Privacy Policy

This Privacy Policy explains how Crowdseek (“we”, “us”, “our”) collects, uses, shares, and protects your personal information when you use our website, app, and related services (together, the “Service”).

1) Who we are (Data Controller)

Controller: Crowdseek Ltd Registered in England & Wales No. 09560574

Registered address: 23 WESTFIELD PARK, REDLAND, BRISTOL, BS6 6LT, UNITED KINGDOM

Email: support@crowdseek.com

If you have questions about privacy, or you want to exercise your rights, contact us at support@crowdseek.com.

2) The information we collect

We collect information in three ways: (a) information you provide, (b) information collected automatically, and (c) information from third-party services you choose to use.

A) Information you provide

  • Account details: email address, login credentials (if applicable)
  • Your content: “Why”, goals, outcomes, progress entries, reflections, and other inputs you choose to add
  • Support & feedback: messages, form submissions, survey responses, bug reports
  • Preferences: communication preferences, settings, and choices you make in the Service

B) Information collected automatically

  • Usage and device data: pages/screens viewed, clicks/taps, session timing, referrer, approximate location (derived from IP), device/browser type, OS, language
  • Log data: IP address, timestamps, error logs and diagnostic data
  • Cookies and similar technologies: see Section 9

C) Information from third parties (optional)

If you connect third-party services (e.g., authentication providers), we may receive basic account identifiers needed to enable that connection.

3) Sensitive (special category) data

Some goal/progress content could reveal sensitive information (for example, health or mental wellbeing) if you choose to write it.

  • Please avoid sharing sensitive details unless necessary.
  • If you do share such information, we treat it carefully and (where required) rely on your explicit consent or another valid legal basis under applicable law.

4) Why we use your information (purposes)

We use your information to:

  • Provide the Service (create accounts, save your goals/progress, deliver features you request)
  • Personalise your experience (recommend pathways, outcomes, and content relevant to you)
  • Communicate with you (service messages, support replies, security notices)
  • Improve and protect the Service (analytics, debugging, performance, fraud prevention)
  • Meet legal obligations (compliance, lawful requests, record keeping)

5) Our legal bases (GDPR / UK GDPR)

We only process personal data when we have a lawful basis, including:

  • Contract: to provide the Service you request (e.g., account creation, storing your progress)
  • Consent: where you opt in (e.g., newsletters; certain cookies; sensitive content where required)
  • Legitimate interests: to improve, secure, and operate our Service (balanced against your rights)
  • Legal obligation: where we must comply with law (e.g., tax, security, lawful requests)

You can withdraw consent at any time (see Section 8).

6) How we share information

We do not sell your personal data.

We may share information in these limited situations:

A) Service providers (processors)

We use vetted providers to host, maintain, and operate the Service (for example: hosting, analytics, email delivery, customer support tools). They can only process data on our instructions and must protect it.

Typical categories of providers:

  • Cloud hosting / infrastructure
  • Analytics (privacy-focused where possible)
  • Email delivery / customer support
  • Error monitoring / performance tools

B) Aggregated or anonymised data

We may share aggregated and/or anonymised insights (e.g., usage trends) that cannot reasonably identify you.

C) Legal and safety

We may disclose information if required by law, or to protect rights, safety, and security (e.g., to prevent fraud or abuse).

D) Business changes

If we’re involved in a merger, acquisition, financing, or sale of assets, data may be transferred as part of that transaction. If that happens, we’ll take steps to protect your data and notify you where required.

7) International data transfers

If personal data is transferred outside the UK/EEA, we use appropriate safeguards such as:

  • Adequacy regulations where applicable, and/or
  • Standard Contractual Clauses (SCCs) and the UK Addendum, and/or
  • Other lawful mechanisms recognised by GDPR/UK GDPR.

8) Your rights (GDPR / UK GDPR)

Depending on your location, you have rights including:

  • Access: request a copy of your data
  • Rectification: correct inaccurate data
  • Erasure: request deletion (“right to be forgotten”)
  • Restriction: limit processing in certain cases
  • Portability: receive data in a usable format (where applicable)
  • Objection: object to processing based on legitimate interests
  • Withdraw consent: at any time (where processing is based on consent)

To exercise rights, email support@crowdseek.com.

We may need to verify your identity before completing your request.

Complaints

If you’re in the UK, you can complain to the Information Commissioner’s Office (ICO). If you’re in the EEA, you can complain to your local supervisory authority.

9) Cookies and analytics

We use cookies and similar technologies to:

  • keep the Service working (essential cookies),
  • understand usage and improve performance (analytics cookies, where enabled),
  • remember preferences.

Where required, we ask for consent before placing non-essential cookies.

Cookie choices: [link to your cookie settings / banner preferences page]

If you don’t yet have a cookie banner, add one before you run non-essential analytics/marketing tags.

10) Marketing communications

If you opt in, we may send newsletters and product updates. You can unsubscribe at any time via the link in the email or by contacting support@crowdseek.com.

Service/transactional messages (e.g., security or account notices) may still be sent when necessary.

11) Data retention

We keep personal data only as long as needed for the purposes described:

  • Account data and your content: kept while your account is active
  • Deletion requests: we delete or anonymise within a reasonable period (typically 30 days), unless we must retain certain records for legal or security reasons
  • Backups: may persist for a limited period before being overwritten

Retention can vary depending on legal requirements and operational needs.

12) Security

We use appropriate technical and organisational measures designed to protect personal data, such as access controls, encryption in transit (TLS), and monitoring for abuse. No method of transmission or storage is 100% secure, but we work to protect your data responsibly.

13) Children

The Service is not intended for children who are under the age at which they can legally consent to data processing in their country. If you believe a child has provided personal data, contact support@crowdseek.com and we’ll take appropriate steps.

14) Changes to this policy

We may update this policy from time to time. We’ll update the “Last updated” date and, where appropriate, notify you of significant changes.

15) Contact

For privacy questions or requests, contact: support@crowdseek.com