Privacy Policy

1. Data controller

The data controller responsible for processing personal data in connection with the Service is the entity operating DataCroco as identified on our website or in contractual documents. For privacy requests, use the contact details provided in the “Contact” section below.

2. Categories of personal data we process

We may process the following categories of data, depending on how you use the Service: account and identity data (such as name, email address, and profile identifiers provided through your sign-in provider); authentication and security data (such as OAuth tokens and session identifiers, where applicable); usage and service data (such as preferences, feature usage, and support interactions); analytics and property data you choose to connect (for example, metrics and reports from Google Analytics and Google Search Console made available through authorized, read-only integrations); technical and log data (such as IP address, device or browser type, timestamps, and diagnostic logs); and communications you send to us (such as emails or in-product messages).

We do not require you to provide special categories of personal data (such as health data). Please do not send such information unless we explicitly request it.

3. Purposes and legal bases (GDPR)

We process personal data for the following purposes, relying on the legal bases indicated:

Providing and operating the Service, including authentication, account management, dashboards, insights, and chat features (performance of a contract; where no contract exists, our legitimate interests in delivering and improving the Service).

Security, fraud prevention, abuse detection, and protecting the integrity of the Service (legitimate interests; where required, compliance with legal obligations).

Product analytics and service improvement in aggregated or pseudonymized form where possible (legitimate interests; you may object as described in your rights).

Communications relating to the Service (such as technical notices and, where permitted, product updates) (contract or legitimate interests; marketing communications only with consent or as permitted by law).

Compliance with applicable laws and responding to lawful requests from public authorities (legal obligation or legitimate interests, as applicable).

4. Cookies and similar technologies

We use cookies and similar technologies where necessary for the operation and security of the website (for example, session management), and, where applicable, to remember preferences or measure audience. You can control cookies through your browser settings. Blocking essential cookies may affect certain features.

5. Recipients and processors

We share personal data only with service providers who assist us in hosting, infrastructure, email delivery, analytics of our own product, customer support tools, and security monitoring, subject to appropriate contractual safeguards. We may disclose information if required by law, court order, or governmental request, or to establish, exercise, or defend legal claims.

We do not sell your personal data as “sale” is commonly understood in privacy laws, and we do not share personal data for cross-context behavioral advertising unless we obtain your consent where required.

6. International transfers

If we transfer personal data outside the European Economic Area (EEA), the United Kingdom, or Switzerland, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or other mechanisms recognized by applicable law, unless an adequacy decision applies.

7. Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law. Criteria include the duration of your account, legal obligations, dispute resolution, and security needs. When retention ends, we delete or anonymize data in accordance with our internal procedures.

8. Your rights

Depending on your location and applicable law (including the GDPR if you are in the EEA/UK), you may have the right to: access your personal data; rectify inaccurate data; erase data in certain circumstances; restrict processing; receive your data in a portable format where technically feasible; object to processing based on legitimate interests; withdraw consent where processing is consent-based; and lodge a complaint with a supervisory authority.

To exercise your rights, contact us using the details below. We may need to verify your identity before responding. You also have the right to lodge a complaint with your local data protection authority.

9. Security

We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, loss, or alteration. No method of transmission over the Internet is completely secure; we cannot guarantee absolute security.

10. Children

The Service is not directed at children under 16 (or the minimum age required in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have collected such data, please contact us and we will take steps to delete it.

11. Third-party services

The Service may integrate with third-party platforms (such as Google) under your control. Their processing is governed by their own terms and privacy policies. We encourage you to review those documents and your account permissions.

12. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the “Last updated” date. Where changes are material and required by law, we will provide additional notice (for example, by email or in-product message). Continued use of the Service after the effective date constitutes acknowledgment of the updated Policy where permitted by law.

13. Contact

For privacy-related requests or questions about this Policy, please contact us through the contact information published on our website (for example, a dedicated privacy or support email). We will respond within a reasonable period in line with applicable law.

This Policy is provided for transparency. It does not constitute legal advice. If you need advice tailored to your situation, consult a qualified professional.