Your trust is the product. This Privacy Policy describes how Crawlzo handles personal data when you use our website, sign up, talk to our team, or rely on our platform, plus the rights you have under laws like the GDPR and CCPA. We collect as little as we can, keep it only as long as we must, and never sell it.
Scope of this policy
This Privacy Policy explains how Crawlzo (“Crawlzo,” “we,” “us”) collects, uses, discloses, and protects personal data. It applies to our marketing website at crawlzo.com, our dashboards and documentation, our communications with prospects and customers, and our role in operating the Crawlzo web data platform (the “Services”).
We designed the Services around data minimization: our default is to collect as little personal data as possible and to retain Output for no longer than necessary to deliver it. This policy describes the personal data we do handle and the rights you have over it.
Personal data we collect
We collect personal data in the following categories:
| Category | Examples | Source |
|---|---|---|
| Identity & contact | Name, work email, company, job title, phone | You, when you contact us or sign up |
| Account | Credentials, API keys, roles, preferences | Created when you onboard |
| Billing | Billing contact, address, tax ID, payment status | You and our payment processor |
| Usage & technical | IP address, device/browser, logs, request metadata | Collected automatically |
| Communications | Emails, support tickets, call notes | You, when you reach out |
We do not intentionally collect special categories of personal data (such as health, biometric, or political data) about our website visitors or customers, and we ask that you not submit such data to us except where expressly agreed in an engagement with appropriate safeguards.
How we use personal data
We use personal data to:
- provide, operate, secure, and improve the Services;
- respond to inquiries, scope engagements, and provide quotes and support;
- process payments, manage accounts, and prevent fraud;
- send service, security, and (where permitted) marketing communications you can opt out of;
- monitor performance, debug, and conduct analytics to understand and improve usage; and
- comply with legal obligations and enforce our terms and policies.
We do not sell personal data, and we do not use the content of customer Output to train general-purpose models for other customers.
Legal bases (GDPR / UK GDPR)
Where the GDPR or UK GDPR applies, we rely on the following legal bases for processing personal data:
- Contract. To provide the Services and perform our agreements with you.
- Legitimate interests. To secure and improve the Services, conduct B2B marketing, and run our business, balanced against your rights.
- Consent. Where required, for example certain cookies and marketing. You may withdraw consent at any time.
- Legal obligation. To comply with tax, accounting, and other legal requirements.
Cookies & analytics
Our website uses a minimal set of cookies and similar technologies: strictly necessary cookies that make the site work, and, where you consent, analytics that help us understand aggregate usage. We keep third-party trackers to a minimum and do not use cross-site advertising trackers.
You can control cookies through your browser settings and, where presented, through our consent controls. Disabling some cookies may affect site functionality. We honor recognized opt-out signals such as Global Privacy Control where legally required.
How we share personal data
We share personal data only as needed and never sell it. Recipients include:
- Subprocessors and service providers. Cloud hosting, infrastructure, payment processing, email, and support tooling, bound by contract and processing only on our instructions. Our current subprocessors are listed in our Data Processing Addendum.
- Professional advisors such as auditors, lawyers, and accountants under confidentiality obligations.
- Legal and safety. Where required by law, legal process, or to protect rights, safety, and the integrity of the Services.
- Business transfers in connection with a merger, acquisition, or sale of assets, subject to this policy.
International data transfers
We operate across the EU and US and may transfer personal data across borders. Where we transfer personal data out of the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK Addendum), together with supplementary technical and organizational measures.
For customers with residency requirements, we offer EU and US data residency options so processing and storage can be pinned to a region. Contact support@crawlzo.com to scope residency for your engagement.
Data retention
We retain personal data only as long as necessary for the purposes described in this policy, to comply with legal obligations, resolve disputes, and enforce agreements. Account and billing records are typically retained for the life of the relationship plus the period required by tax and accounting law. Operational logs are retained for a limited period for security and debugging, then deleted or anonymized.
How we protect your data
We apply technical and organizational measures appropriate to the risk, including encryption in transit (TLS 1.3) and at rest (AES-256), least-privilege access controls, network segmentation, logging and monitoring, vulnerability management, and a documented incident-response process. We review these controls regularly. For more detail, see our Compliance page.
No method of transmission or storage is perfectly secure. If we become aware of a personal-data breach affecting you, we will notify you and the relevant authorities as required by law and without undue delay. Report suspected vulnerabilities to support@crawlzo.com.
Your privacy rights
Depending on where you live, you may have rights to access, correct, delete, port, restrict, or object to the processing of your personal data, and to withdraw consent. Under the GDPR and similar laws these rights include the right to lodge a complaint with a supervisory authority. As we are established in Estonia, our lead authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee), though you may also contact the authority in your own country.
Under the California Consumer Privacy Act (CCPA/CPRA), California residents have the right to know, delete, correct, and opt out of “sale” or “sharing” of personal information, and the right not to be discriminated against for exercising these rights. We do not sell or share personal information as those terms are defined under California law.
To exercise any right, email support@crawlzo.com. We will verify your request and respond within the timeframes required by applicable law. You may use an authorized agent where the law permits. If you are an end user whose data was processed on behalf of one of our customers, please direct your request to that customer, the controller; we will assist them as their processor.
Children’s privacy
The Services are intended for businesses and professionals and are not directed to children. We do not knowingly collect personal data from children under 16. If you believe a child has provided us personal data, contact us and we will delete it.
Changes to this policy
We may update this Privacy Policy to reflect changes in our practices or the law. When we make material changes, we will update the effective date and, where appropriate, provide additional notice. We encourage you to review this policy periodically.
Contact & data protection officer
For privacy questions, to exercise your rights, or to reach our Data Protection Officer, contact us at support@crawlzo.com, or write to Crawlzo, Attn: Data Protection, Tallinn, Estonia. Crawlzo is established in the EU, so no EU representative is required; if you are in the UK and we have appointed a UK representative, their details are available on request.