Privacy Policy

This Privacy Policy explains how Cragfall collects, uses, shares, and protects personal information in connection with our website and services. It’s written plainly — if you need more detail, contact privacy@cragfall.com or see our Compliance & Privacy page for additional information.

What we collect

We collect data you provide (account, billing, support requests), data about your use of our services (logs, IP address, device and browser details, feature usage), and information from third parties (payment processors, integrations, and analytics providers). For features that discover SaaS discounts we process subscription and billing metadata (not raw card data) to generate recommendations; such processing is performed under customer direction and may be aggregated or anonymized for product improvements.

Why we collect it

We use personal information to deliver and improve our services, process payments, communicate with you (account and product notices), provide support, detect and prevent fraud, and to meet legal obligations. Aggregated or de-identified data may be used for analytics and product development. Where we analyze subscription or billing metadata to surface discounts and optimization opportunities, that work is limited to the purposes of the service and to improving recommendations; we do not use this data for unrelated commercial resale.

How we share data

We do not sell personal information. We share data with trusted service providers (hosting, payments, email, analytics) who act only on our instructions. We may disclose information to comply with legal obligations, respond to valid law enforcement requests, or to protect Cragfall’s rights and safety. For customers using Cragfall in a business capacity, we may process Customer Data under a Data Processing Addendum; see Compliance & Privacy for details.

International transfers

Cragfall operates internationally and may transfer personal information across borders. When transfers occur, we rely on lawful safeguards such as standard contractual clauses or other mechanisms required by law to protect your data.

Your rights and choices

Subject to local law, you can access, correct, export, restrict, or request deletion of your personal information. You can opt out of marketing emails via the unsubscribe link. To exercise rights or ask questions, contact privacy@cragfall.com. For account actions we may need to verify your identity before completing requests.

Retention and security

We retain personal data only as long as necessary for the purposes described or as required by law. We use industry-standard safeguards — encryption in transit, access controls, and regular security assessments — but no system is perfectly secure.

Data subject rights & compliance

Where applicable (for example under the GDPR, CCPA/CPRA, PIPEDA, or similar laws), you have additional rights. Cragfall supports data subject requests and contractual protections (such as DPAs and SCCs) for customers and partners; see Compliance & Privacy for how we meet specific regulatory requirements.

Children

Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13; if we learn that we have collected such information we will take steps to delete it.

Changes and effective date

We may update this policy from time to time; material changes will be posted here with an updated effective date and may be communicated by email or in-product. Effective date: December 29, 2025.

Contact

Questions, requests, or concerns? Email privacy@cragfall.com. For security incidents, contact security@cragfall.com. This summary is informational and not legal advice.