Crunchafi

Privacy Policy

Crunchafi's Privacy Policy, effective April 7, 2026, outlines its commitment to protecting user data collected via Crunchafi.com, detailing its roles as both data controller and processor under applicable laws including GDPR, the lawful bases for processing personal information such as account registration details (name, title, company), and the safeguards for international data transfers outside the UK and EEA.

Effective date: April 7, 2026

Crunchafi respects and values your privacy. We are committed to maintaining the confidentiality, integrity, and security of information about our users and their organizations. This Privacy Policy describes the information collected, used, and disclosed by Crunchafi through our website, Crunchafi.com (the “Website”). Additional terms and conditions may apply to the use of the Website, such as the Terms of Use, Acceptable Use Policy, and Subscription Agreement.

Crunchafi is established in the United States. For the purposes of EU GDPR and UK GDPR, Crunchafi has designated representatives in the EU and UK. Contact details are provided for data protection inquiries.

Data Controller and Processor Roles

  1. 1.Controller: Crunchafi acts as a controller of your personal information when you sign up for products and services, visit our websites, or interact with us through other channels. We use this data to provide products and services, contact you, and improve and promote our offerings.
  2. 2.Processor: When customers use our products and services to collect and process personal information, Crunchafi acts as a processor or service provider on behalf of customers under a data processing agreement.

Lawful Basis for Processing

Crunchafi processes personal data only on lawful bases permitted under applicable law. The lawful bases include performance of a contract, consent, legitimate interests, legal obligation, and as directed by a data controller under a Data Processing Agreement. Special category data is not intentionally collected through the Website.

International transfers of personal data outside the UK or EEA are subject to appropriate safeguards, such as standard contractual clauses or other lawful mechanisms.

Collection of Your Personal Information

Information You Provide

We may collect personal information when you register for an account or interact with the Website, including:

  • Name
  • Title
  • Company name
  • CPA firm name (if applicable)
  • Email address
  • Mailing address
  • Telephone number
  • Usage data
  • Marketing and communications data
  • Aggregated data
  • Account/payment information (if applicable)
  • User input data (text, files, or other content submitted for AI processing)
  • System and diagnostic data (logs, error reports, metadata)

We may also collect information you submit in messages, surveys, or job applications.

Information Collected Automatically

We may automatically collect information such as IP address, location, device type, date and time of visit, operating system, browser type and version, activities on the Website, and information about downloads and uploads. For more information on cookies, see the "Use of Cookies" section.

Information from Other Sources

We may receive information from third-party service providers, affiliates, customers, partners, and social media networks. This may include analytics data, email campaign engagement, and publicly available information.

Use of Your Personal Information

Personal information may be stored, processed, and used for:

  • Providing goods or services
  • Operating our business
  • Providing information about our company, products, and services
  • Improving products, services, or Website content
  • Market research and customer satisfaction surveys
  • Internal marketing and research
  • Customizing the Website
  • Analyzing trends and statistics
  • Complying with legal obligations
  • Enforcing terms of service and protecting rights, property, and safety
  • Due diligence for business transactions
  • Sharing with service providers, users, affiliates, or as required by law

Use of Cookies

See Crunchafi’s Cookie Policy for full information on cookies used and your choices regarding them.

Sharing Your Information with Third Parties

We may share your information with third parties, including:

  • Aggregate, de-identified information for legal purposes
  • Third-party processors under contractual obligations
  • Affiliates, joint ventures, or related entities
  • As part of business transactions
  • In accordance with your consent

A list of current sub-processors is available upon request.

Use of Artificial Intelligence

Some services incorporate AI and machine learning technologies (e.g., Microsoft Azure Open AI, Anthropic) for features such as document data entry, data analysis, content generation, automation, and predictive functionality. Data processed by AI systems is limited to what is necessary for functionality and is not used to train or improve public models. AI-processed data is retained only as long as needed for service provision, troubleshooting, or legal compliance.

No automated decisions are made about you that produce legal or similarly significant impacts. AI features are tools to assist users, and all decisions based on AI outputs remain with the user.

Your Choices

You can accept or decline cookies. Declining cookies may limit Website functionality. You can opt out of Google Analytics and adjust browser settings for privacy. The Website does not respond to "Do Not Track" signals but honors Global Privacy Control (GPC) opt-out signals where required by law.

You may opt out of marketing communications at any time using unsubscribe links or by contacting Crunchafi. Requests are processed within timeframes required by law.

Submitting a Data Subject Request

To review, correct, update, delete, or limit use of your personal information, you may:

  1. 1.Use the online request form
  2. 2.Email: privacy@Crunchafi.com

Requests may require identity verification. Some information may be retained for recordkeeping or to complete transactions.

Security of Information

Crunchafi implements measures to secure personal information from accidental loss and unauthorized access, use, alteration, or disclosure. However, transmission over the internet is not completely secure, and any transmission is at your own risk.

Retention of Personal Information

Personal information is retained as long as there is a legitimate business need or legal obligation. When no longer needed, information is deleted or anonymized. Marketing preferences and cookie-derived information are retained for a reasonable period. Data processed on behalf of customers is stored and secured according to agreements.

Links to Other Websites

The Website may provide links to other websites. Crunchafi is not responsible for the privacy, security, or accuracy of third-party websites. Users should review the privacy policies of other websites before disclosing information.

Children Under the Age of 13

Crunchafi does not knowingly collect personal information from children under 13. If such information is discovered, it will be deleted in compliance with applicable law. The company does not sell or share personal information of California consumers aged 13-15 without affirmative authorization.

Additional Information for California Residents

California residents have specific rights under the California Consumer Privacy Act (CCPA), including:

  • Requesting information about collection, use, and disclosure of personal information
  • Requesting correction of inaccurate personal information
  • Requesting a copy of personal information in a machine-readable format
  • Requesting deletion of personal information (with exceptions)
  • Rights of access, rectification, erasure, restriction, objection, data portability, and withdrawal of consent
  • Right to lodge a complaint with the appropriate authority

Crunchafi does not sell or share personal information of California residents for monetary or cross-context behavioral advertising purposes.

Data Subject Rights (GDPR/UK GDPR)

Data subjects have rights under GDPR/UK GDPR, including:

  • Access to personal data
  • Rectification of inaccurate or incomplete data
  • Erasure (right to be forgotten)
  • Restriction of processing
  • Objection to processing
  • Data portability
  • Rights related to automated decision-making
  • Withdrawal of consent
  • Right to lodge a complaint with supervisory authorities

Requests may require identity verification. Reasonable access is provided at no cost, and explanations are given if access is denied.

Our Obligations

Crunchafi processes personal data lawfully, fairly, and transparently; for specified purposes; limited to what is necessary; kept accurate and up to date; retained only as long as necessary; and secured with appropriate measures.

Cross Border Transfer of Personal Information

Personal information may be stored and processed in any country where Crunchafi or its service providers operate. Transfers outside the EEA or UK are subject to appropriate safeguards.