Crown Mosaic Holdings LLC
Privacy Policy
Effective date: June 2026
Crown Mosaic Holdings LLC (“CMH,” “we,” “our”) operates the Crown Mosaic Platform (“CMP”). This policy explains what client information we collect, how it is processed, the third-party services involved, and your rights. It applies to clients who engage CMP for a business diagnostic.
1. What we collect
Assessment intake responses (your answers to the CMP diagnostic instruments, containing business-context information you provide voluntarily). Business context information (company name, industry, team structure, and other details needed to generate the diagnostic). Engagement metadata (date, time, module, delivery method, and tier, used for delivery, billing, and quality assurance). Payment information (billing name, email, and payment method, processed by our payment provider; we do not store full card numbers).
2. How your data is processed
AI-assisted diagnostic generation. Your assessment responses and business context are transmitted to Anthropic, PBC via the Claude API to generate the diagnostic narrative, scoring summary, recommendations, and companion artifacts that make up your report. Anthropic processes this data as our sub-processor under Anthropic’s commercial API terms and privacy policy. Crown Mosaic Holdings does not use your assessment data to train any Crown Mosaic model, and we do not build a separate proprietary model from client data.
Report delivery. Completed reports are rendered as PDF files and stored in cloud object storage (Cloudflare R2). You access your report through a secure link that expires within 24 hours of generation. Please save your own copy on delivery; we do not guarantee indefinite re-delivery after that window.
Intake and workflow. Intake form submissions and engagement coordination data are routed through Notion, which we use for internal case management.
No sale of personal data. We do not sell, rent, or share your personal data with third parties for their own marketing or advertising.
3. Third-party sub-processors
| Sub-processor | Role | Data it receives |
|---|---|---|
| Anthropic, PBC | AI narrative generation via the Claude API | Assessment responses and business context, as submitted at intake. Processed under Anthropic’s commercial API terms; CMH trains no model on this data. |
| Cloudflare, Inc. (R2) | Report file storage and secure delivery links | Your rendered PDF report files |
| Railway Corp. | Application hosting and runtime | Data processed by the CMP application traverses Railway infrastructure during processing |
| Stripe, Inc. | Payment processing | Billing name, email, and payment method only; Stripe does not receive your assessment content |
| Notion Labs, Inc. | Intake workflow and internal case management | Intake form submissions (which may include assessment responses) and engagement coordination details |
Mercury (our bank) processes only CMH’s own financial transactions and receives no client data; it is not a CMP sub-processor.
4. De-identified observations
CMH may create and retain de-identified observations derived from engagements: diagnostic patterns and engagement-level metrics from which your name, brand, personnel names, and any information that could reasonably identify you have been removed, and which are not combined with other data in a way that could re-identify you. We use these only to improve our diagnostic instruments and to produce aggregated, anonymized benchmarks. They are never attributable to you and are never shared in attributable form. This right is exercised only where it is granted in your engagement agreement; it is not enabled by default.
5. Data location and retention
CMP infrastructure and storage are hosted in the United States (Railway and Cloudflare R2); intake data routed through Notion may be stored on Notion’s United States infrastructure. We retain client intake data and report artifacts for three (3) years, after which they are deleted in the ordinary course. De-identified observations under Section 4 are retained on an aggregated basis.
6. No attributable marketing without your separate written consent
We will not use your name, brand, logo, or any attributable business outcome or finding in any marketing, case study, testimonial, or public communication without your separate, express written consent. Signing your engagement agreement does not grant that consent. Only aggregated, anonymized benchmarks that are not attributable to you may appear in our materials.
7. Your rights
You may request access to, correction of, or deletion of your personal data, subject to our retention obligations and the de-identified-observations provision in Section 4 (which is not personal data once de-identified). Where required by applicable law, including the CCPA for California residents, we comply with data subject rights. To exercise these rights, contact admin@crownmosaicholdings.com.
8. Cookies and changes to this policy
This website uses essential cookies required for site functionality. We do not use advertising cookies or third-party tracking pixels. We review this policy at least annually and whenever our sub-processors or data practices materially change. We post updates on this page and notify active clients by email of any material change. Owner: Crown Mosaic Holdings LLC, crownmosaicplatform.com.
9. Contact
Questions regarding this privacy policy:
admin@crownmosaicholdings.com