In this article:
This article is provided for informational purposes only. It is not legal advice, not a contract, and does not create any legal rights or obligations. Capitalized terms refer to those defined in Crossbeam's Terms of Service.
Overview
Crossbeam is a business-to-business SaaS platform that enables companies to identify overlapping customers, opportunities, and prospects with their partners, while keeping the rest of their data private and protected. The data in Crossbeam is business-to-business CRM data, such as information related to your prospects, opportunities, and customers.
Crossbeam uses Customer Data to provide, support, and improve the Service. This Explainer describes specifically how Crossbeam uses AI and machine learning and data aggregations, and how Customer Data is protected in that context.
AI-Powered Features
Crossbeam offers AI-powered features. They use OpenAI's API, and OpenAI is a listed subprocessor under Crossbeam's Data Processing Addendum (DPA). Below are examples of our two live features that use AI as of May 2026; we'll update as new features launch.
AI Chat
AI Chat is an in-product conversational interface that allows users to explore and navigate their ecosystem data using natural language. AI Chat is strictly read-only and assistive: it interprets data that the user already has access to within their existing permissions settings. It does not take actions on behalf of the user, such as editing sharing permissions, connecting with partners, managing team members, or modifying any account or integration settings. It is scoped to the authenticated user's access and permissions in Crossbeam.
AI Recommended Plays
AI Recommended Plays is an AI-powered feature that surfaces recommended partnership plays based on a user's ecosystem data and overlap signals. Like AI Chat, AI Recommended Plays operates within the user's existing permissions and does not modify data or take action on behalf of the user.
What AI Does Not Do
To be explicit about the boundaries of AI functionality in Crossbeam:
AI features do not make changes in the product on behalf of the user;
Crossbeam does not review or pre-verify AI-generated outputs before they are shown to a user. AI Chat responses are generated in real time in response to user queries.
Data Use and Model Training
Crossbeam's use of Customer Data in connection with AI features is limited as follows:
Crossbeam does not train any large language models using Customer Data
OpenAI processes prompts to generate real-time responses. OpenAI does not use Customer Data from Crossbeam to train its own models.
Inputs and outputs from AI Chat interactions are retained in Crossbeam's AWS infrastructure as part of the user's session history, subject to Crossbeam's standard data retention and deletion practices.
All Customer Data remains stored within Crossbeam's infrastructure on AWS US.
Matching Engine
Crossbeam's Matching Engine is not an AI feature and does not currently use machine learning. It is built around a deterministic, facts-based framework that does not currently employ AI or LLMs in any way. Future iterations of the Matching Engine may incorporate ML or AI; we will update this document to reflect those changes.
The Matching Engine is the core system that determines when records from different organizations represent the same underlying entity, governing when partner data may be shared. The Matching Engine only accesses data that customers elect to sync to Crossbeam from their CRM, it does not access data that has not been explicitly synced. Matching occurs before any sharing takes place, which allows Crossbeam to calculate overlap counts (for example, "you have 300 overlaps with this partner") without any underlying data being shared with that partner. The fields used for matching are limited identifiers: primarily company domain and email address for accounts, and email address for leads and contacts, though this may expand over time as the Matching Engine evolves.
The Matching Engine normalizes and compares key identifiers such as company domain, email address, DUNS number, and phone number (more fields will be added in future releases - this document will update to reflect changes). If data points align according to defined comparison rules, a match is declared. If they do not, no match is declared. There is no probabilistic or model-driven inference: the outcome is a deterministic "yes" or "no" based on facts.
In some cases, the Matching Engine improves match quality by drawing on aggregated, network-derived signals. For example, helping resolve a record where a customer's CRM is missing a standard identifier. These signals are built only from fields that customers have synced to Crossbeam, incorporate no Personal Data, and are never surfaced to customers or partners as a product output; they are used solely to enable matching. The signals used and the methods used to derive them may evolve over time.
Ecosystem Intelligence and Aggregated Insights
Ecosystem Intelligence (EI) is Crossbeam's proprietary analytics layer that generates insights and signals using aggregated, anonymized data across the Crossbeam network. EI is not an AI feature, but it is a meaningful part of how Crossbeam delivers the product, built on the network.
How aggregation and anonymization work
EI is built only from data that customers have synced to Crossbeam. Fields that are not synced are never pulled into Crossbeam and therefore cannot contribute to EI. The relevant control for EI is sync, not share. Whether or not a customer shares a given field with a particular partner does not affect EI computation.
If a customer is syncing CRM fields that contain Personal Data (see more on this in Section 8), then EI computation may use Personal Data (such as email addresses) as inputs to identify and aggregate records across the network. The outputs surfaced to customers (the insights and signals themselves) do not contain Personal Data. EI insights take two forms: insights on Accounts (for example, signals related to recent deal activity on a given company) and insights on Contacts. Contact insights are categorical tags such as 'Economic Buyer' or 'Decision Maker' derived from aggregated deal and activity patterns; no contact-level Personal Data fields (such as name or email address) are exposed through EI insights.
Each insight is only surfaced when a minimum number of underlying data points exist across distinct organizations. Below that threshold, no insight is shown. This is what makes an insight anonymous: it cannot be traced back to any single organization's contribution.
Access to EI follows the same permission model as all other data in Crossbeam. A user will only see an insight on an Account or Contact they already have access to either through their own synced data or through an explicit partner share. If a contact or account is not accessible to a user, neither the record nor any associated insights will be visible.
Delivering the Product and Improving the Product
A common customer question is whether Crossbeam uses data only to deliver the product to that customer, or also to improve the product more broadly.
For AI features (e.g. AI Chat and Recommended Plays), Customer Data is used only to fulfill real-time requests. It is not retained or used to improve the product.
For network-level features like Ecosystem Intelligence, the product value is inseparable from the aggregate network. These features deliver insights to a customer that are derived from the broader Crossbeam network, which is itself built from data contributed by all customers. Crossbeam's ability to deliver EI to any individual customer depends on the aggregated contributions of the network. Note that these features use only aggregated Customer Data and that no individual customer's data is ever surfaced in identifiable form to another customer through these features.
Personal Data
Crossbeam can be used without sharing any Personal Data with partners. If a customer chooses to include Personal Data fields (such as contact names, email addresses, titles, or phone numbers) in their CRM sync, Crossbeam's granular controls make it easy to exclude those fields from partner sharing at any time.
Crossbeam does not use Personal Data to create independent lead lists or to provide net-new Personal Data to other organizations.
Responsibility and Ethics
Crossbeam's current AI features are assistive: they help users navigate and interpret data they already have access to within their existing permissions. They do not introduce net-new data, expand sharing permissions, or surface Personal Data outside the scope of a user's own query.
Crossbeam does not use AI to score, profile, or make automated decisions that produce legal or similarly significant effects on individuals.
From a regulatory standpoint, as currently configured, Crossbeam's AI features are not subject to the automated decision-making restrictions under GDPR Article 22 because they do not produce decisions that have legal or similarly significant effects on individuals; a human user interprets and acts on all outputs. Under the EU AI Act, Crossbeam's AI features fall within the minimal risk tier: they are not used in any high-risk context enumerated under Annex III (such as employment, credit, education, or law enforcement), and they are not general-purpose AI systems subject to transparency obligations under Title IV. Under CCPA/CPRA, Crossbeam's AI does not engage in profiling to produce legal or similarly significant effects, and no automated decision-making opt-out right is triggered. Similarly, under the Colorado AI Act (SB 24-205) and analogous state-level frameworks, Crossbeam's AI does not constitute a high-risk AI system because it does not make or substantially influence consequential decisions about consumers.
Crossbeam expects AI capabilities to expand over time. This may include features that take actions in-product on behalf of users. For example, agentic workflows that coordinate multi-step partner interactions or initiate routine tasks. For any such capability, Crossbeam will: keep users in the loop for actions that materially affect data sharing or security; reassess each of the regulatory frameworks above before deployment; and update this Explainer to reflect the new capability and any new subprocessors involved.
Across current and future AI features, Crossbeam holds to a consistent set of principles: Customer Data is not used to train Crossbeam's own models or those of its AI providers; access to AI features follows the same permission model as the rest of the product.
Third-Party AI Governance
Crossbeam currently uses one external AI provider: OpenAI, accessed via API. OpenAI is a listed subprocessor under Crossbeam's Data Processing Addendum and is subject to contractual obligations governing how Customer Data may be processed. Under Crossbeam's agreement with OpenAI, Customer Data is processed to fulfill real-time requests and is not used to train OpenAI's models.
Crossbeam evaluates AI tools and providers as part of its vendor risk management program prior to deployment. This includes review of the provider's data processing terms, subprocessor status, security posture, and model training commitments before any integration with Customer Data is permitted. Ongoing vendor relationships, including OpenAI, are subject to periodic review. Any new AI provider that would process Customer Data would be added to Crossbeam's subprocessor list with advance notice to customers in accordance with the DPA.
More Information
For more detail on Crossbeam's data privacy and security practices, please refer to:
Crossbeam's Data Sharing White Paper: detailed guidance on data sharing controls
Crossbeam's Trust Center: comprehensive information on security and privacy practices
Crossbeam's DPA: the Data Processing Addendum governing Customer Data processing