Legal

Privacy & Cookie Policy

Plain English. No legalese walls. Last updated .

1. Who we are

Crowork is the data controller for this website. Contact us at hello@crowork.ai. We are a provider of AI automation services operating under EU jurisdiction.

2. What we collect and why

Contact & quote forms

When you submit a contact or quote request we collect your name, email address, company name (optional), and message.

  • Used solely to respond to your enquiry
  • Never sold or shared with third-party advertisers
  • Stored on our own EU-region infrastructure (Fly.io + Supabase)

Server logs

Standard web server logs (IP address, browser type, pages visited, timestamps) are retained for up to 30 days for security and performance diagnostics, then deleted. We do not use these logs to build profiles or identify individual visitors.

What we do NOT collect

We do not run Google Analytics, Meta Pixel, HubSpot tracking, or any third-party analytics or advertising scripts. We do not fingerprint browsers or track you across other websites.

3. Legal basis (GDPR Article 6)

Form submissions are processed under Article 6(1)(b) — processing necessary to take steps at your request prior to entering a contract. Server logs are processed under Article 6(1)(f) — our legitimate interest in operating a secure, stable service.

4. Infrastructure & data residency

All data is stored within the European Union:

  • Fly.io — application hosting, EU region
  • Supabase — database, EU (Frankfurt) region
  • Encryption at rest and in transit (TLS 1.2+)

No data is transferred to countries outside the EU/EEA without adequate safeguards.

5. Retention

Contact form submissions are retained for up to 24 months after your last interaction with us, or until you ask us to delete them (whichever comes first). Server logs are deleted after 30 days. Consent preferences (the cookie below) expire after 12 months.

6. Cookies

We set one cookie. That is it.

Name

Type

Expires

Purpose

cw-consent

Essential

12 months

Stores your cookie consent choice (localStorage — not a network cookie)

We do not use analytics cookies, advertising cookies, or any third-party cookies. The cw-consent value is stored in your browser's localStorage (not transmitted to our servers). You can clear it at any time by clearing your browser storage or clicking "Reject non-essential" in the banner below.

7. Your rights under GDPR

As a data subject in the EU/EEA you have the following rights:

  • Access — request a copy of the personal data we hold about you

  • Rectification — ask us to correct inaccurate data

  • Erasure ("right to be forgotten") — ask us to delete your data

  • Portability — receive your data in a machine-readable format

  • Objection — object to processing based on legitimate interest

  • Withdraw consent — at any time, without affecting the lawfulness of processing before withdrawal

To exercise any right, email hello@crowork.ai with the subject line "GDPR Request". We will respond within 30 days.

8. Changes to this policy

If we make material changes we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email if you have an active engagement with us.

Questions or requests?

Email us at hello@crowork.ai. We handle all data requests personally — no automated ticketing system.