← Back to dashboard

Privacy Policy

Last updated: March 2026

1. Data Controller

CrowAgent Ltd (Company No. 17076461), registered at Apex Plaza, Forbury Road, Reading RG1 6SP, is the data controller for personal data processed through the CrowAgent platform.

Contact us at hello@crowagent.ai for any privacy-related enquiries.

2. What Data We Collect

  • Name and email address — collected when you create an account or contact us.
  • Property postcodes — submitted by you when using EPC lookup and MEES compliance tools.
  • Usage analytics — feature usage, page views, and session data collected via PostHog (only with your explicit consent via our cookie consent banner).
  • Error logs — anonymised crash reports and performance traces collected by Sentry to maintain platform stability.
  • Billing data — Stripe customer ID and subscription status. We never store raw card numbers.

3. Legal Basis for Processing

  • Contract performance (Article 6(1)(b)) — processing of your account data, property data, and billing data is necessary to provide the CrowAgent service you signed up for.
  • Legitimate interests (Article 6(1)(f)) — error monitoring via Sentry and basic service security processing are based on our legitimate interest in maintaining a reliable, secure platform.
  • Consent (Article 6(1)(a)) — product analytics via PostHog are only activated when you accept analytics cookies in our cookie consent banner. You may withdraw consent at any time.

4. Data Processors

We use the following third-party processors under Article 28 UK GDPR agreements:

ProcessorPurposeLocation
Supabase Inc.Database, authentication, and file storageEU (AWS eu-west-2)
Resend Inc.Transactional email (welcome, billing)US (IDTA in place)
PostHog Inc.Product analytics — only with user consentEU cloud
Functional Software (Sentry)Error monitoring and crash reportingEU
Stripe Inc.Payment processing and subscription billingUS (IDTA in place)

5. Retention Periods

  • Account data — retained for the duration of your subscription, then for 7 years following account closure to satisfy UK financial record-keeping obligations.
  • Analytics data — retained for 13 months from collection (PostHog default).
  • Error logs — retained for 90 days (Sentry default).
  • EPC lookup cache — postcode results cached for 30 days, then deleted automatically.

6. Your Rights Under UK GDPR

  • Access (Article 15) — request a copy of all personal data we hold about you.
  • Erasure (Article 17) — request deletion of your data, subject to legal retention requirements.
  • Rectification (Article 16) — correct inaccurate data we hold.
  • Portability (Article 20) — receive your data in a structured, machine-readable format.
  • Objection (Article 21) — object to processing based on legitimate interests.
  • Restriction (Article 18) — limit how we process your data in certain circumstances.

To exercise any right, email hello@crowagent.ai. We will respond within 30 days. You may also lodge a complaint with the ICO at ico.org.uk.

7. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by email or in-app notification at least 14 days before taking effect.

Contact

CrowAgent Ltd · Apex Plaza, Forbury Road, Reading RG1 6SP
Email: hello@crowagent.ai