How CrestProof handles the documents you send, what we do with them, and how we protect them.
We only use your materials to perform the requested proposal operations work. We do not use your documents to train public models. We can delete raw files after delivery or after an agreed retention window. We do not accept classified, CUI with handling restrictions we cannot meet, or ITAR-controlled materials during the pilot stage.
Documents you provide are used solely to produce the deliverables in your engagement. We do not use them for any other purpose — including training AI models, benchmarking our systems, improving generalized tools, or creating derivative works outside your engagement.
Your solicitation documents, attachments, and any business context you share are not used to train, fine-tune, or evaluate any public AI model or shared system.
Your documents are not shared with third parties, uploaded to public platforms, or indexed by external services as part of our standard process. If a third-party tool is involved in processing, we disclose that before intake.
Raw solicitation files are not retained indefinitely. After delivery, files are deleted on a default schedule or earlier on request. We do not keep your documents for reuse in future engagements without explicit agreement.
Documents are transferred via encrypted channels. We do not request sensitive files over unencrypted email attachments unless you have confirmed a secure routing option is in place.
Files are stored in encrypted storage during the engagement. Access is restricted to personnel working on the specific engagement.
You may request deletion of your raw solicitation documents at any time after delivery. We confirm deletion in writing on request. Default retention is 30 days post-delivery unless a shorter or longer window is agreed at intake.
The following document types are outside our current handling scope regardless of other agreement terms:
We do not accept solicitations, attachments, or background documents that are classified at any level. Do not send classified documents through any intake path.
We do not accept Controlled Unclassified Information (CUI) with handling instructions that CrestProof cannot currently meet — including CUI requiring CMMC, specific enclave controls, or cleared-facility handling.
We do not accept solicitations or technical attachments subject to ITAR control at this stage of operations.
Our current scope is civilian federal IT and professional services. We do not accept defense-primary solicitations involving sensitive national security technology at this stage.
A mutual non-disclosure agreement is available before any solicitation documents are exchanged. See the NDA overview for key provisions and how to request it.
If your organization has specific document handling requirements — organizational policies, contractual restrictions, or security protocols — let us know before intake. Email proposals@crestproof.com. If the requirement is within scope, we will accommodate it. If it is outside current scope, we will tell you clearly before any documents are exchanged.
Contact Us →