Privacy Policy

At CRAFTR, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or engage with us for professional technology services.

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you voluntarily provide when you:

Fill out contact forms or request consultations
Create an account or sign up for our services
Communicate with us via email, phone, or chat
Participate in surveys or provide feedback
Subscribe to newsletters or marketing communications

This information may include:

Name and contact information (email, phone number, address)
Company name and business details
Job title and professional information
Payment and billing information
Project requirements and specifications
Any other information you choose to provide

1.2 Information Collected Automatically

When you visit our website or use our services, we automatically collect certain information:

Device information (IP address, browser type, operating system)
Usage data (pages visited, time spent, click patterns)
Location information (general geographic location based on IP)
Cookies and similar tracking technologies
Referral source and navigation paths

1.3 Information from Third Parties

We may receive information from:

Business partners and referral sources
Public databases and social media platforms
Third-party service providers and integrations
Analytics and advertising platforms

1.4 Client Project Data

When providing services, we may process data on behalf of our clients, including:

End-user data for websites and applications we develop
Voice recordings and transcripts for AI voice agent projects
Customer data for automation and integration projects
Protected Health Information (PHI) for healthcare clients with appropriate safeguards

2. How We Use Your Information

We use collected information for the following purposes:

2.1 Service Delivery

Provide, maintain, and improve our services
Process transactions and send related information
Develop custom solutions tailored to your requirements
Provide customer support and respond to inquiries
Monitor and analyze service performance

2.2 Communication

Send project updates and service-related notifications
Respond to your questions and requests
Send marketing communications (with your consent)
Provide technical support and assistance

2.3 Business Operations

Comply with legal obligations and enforce our terms
Prevent fraud, security threats, and technical issues
Conduct research and analytics to improve our services
Manage business relationships and operations

2.4 Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process personal data based on:

Contract performance: To deliver services you've requested
Legitimate interests: To improve services and communicate with you
Consent: For marketing communications and optional features
Legal obligations: To comply with applicable laws

3. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

3.1 Service Providers

We share information with trusted third-party service providers who assist in business operations:

Cloud hosting and infrastructure providers
Payment processors and billing services
Email and communication platforms
Analytics and monitoring tools
Customer relationship management (CRM) systems

These providers are contractually obligated to protect your information and use it only for specified purposes.

3.2 Business Transfers

Information may be transferred in connection with a merger, acquisition, sale of assets, or similar business transaction. You will be notified of any such change in ownership or control.

3.3 Legal Requirements

We may disclose information when required by law or to:

Comply with legal processes, court orders, or government requests
Enforce our terms and conditions
Protect our rights, property, or safety
Prevent fraud or security threats

3.4 With Your Consent

We may share information with other parties when you provide explicit consent or direction to do so.

4. Data Security

4.1 Security Measures

We implement comprehensive security measures to protect your information:

Encryption of data in transit (TLS/SSL) and at rest
Regular security audits and vulnerability assessments
Access controls and authentication mechanisms
Employee training on data protection practices
Incident response and breach notification procedures

4.2 HIPAA Compliance

For healthcare clients, we implement HIPAA-compliant safeguards:

Business Associate Agreements (BAAs)
Administrative, physical, and technical safeguards
Encrypted storage and transmission of PHI
Access logging and audit controls
Regular risk assessments and compliance reviews

4.3 SOC 2 Alignment

We align our practices with SOC 2 principles:

Security: Protection against unauthorized access
Availability: System reliability and uptime
Confidentiality: Protection of sensitive information
Privacy: Collection and use aligned with commitments

4.4 Data Breach Notification

In the event of a data breach affecting personal information, we will notify affected individuals and relevant authorities as required by applicable law, typically within 72 hours of discovery.

5. Your Rights and Choices

5.1 GDPR Rights (EEA Residents)

If you are in the European Economic Area, you have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of your data ("right to be forgotten")
Restriction: Limit how we process your data
Portability: Receive your data in a portable format
Objection: Object to processing based on legitimate interests
Withdraw consent: Withdraw consent for processing (where applicable)

5.2 CCPA Rights (California Residents)

California residents have the right to:

Know what personal information is collected, used, and shared
Delete personal information held by businesses
Opt-out of the sale of personal information (we do not sell personal information)
Non-discrimination for exercising privacy rights

5.3 Marketing Communications

You can opt-out of marketing emails by clicking the "unsubscribe" link in any marketing email or by contacting us directly. You will continue to receive service-related communications.

5.4 Cookies and Tracking

You can control cookies through your browser settings. Note that disabling cookies may affect website functionality. We respect Do Not Track (DNT) signals where technically feasible.

5.5 Exercising Your Rights

To exercise any of these rights, contact us at privacy@craftr.co.uk. We will respond to verified requests within 30 days (or as required by applicable law).

6. Data Retention

We retain personal information for as long as necessary to:

Fulfill the purposes outlined in this Privacy Policy
Comply with legal, accounting, or reporting requirements
Resolve disputes and enforce our agreements
Maintain business records and operational data

Retention periods vary based on data type and purpose:

Account information: Duration of relationship plus 7 years
Project data: As specified in service agreements
Marketing data: Until consent is withdrawn
Financial records: As required by tax and accounting laws

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

For transfers from the EEA, we use appropriate safeguards such as:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions for countries with equivalent protections
Other legally approved transfer mechanisms

8. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately so we can delete it.

9. Third-Party Links and Services

Our website and services may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

10. Cookies and Tracking Technologies

10.1 Types of Cookies We Use

Essential cookies: Required for website functionality
Analytics cookies: Help us understand how visitors use our site
Functional cookies: Remember your preferences and settings
Marketing cookies: Track effectiveness of marketing campaigns

10.2 Third-Party Analytics

We use third-party analytics services including:

Google Analytics (with anonymized IP addresses)
Vercel Analytics for performance monitoring
Other analytics tools as specified in our cookie notice

11. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

Posting the updated policy on our website with a new "Last Updated" date
Sending email notifications for significant changes
Requiring acceptance for material changes affecting your rights

Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Data Protection Officer
CRAFTR, Inc.
Email: privacy@craftr.co.uk
Address: [Your Business Address]

12.1 EU Representative

For GDPR-related inquiries from the European Economic Area, you may contact our EU representative at: [EU Representative Contact Information]

12.2 Supervisory Authority

If you are in the EEA and believe we have not addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

This Privacy Policy is designed to comply with GDPR, CCPA, HIPAA, and other applicable privacy laws. By using our services, you acknowledge that you have read and understood this Privacy Policy.