Privacy Policy

Last updated: March 2026

This Privacy Policy explains how CROgrader ("we", "us", or "our") collects, uses, and protects your personal data when you visit crograder.com or use our services. CROgrader is operated from Rotterdam, the Netherlands, and we are committed to complying with the General Data Protection Regulation (GDPR) and applicable Dutch and European privacy laws.

1. Data Controller

The data controller responsible for your personal data is:

CROgrader
Rotterdam, the Netherlands
Email: paulo@crograder.com

2. Data We Collect

2.1 Data You Provide

• Email address — When you enter your email to access a scan report (scanner gate). Providing your email is optional but required to receive your full report.
• URLs submitted for scanning — The website URLs you submit through our CRO scanner tool.

2.2 Data Collected Automatically

• Cookies — We use essential cookies to ensure the website functions properly. We may also use analytics cookies to understand how visitors interact with our site. See Section 6 for details.
• Log data — Our servers may automatically record information such as your IP address, browser type, referring page, pages visited, and the date and time of your visit.
• Usage data — We collect anonymized data about how you interact with the scanner tool to improve our service.

3. How We Use Your Data

We use your personal data for the following purposes:

• Delivering scan reports — To generate and send your CRO scan results to your email address.
• Service improvement — To analyze usage patterns and improve the accuracy and usefulness of our scanner.
• Communication — To send you product updates or CRO-related content, only if you have opted in. You can unsubscribe at any time.
• Technical operation — To maintain, protect, and improve our website and services.

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Consent — When you submit your email address to receive scan reports or opt in to communications.
• Legitimate interest — For website analytics and service improvement, where these interests are not overridden by your data protection rights.
• Contract performance — To deliver the scanning service you requested.

5. Third-Party Services

We use a limited number of third-party services to operate CROgrader:

• Anthropic (Claude API) — We send the publicly available content of URLs you submit to Anthropic's API for AI-powered analysis. No personal data beyond the URL content is shared with Anthropic. Anthropic's privacy policy is available at anthropic.com/privacy.
• Google Fonts — We use Google Fonts to display typography on our website. Google may collect your IP address and browser data when fonts are loaded. Google's privacy policy is available at policies.google.com/privacy.

We do not sell, rent, or trade your personal data to any third party.

6. Cookies

CROgrader uses the following types of cookies:

• Essential cookies — Required for the website to function properly. These cannot be disabled.
• Analytics cookies — Help us understand how visitors use our site. These are only placed with your consent.

You can control cookie preferences through your browser settings. Disabling cookies may affect the functionality of certain features.

7. Data Retention

• Email addresses — Retained until you request deletion or unsubscribe from all communications.
• Scan data — Scan results and submitted URLs are retained for up to 12 months to allow you to access past reports and for service improvement purposes.
• Log data — Server logs are retained for up to 90 days for security and debugging purposes.

8. Your Rights Under the GDPR

As a data subject, you have the following rights under the GDPR:

• Right of access — Request a copy of the personal data we hold about you.
• Right to rectification — Request correction of inaccurate personal data.
• Right to erasure — Request deletion of your personal data ("right to be forgotten").
• Right to restrict processing — Request that we limit how we use your data.
• Right to data portability — Request your data in a structured, machine-readable format.
• Right to object — Object to processing of your data based on legitimate interest.
• Right to withdraw consent — Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at paulo@crograder.com. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted data transmission (HTTPS), secure server infrastructure, and access controls.

10. International Data Transfers

Some of our third-party service providers (such as Anthropic) are based outside the European Economic Area (EEA). When data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission.

11. Children's Privacy

CROgrader is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at paulo@crograder.com and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, or if you wish to file a complaint, please contact us:

Email: paulo@crograder.com

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.