Privacy Policy

Last updated: March 18, 2026

1. Who We Are

This Privacy Policy explains how Crawlly AI collects, uses, and protects personal information when you use our website and application. Crawlly AI operates from 1309 Coffeen Avenue, Wyoming, United States.

2. Information We Collect

We collect information in the following categories:

  • Account and profile data: email address, full name, display name, company name, niche, and website URL.
  • Social sign-in data: basic identity data supplied by identity providers you choose to use, such as Google account email, display name, avatar, and provider identifiers.
  • Workspace and site data: workspace names, site domains, site labels, and settings you configure.
  • Audit and report data: audit run configuration, technical findings, score outputs, roadmap items, and LLM visibility prompt/test data.
  • Billing and subscription data: plan status, usage, Stripe customer/subscription references, invoice period metadata, and top-up purchase records.
  • Affiliate attribution data: referral identifiers (for example, via parameters and Endorsely referral identifiers) used to attribute partner commissions.
  • Support and communications data: contact form submissions, support conversations, transactional email delivery data, and lifecycle messaging preferences.
  • Technical and security data: IP/device/network metadata, service logs, and error diagnostics from our infrastructure providers.

3. How We Use Information

We use information to:

  • Provide, operate, secure, and improve Crawlly AI.
  • Create and manage user accounts and workspace access.
  • Run audits, generate reports, and maintain historical comparisons.
  • Process subscriptions, top-ups, and account billing events.
  • Attribute affiliate referrals and prevent fraud or abuse.
  • Send transactional emails, support confirmations, service notices, and account lifecycle messages.
  • Provide customer support and important service notices.
  • Comply with legal, tax, accounting, and regulatory obligations.

4. Legal Bases (Where Applicable)

Depending on your location, we process data under one or more of these legal bases:

  • Performance of a contract (providing the service you requested).
  • Legitimate interests (security, fraud prevention, product reliability).
  • Consent (for optional cookie categories and related processing).
  • Compliance with legal obligations.

5. Sharing and Processors

We do not sell personal information. We share data only with service providers required to operate the platform, including:

  • Supabase (authentication, database, backend functions).
  • Stripe (payments, billing, subscriptions).
  • Google (optional OAuth sign-in and identity verification).
  • Google Tag Manager (consent-based analytics and tag delivery).
  • Loops (contact management, support confirmations, and transactional/lifecycle email delivery).
  • Endorsely (affiliate referral attribution).
  • Hosting/infrastructure providers used to serve the app securely.

6. Google OAuth Data

If you sign in with Google, we use the basic account data returned to authenticate your account, create or update your profile, secure access, and support account recovery. We do not use Google OAuth to access Gmail, Drive, Calendar, or other non-identity Google data in the current product flow.

7. Cookies and Similar Technologies

We use cookies and local storage for essential app functionality, preferences, affiliate attribution, and optional Google Tag Manager-controlled analytics or marketing tags when you enable those categories. See our Cookie Policy for details.

8. International Transfers

Your information may be processed in countries other than your own. Where required, we rely on contractual and organizational safeguards for cross-border transfers.

9. Data Retention

  • Account/profile data is retained while your account is active.
  • Audit and workspace data is retained until deletion is requested or no longer needed.
  • Billing and transaction records may be retained to satisfy legal and accounting obligations.
  • Support and contact records may be retained to manage support history, security, and compliance.
  • Security logs are retained for operational and fraud-prevention purposes.

10. Security

We use reasonable technical and organizational measures to protect your data, including encrypted transport and access controls. No internet-based system can be guaranteed 100% secure.

11. Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access, correct, or delete your personal information.
  • Request portability of your data.
  • Object to or restrict certain processing.
  • Withdraw consent for optional processing.

You can also revoke Google OAuth access through Google Account permissions.

12. Children's Privacy

Crawlly AI is not intended for children under 16, and we do not knowingly collect personal information from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material updates will be reflected by revising the "Last updated" date on this page.

14. Contact

For privacy questions or rights requests, contact contact@crawlly.ai or write to Crawlly AI, 1309 Coffeen Avenue, Wyoming, United States.