Orathon Craft
Terms of Service Support

Orathon Craft, LLC

Privacy Policy

Effective date: May 27, 2026

1. Overview

Orathon Craft, LLC ("Orathon Craft," "we," "us," or "our") operates a private email and deal-workflow application available at eastonstreet.orathon.com and related pages (the "Service"). The Service helps authorized users review deal-related emails, classify opportunities, extract information from email bodies and attachments, generate investment summaries, and move approved information into connected business tools such as Airtable, Dropbox, and Slack.

This Privacy Policy explains how we collect, use, disclose, retain, and protect information when you use the Service or authorize integrations with Google Gmail, Airtable, Dropbox, Slack, Anthropic, OpenAI, Google Gemini, Langfuse, or similar service providers used to operate the Service.

2. Contact

If you have questions, requests, or concerns about this Privacy Policy or the Service, contact us at admin@orathon.com.

Company: Orathon Craft, LLC
Support email: admin@orathon.com

3. Information We Collect

We collect information you provide directly, information created through your use of the Service, and information made available through integrations you authorize.

  • Account information: name, email address, organization or domain, authentication identifiers, session information, role, access status, and configuration preferences.
  • Google Gmail information: Gmail message IDs, sender and recipient information, subject lines, timestamps, snippets, email body content, attachments, attachment metadata, and related messages that the Service retrieves to classify, summarize, or process emails you are authorized to access.
  • Airtable information: OAuth authorization details, base and table identifiers, schema metadata, record IDs, configured fields, and the deal records the Service creates, reads, or updates when you approve publication to Airtable.
  • Dropbox information: OAuth authorization details, account metadata, selected folder or file metadata, uploaded deliverables, shared links, and file paths used to store or retrieve approved deal materials.
  • Slack information: OAuth authorization details, workspace metadata, user and channel identifiers, and notification content sent when you use Slack-related features.
  • Deal and document content: email text, PDF files, ZIP files, spreadsheet files, images, Dropbox or public file links, extracted text, source citations, generated one-pagers, validation reports, and analyst edits.
  • AI processing and observability data: prompts, model inputs and outputs, structured extraction results, validation scores, citations, token counts, costs, error messages, trace identifiers, and model provider metadata used to operate, monitor, debug, and improve the Service.
  • Technical and usage information: IP address, browser type, device information, request logs, timestamps, route paths, status codes, cookies or similar session technologies, and security logs.
  • Support communications: messages you send to us, troubleshooting details, and any files or screenshots you choose to provide.

4. How We Use Information

We use information to provide, secure, maintain, and improve the Service. Specifically, we use information to:

  • Authenticate users and enforce approved-domain, allowlist, and administrative access controls.
  • Connect to Gmail, Airtable, Dropbox, Slack, and other tools only after authorization.
  • Retrieve and classify emails, identify potential new deals, group related messages, and show items in review queues.
  • Read email bodies, attachments, PDFs, ZIP files, spreadsheets, images, and linked materials to extract deal information after authorized workflows are initiated.
  • Create draft one-pagers, citations, validation checks, and editable summaries for user review.
  • Publish approved information to Airtable, upload approved deliverables to Dropbox, and send approved notifications to Slack.
  • Run AI extraction, reasoning, citation, image-selection, validation, repair, and quality-assurance workflows.
  • Monitor API usage, prompt versions, costs, errors, model performance, and reliability.
  • Prevent abuse, investigate failures, protect the Service, and comply with legal obligations.
  • Respond to support requests and administrative inquiries.

5. Google API and Gmail Data

If you authorize Google access, the Service uses Gmail data only to provide and improve user-facing features that you request or that are necessary for the email-review workflow. Gmail data is used to classify emails, show source messages, retrieve relevant attachments, generate deal summaries, prepare approved Airtable or Dropbox outputs, and troubleshoot the Service.

We do not sell Gmail data. We do not use Gmail data for advertising. We do not allow humans to read Gmail content unless it is necessary for support, security, legal compliance, or troubleshooting and is permitted by the user or organization. We do not transfer Gmail data to third parties except as necessary to provide the Service, comply with law, protect rights and security, or as part of an authorized integration or service provider relationship described in this Privacy Policy.

The Service's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

6. Airtable Data

When you connect Airtable, the Service uses Airtable OAuth access only to read the base and table configuration you choose and to create, read, or update records needed for the deal workflow. The Service may write approved deal fields, source links, generated deliverables, status information, and Airtable record identifiers. We do not use Airtable data for advertising or sell Airtable data to third parties.

7. AI Providers and Automated Processing

The Service uses AI model providers and observability tools to classify emails, extract structured deal data, summarize documents, select useful images, generate one-pagers, produce source citations, validate accuracy, and monitor performance. Depending on the workflow, content may be processed by Anthropic Claude, OpenAI, Google Gemini, Langfuse, and infrastructure providers that help operate the Service.

AI outputs may be inaccurate or incomplete. The Service is designed to keep user review, source citations, validation reports, and approval steps in the workflow so users can evaluate generated content before relying on it or sharing it externally.

8. How We Share Information

We share information only as needed to operate the Service, at your direction, or as legally required. This may include sharing information with:

  • Authorized users in your organization: for review queues, approved deal records, generated deliverables, and shared workflow outputs.
  • Integration providers: Google, Airtable, Dropbox, and Slack when you authorize connections or use workflows involving those services.
  • AI and infrastructure providers: Anthropic, OpenAI, Google Gemini, Langfuse, hosting providers, database providers, email providers, logging providers, and security providers used to run, monitor, or secure the Service.
  • Legal and safety recipients: courts, regulators, law enforcement, or other parties when required by law or when necessary to protect rights, safety, security, or the integrity of the Service.
  • Business transaction parties: if we are involved in a merger, acquisition, financing, restructuring, or sale of assets, subject to appropriate confidentiality protections.

We do not sell personal information.

9. Retention

We retain information for as long as needed to provide the Service, maintain authorized integrations, preserve workflow history, comply with legal obligations, resolve disputes, enforce agreements, and maintain security. OAuth tokens are retained while an integration remains connected and are deleted or invalidated when the integration is disconnected where technically feasible. Email-derived deal records, generated summaries, logs, validation reports, and audit information may remain in the Service until deleted by an authorized user or no longer needed. Backups may persist for a limited period before rotation or deletion.

10. Security

We use administrative, technical, and organizational safeguards designed to protect information, including access controls, OAuth authorization, encrypted transport, production environment controls, logging, and limited administrative access. No system is perfectly secure, and we cannot guarantee that information will never be accessed, disclosed, altered, or destroyed by unauthorized parties.

11. Your Choices and Requests

You may disconnect supported integrations such as Airtable, Dropbox, or Slack from within the Service where those controls are available. You may revoke Google access through your Google Account security settings. You may contact admin@orathon.com to request access, correction, deletion, export, or other assistance with information associated with your account, subject to identity verification, contractual obligations, technical limitations, and legal requirements.

12. Cookies and Similar Technologies

The Service uses cookies and similar technologies for authentication, session management, security, preferences, and application functionality. You can control cookies through your browser settings, but disabling cookies may prevent the Service from working correctly.

13. International Processing

Information may be processed in the United States and other locations where we or our service providers operate. By using the Service, you understand that information may be transferred to and processed in jurisdictions that may have different data protection laws than your location.

14. Children's Privacy

The Service is intended for business use and is not directed to children under 13. We do not knowingly collect personal information from children under 13.

15. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and may provide additional notice through the Service or by email. Continued use of the Service after an updated policy becomes effective means the updated policy applies to your use of the Service.