This Privacy Policy explains how CrowdInform OÜ (“CrowdInform”, “we”, “us”, “our”) collects, uses, shares, and protects personal data when you use www.crowdinform.com (the “Website”) and related features, including the Admin Panel for verified crowdfunding platforms.
By using our services, you agree to the collection and use of information in accordance with this Policy.
Controller: CrowdInform OÜ
Registration code: 16361852 (Republic of Estonia)
Contact email: [email protected]
Postal address: Harju maakond, Tallinn, Kesklinna linnaosa, Veskiposti tn 2-1002, 10138, Estonia
We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Estonian Personal Data Protection Act.
What personal data we collect and from whom.
How and why we use personal data (lawful bases).
Where it’s stored, how long we keep it, and with whom we share it.
Your rights and how to exercise them.
Personal data: Any information relating to an identified or identifiable person (e.g., name, email, IP address).
Special category data: Sensitive data (e.g., health, ethnicity, political opinions). We do not intentionally collect this.
Processor: A service provider that processes personal data on our behalf.
Admin Panel: A restricted area for verified crowdfunding platforms (CFPs) to manage their profiles, projects, news, and FAQs.
Google Sign-In (OAuth): If you register or log in with Google, we receive your email address and display name; we may also receive your profile avatar if you choose to provide/allow it.
Email/Password sign-up: If you register directly, we collect email and password (stored hashed).
Profile fields: username (may mirror display name), avatar (optional).
Reviews, comments, ratings, FAQs, platform/project submissions (for verified CFP Admin Users), and any files or text you upload.
For platform-owner verification we may collect proof of ownership/representation (e.g., corporate records, domain/email verification, signed authorization) and authorized user contact details.
Your email and preferences related to receiving analytical content, news, product updates, and service messages.
Device/connection data (IP address, device identifiers), browser and OS type/version, language, time zone.
Usage data (pages viewed, clicks, scrolls, referral URLs, session duration, error logs).
Collected via cookies, local storage, pixels, and analytics tags (see Cookie Policy and Analytics).
We do not intentionally collect special category data or criminal-offence data. If you post such data inadvertently, we will delete it where feasible.
Purpose | Examples | Legal basis |
---|---|---|
Provide the Website & account | Account creation/login (Google OAuth or email/password), maintain profiles, enable Reviews/comments, CFP Admin Panel | Contract (Art. 6(1)(b)) and Legitimate interests to run and secure our services (Art. 6(1)(f)) |
Verification of CFP ownership | Review documents, authorize Admin Users, manage access | Legitimate interests; in some cases Legal obligation |
Service communications | Security alerts, policy updates, feature notices | Legitimate interests / Legal obligation |
Email analytical content & news | Market analysis, platform statistics, newsletters, educational articles | Legitimate interests (informational content relevant to users) and/or Consent where required. Opt-out anytime by contacting us at [email protected] (see §9). |
Fraud/abuse prevention & security | Detect and prevent misuse; protect Users and CFPs | Legitimate interests |
Website analytics & improvement | Measure performance, fix errors, improve UX | Legitimate interests |
Legal & compliance | Respond to lawful requests, enforce terms | Legal obligation / Legitimate interests |
We use cookies and similar tools to remember your settings, keep you signed in, secure the service, and measure performance.
Authentication/session cookies (keep you logged in, restore sessions).
Security cookies (detect malicious activity).
Preferences (e.g., language).
Analytics (site performance, usage patterns).
You can manage cookies in your browser. Blocking some cookies may impact functionality.
Learn more and manage choices: See our Cookie Policy (below in §13) and, where implemented, our cookie banner settings.
Google Analytics – website traffic and performance measurement.
Yandex.Metrika – session analytics and marketing attribution.
These providers may set cookies or collect identifiers. You can opt out of Google Analytics via the GA Opt-out browser add-on. For Yandex.Metrika, see Yandex’s opt-out tools. We use analytics data to understand aggregate usage and improve our services; we do not attempt to identify individual users from analytics data.
No payment processing on the Website. We do not collect payment card data and do not use payment service providers (PSPs) via the Website.
No sale of personal data. We do not sell your personal data.
No automated decisions with legal/major effects.
We may send you analytical content, news, market updates, platform statistics, and educational materials relevant to crowdfunding.
If you do not wish to receive these emails, contact us at [email protected] and we will stop. (If we later add an unsubscribe link, you may also use it.)
Service/transactional emails (e.g., security alerts, policy changes) may still be sent as necessary.
We share data only as needed to operate and improve our services, or as required by law:
Service providers (processors):
Hosting & infrastructure (store the Website, databases, backups).
Email/newsletter provider (e.g., MailPoet) to send communications.
Authentication provider (Google OAuth for sign-in).
Analytics providers (Google Analytics, Yandex.Metrika).
Processors act under our instructions and appropriate data-processing agreements.
Legal and compliance: Courts, regulators, or law enforcement if required by law.
Business transfers: In the event of a reorganization, merger, or sale, data may transfer to the successor subject to this Policy (we will notify you where required).
We do not disclose your Reviews/comments privately; however, content you publish may be visible publicly on the Website.
Your data may be processed outside the EEA (e.g., by Google). Where we transfer data internationally, we rely on GDPR-approved safeguards such as Standard Contractual Clauses or other lawful mechanisms, and assess partner protections.
We use administrative, technical, and organizational measures appropriate to the risk (e.g., access controls, encryption in transit, hashed passwords, logging). No system is 100% secure; please keep your credentials confidential and notify us of any suspected breach.
What are cookies? Small text files placed on your device to store information.
Types we use
Authentication & session cookies: keep you signed in and restore sessions.
Security cookies: help detect malicious activity.
Preferences cookies: remember language and interface choices.
Performance/Analytics cookies: help us analyze traffic and improve features.
Third-party cookies: Google Analytics and Yandex.Metrika may set cookies. Social media plugins (e.g., share/follow buttons) may also set cookies if you interact with them; your use of those features is governed by the respective third party’s privacy policy.
Your choices:
Manage cookies via your browser settings (may impact functionality).
Use opt-out tools provided by analytics vendors (e.g., Google Analytics opt-out add-on; Yandex opt-out).
Where available, set preferences through our cookie banner.
Our Website may include features such as “Share” or “Follow” buttons (e.g., Facebook, LinkedIn, X/Twitter, YouTube). These may collect your IP address and page visits and may set a cookie to function properly. Your interactions are governed by the third party’s privacy policies.
We keep personal data only as long as necessary for the purposes in §5, including to meet legal, accounting, or reporting requirements. Typical periods (subject to change as operationally needed):
Account data: while your account is active; if you request deletion, we delete or anonymize within a reasonable time (backups may persist for a limited period).
CFP verification records: for the duration of Admin access and up to 3 years thereafter for audit/compliance.
Marketing contact data: until you opt out or your account is deleted.
Logs/analytics: typically 12–24 months in aggregate form; shorter for raw logs unless needed for security.
User-generated content (Reviews/comments): retained while published or until you remove it or request removal (see §17).
Our services are not directed to children under 16. We do not knowingly collect personal data from children under 16.
Subject to conditions and exceptions under GDPR, you have the right to:
Access your personal data and receive a copy.
Rectify inaccurate or incomplete data.
Erase your data (“right to be forgotten”).
Restrict processing.
Object to processing based on legitimate interests (including our emails with analytical content and news).
Data portability (receive your data in a structured, commonly used format).
Withdraw consent at any time where processing is based on consent (withdrawal doesn’t affect prior lawful processing).
How to exercise: Email [email protected] from your registered address. We may need to verify your identity.
Complaints: You may lodge a complaint with your local authority or the Estonian Data Protection Inspectorate. We encourage you to contact us first so we can resolve your concern.
Our Website may link to third-party sites. We are not responsible for their privacy practices. Please review their privacy policies.
We may update this Policy from time to time. We will post the updated version and adjust the “Last updated” date above. Material changes may also be communicated by email or in-product notice.
Questions, requests, or opt-outs: [email protected]