADABRA, our users, or the public; and
• a successor entity if we are involved in a financing, merger, acquisition, or sale of assets, in which case we'll require the recipient to honor this Policy or notify you of any change.

7. How long we keep information

• Account data: while your account is active and for up to 24 months after closure so we can handle billing disputes and prevent abuse.
• Your prompts, files, and AI outputs: until you delete them or close your account, whichever comes first. Backups may persist for up to 90 days after deletion.
• Billing records and invoices: up to 7 years, because tax and accounting laws require it.
• Marketing emails: until you unsubscribe.
• De-identified / aggregated data: kept indefinitely, because it no longer identifies you.

8. Security

We use commercially reasonable safeguards to protect your data, including TLS in transit, encryption at rest where supported by our infrastructure, hashed passwords (SHA-256 with a per-application salt), and least-privilege access for our staff. No online service is perfectly secure, so we cannot guarantee absolute security. If you discover a vulnerability or believe your account has been compromised, please email team@cadabrai.com.

9. International transfers

CADABRA operates from the United States and our service providers operate primarily in the United States. If you access CADABRA from outside the United States, your information will be transferred to and processed in the United States. When we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum), supplemented by technical and organizational measures.

10. Your rights & choices

Subject to your local law, you have the right to:

• ask us what personal information we hold about you and get a copy;
• correct information that is wrong or incomplete;
• ask us to delete your account and the information tied to it;
• export a portable copy of your data;
• object to or restrict certain uses of your information, including direct marketing;
• withdraw any consent you previously gave (this doesn't affect processing we did before you withdrew); and
• lodge a complaint with your local data-protection authority.

To exercise any of these rights, email us at team@cadabrai.com from the address tied to your account. We may need to verify your identity before acting on a request, and we'll respond within the time required by applicable law (and within 30 days where no specific deadline applies).

California residents. The California Consumer Privacy Act ("CCPA"), as amended by the CPRA, gives you the rights above plus the right to know the categories and specific pieces of personal information we collect, and the right to opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under the CCPA. We will not discriminate against you for exercising your rights.

11. Children

CADABRA is not directed to children under 16, and we don't knowingly collect personal information from anyone under 16. If you believe a child has provided us personal information, contact team@cadabrai.com and we'll delete it.

12. Changes to this Policy

We may update this Policy as the Service evolves. The "Last updated" date at the top of this page reflects the most recent revision. If we make a material change, we'll let you know by email or an in-app banner before the change takes effect.

13. Contact