Krowd

Legal

Krowd Privacy Policy

This Privacy Policy describes how Krowd Group Limited collects, uses, stores, and shares personal data when you use our websites, products, and related services.

Last updated: 10 March 2026

Scope

This Policy applies to personal data processed through Krowd websites, including krowd.org.uk, and our products such as House Krowd, Signals, Krowd Source, and Insights.

It should be read alongside our Terms of Service, which explain service usage, commercial terms, and product-specific obligations.

Who we are

Krowd Group Limited is the data controller for personal data we process in connection with our website and customer relationships, except where we act as a processor on behalf of customers.

Where a customer uses our platform to process resident, tenant, participant, or workforce data, that customer typically remains the controller and we process data under their documented instructions.

Data we collect

  • Identity and contact details (name, email, job title, organisation).
  • Account and authentication details (login identifiers, access logs).
  • Product usage data (events, interactions, configuration settings).
  • Operational content uploaded by customers and users.
  • Technical data (IP address, browser type, device metadata).
  • Support and communication records (tickets, emails, meeting notes).

How we use personal data

  • To provide, operate, and improve our products and services.
  • To manage accounts, billing, and customer support.
  • To maintain platform security, resilience, and abuse prevention.
  • To communicate product updates, service notices, and legal changes.
  • To develop analytics, reporting, and aggregated service insights.
  • To comply with applicable legal and regulatory requirements.

Lawful bases (UK GDPR)

Depending on context, we rely on contract, legitimate interests, legal obligation, and where required, consent.

Controller vs processor

For customer workspace data, we usually act as processor and process personal data under the customer's instructions and data processing terms.

Sharing and subprocessors

We share personal data only where needed to deliver services, including with infrastructure providers, analytics services, support tooling, and professional advisers.

We require service providers to implement appropriate technical and organisational safeguards, confidentiality commitments, and data protection obligations.

International transfers

If personal data is transferred outside the UK, we use appropriate safeguards such as adequacy regulations or approved contractual transfer mechanisms.

Data retention

We retain personal data only for as long as necessary for the purposes set out in this Policy, and to satisfy legal, accounting, reporting, and contractual obligations.

Security

We maintain proportionate security measures designed to protect personal data against unauthorised access, loss, misuse, or alteration, including access controls, monitoring, and secure development practices.

Your data protection rights

Subject to applicable law, you may have rights to access, correct, erase, restrict, or object to processing of personal data, and to request portability.

If we process data on behalf of a customer, please contact that customer first so they can handle your request as controller.

Cookies and analytics

We use cookies and similar technologies for essential functionality, performance measurement, and product improvement. You can manage browser-level cookie preferences at any time.

Children's privacy

Our services are designed for organisations and professional users and are not directed to children under 13.

Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the date above and provide notice where appropriate.

Contact

If you have privacy questions or want to exercise your rights, contact us via the contact page.