Privacy Policy

Last updated: February 19, 2026

B&L Collective LLC ("CruLink", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website crulink.com and use our software-as-a-service products, including CruLink Forge and CruLink Signal.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when you:

  • Create an account (name, email address, company name, password)
  • Subscribe to a paid plan (billing information processed by Stripe)
  • Use our contact form (name, email, company, message content)
  • Configure your storefront (business name, logo, branding, contact details)
  • Upload content (product templates, 3D models, design files, images)
  • Communicate with us or other users through the platform (messages, support requests)

1.2 Information Collected Automatically

When you access our website or platform, we may automatically collect:

  • Browser type and version
  • Operating system
  • IP address
  • Pages visited and time spent
  • Referring website addresses
  • Device identifiers

1.3 Information from Third Parties

We may receive information from third-party services you connect to your account, including Stripe (payment and identity verification status).

2. How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain our platform and services
  • Process subscriptions, payments, and transactions
  • Manage your account and provide customer support
  • Send transactional communications (order confirmations, account notifications)
  • Send marketing communications about our products and services (with your consent)
  • Improve our platform, develop new features, and analyze usage patterns
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

3. Data Processing Roles

For Fabricator account data: CruLink acts as the data controller. We determine how and why Fabricator account information is processed.

For customer data processed through Fabricator storefronts: The Fabricator acts as the data controller and CruLink acts as the data processor. We process this data on behalf of the Fabricator solely to provide our services. Fabricators are responsible for obtaining appropriate consent from their customers and for their own privacy practices.

4. Information Sharing

We may share your information with:

  • Service Providers: Third-party vendors that help us operate our business, including:
    • Stripe (payment processing and Stripe Connect)
    • Vercel (website hosting)
    • Supabase (database and file storage)
    • Resend (email delivery)
    • Sentry (error tracking and monitoring)
  • Between Fabricators and Customers: When a customer places an order through a Fabricator's storefront, relevant order and contact information is shared between the parties to facilitate the transaction.
  • Legal Requirements: When required by law, subpoena, court order, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets.

We do not sell your personal information to third parties. We do not share your information with third parties for their own marketing purposes.

5. Cookies and Tracking

We use cookies and similar technologies to maintain your session, remember your preferences, and improve your experience. Essential cookies required for the platform to function cannot be disabled.

We may use analytics cookies to understand how our platform is used. You can control non-essential cookie preferences through your browser settings.

6. Data Security

We implement appropriate technical and organizational security measures, including:

  • SSL/TLS encryption for all data in transit
  • Encryption of sensitive data at rest
  • Secure payment processing through PCI-compliant providers (Stripe)
  • Role-based access controls and authentication
  • Regular security assessments and monitoring
  • Passwords hashed using industry-standard algorithms (bcrypt)

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide our services. After account termination, we retain data for up to 90 days before permanent deletion, unless a longer retention period is required by law (e.g., financial records may be retained for up to 7 years for tax and legal purposes).

You may request deletion of your account and associated data at any time by contacting us.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Portability: Request a machine-readable copy of your data
  • Objection: Object to processing of your information for certain purposes
  • Restriction: Request restriction of processing in certain circumstances
  • Withdraw Consent: Withdraw consent for marketing communications at any time

To exercise these rights, please contact us at bnlcollectivellc@gmail.com. We will respond to your request within 30 days.

9. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. As stated above, we do not sell personal information.

California residents may submit requests by contacting us at bnlcollectivellc@gmail.com. We will not discriminate against you for exercising your CCPA rights.

10. International Data Transfers

Our services are hosted in the United States. If you access our services from outside the United States, your information may be transferred to, stored, and processed in the United States. By using our services, you consent to such transfers.

11. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us and we will promptly delete it.

12. Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for the privacy practices of these external sites and encourage you to review their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page, updating the "Last updated" date, and where possible, sending email notification to active users. Your continued use of our services after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

B&L Collective LLC
Email: bnlcollectivellc@gmail.com