Privacy Policy

1. Introduction

Welcome to Crateflow. We take your privacy seriously and comply with applicable data protection laws, including the EU General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, process, and store your personal data when you use our website or services, especially when you request a demo or contact us.

2. Controller and Contact

Crateflow GmbH
C/O Digital Hub Worms e.V.
Adenauerring 1, 67547 Worms, Germany
Phone: +49 1575 5181708
Email: info@crateflow.ai

We are responsible for determining the purposes and means of the processing of personal data on this website. If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at the email address above. We aim to respond to rights requests within 30 days and may request reasonable proof of identity.

3. Hosting on Microsoft Azure

Our website and related infrastructure are hosted on Microsoft Azure servers. Microsoft Corporation is located at One Microsoft Way, Redmond, WA 98052-6399, USA. Personal data collected through our website may be processed on servers operated by Microsoft (under a data processing agreement). We have a legitimate interest (Art. 6(1)(f) GDPR) in reliable and secure hosting. For more information, please see Microsoft's privacy policy: Microsoft Privacy Statement.

4. Data Collection and Processing

We collect personal data in the following ways:

• Data You Provide: When you voluntarily submit information (e.g., via contact forms or email). This typically includes your email address and any context you provide so we can respond to demo/lead requests. We process this for pre-contractual steps and legitimate interests in handling B2B enquiries.
• Automatically Collected Data: Our server (or Azure's server) automatically logs certain technical data such as your IP address, browser type, operating system, referral URLs, and timestamps for security and fraud prevention.

The lawful bases for processing your personal data may include consent (Art. 6(1)(a) GDPR) for optional tools like Calendly, contract/pre-contractual steps (Art. 6(1)(b) GDPR) when you request a demo or enter into discussions, legal obligations (Art. 6(1)(c) GDPR), or our legitimate interests (Art. 6(1)(f) GDPR) in securing our services and responding to B2B enquiries.

5. Cookies and Similar Technologies

We use cookies and similar technologies primarily for essential functionality. Our Cookie Policy provides further details:

Cookie Policy

This Cookie Policy explains how Crateflow uses cookies and similar technologies to recognize you when you visit our website at {domain}.

1. What Are Cookies? Cookies are small text files stored on your device to help websites function, improve user experience, and collect usage data.
2. Types of Cookies We Use:
   • Essential Cookies: Necessary for the website to function (e.g., session cookies, Next.js auth cookies). These do not require consent.
   • Third-Party Cookies: Calendly may set its own cookies. Each third party is responsible for its own cookie policies.
3. How Can You Manage Cookies? You can set your browser to reject or delete cookies. However, this may affect certain features of the website.
4. Changes to This Cookie Policy We may update our Cookie Policy to reflect changes in the cookies we use or for legal reasons. Please check back regularly.

If you have any questions about our use of cookies or other technologies, please email us at info@crateflow.ai.

6. Third-Party Services

We may use third-party services like Calendly (for scheduling) and managed database/hosting providers (e.g., Microsoft Azure, MongoDB Atlas). These services may collect personal data or set their own cookies according to their respective privacy policies and may transfer data to the USA. We only load Calendly after you opt in. Please consult their individual privacy and cookie policies for more information:

• Calendly: https://calendly.com/privacy

7. Data Retention

We retain contact/lead data only as long as needed to handle your enquiry and related business development, then delete or anonymize it. Server logs used for security are typically kept short term. Calendly data is stored by Calendly per their policy. You can request deletion at any time via info@crateflow.ai.

8. Your Rights

Under the GDPR, you have the right to request:

• Access: Information about the personal data we hold about you.
• Rectification: Correction of any inaccurate or incomplete data.
• Erasure: Deletion of your personal data when it is no longer needed or if you withdraw consent (where applicable).
• Restriction: Restriction of processing under certain conditions.
• Data Portability: Transfer of your data to you or a third party in a machine-readable format.
• Objection: To object to processing based on legitimate interests or direct marketing.

To exercise any of these rights, please contact us at info@crateflow.ai. We respond without undue delay, typically within 30 days. You also have the right to lodge a complaint with a supervisory authority if you believe your rights have been infringed.

9. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes SSL/TLS encryption for data transmission and secure server environments.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. We encourage you to review this page periodically to stay informed about how we protect your data.

Last updated: March 09, 2025