Privacy Policy

1. Introduction

CrowsNest Systems, Inc. (“CrowsNest,” “we,” “our,” or “us”) is a cybersecurity software company providing governance, risk, and compliance automation platforms for enterprise customers.

We are committed to protecting personal data and complying with:

• The EU General Data Protection Regulation (EU) 2016/679 (“GDPR”)
• The UK GDPR
• The US-EU Data Privacy Framework (DPF)
• The Swiss-US Data Privacy Framework
• Applicable U.S. federal and state privacy laws

This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you visit our website, engage with us as a customer, use our products, or interact with us professionally.

2. Roles and Scope of Processing

CrowsNest operates in two distinct roles:

2.1 Controller

We act as a data controller when we process personal data for website visitors, marketing, events, business contacts, and recruitment.

2.2 Processor

We act as a data processor when we process personal data on behalf of our enterprise customers in connection with our cybersecurity automation platform. In those cases, we process data solely pursuant to a Data Processing Agreement (DPA).

3. Categories of Personal Data We Collect

3.1 Website & Marketing Data (Controller)

• Name, business email, company name, job title, and phone number
• IP address, browser/device information, and cookie identifiers

3.2 Customer & Account Data (Controller)

• Account administrator details, billing information, and business communications

3.3 Product Data (Processor)

Depending on configuration, we may process usernames, corporate emails, access logs, and security telemetry metadata. Our platform is not designed to collect sensitive personal, biometric, or health data.

4. Legal Bases for Processing (GDPR)

Where GDPR applies, we rely on:

• Article 6(1)(b) – Performance of a contract
• Article 6(1)(f) – Legitimate interests (e.g., improving services, security, preventing fraud)
• Article 6(1)(a) – Consent
• Article 6(1)(c) – Legal obligation

5. Data Privacy Framework (DPF) Participation

CrowsNest Systems, Inc. complies with the EU-U.S. DPF and the Swiss-U.S. DPF. We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). For more information, visit https://www.dataprivacyframework.gov/.

6. International Data Transfers

CrowsNest is headquartered in the United States. We ensure lawful transfer mechanisms through DPF certification, Standard Contractual Clauses (SCCs), and DPAs.

7. Data Sharing & Onward Transfers

We may share data with providers for cloud infrastructure, hosting, security, and analytics. All subprocessors are bound by written agreements. We do not sell personal data.

8. Data Security

We implement technical measures including TLS 1.2+ / 1.3 encryption, access controls (RBAC), audit logging, and regular security testing.

9. Data Retention

We retain personal data only as long as necessary for contractual, legal, or legitimate business purposes.

10. Individual Rights (GDPR)

Users in the EU/EEA have rights to access, rectify, erase, and object to processing. Requests can be submitted to privacy@crowsnestsecurity.com.

11. Disclosures Required by Law

We may be required to disclose personal information in response to lawful requests by public authorities for national security or law enforcement.

12. Dispute Resolution (DPF)

Complaints should first be sent to privacy@crowsnestsecurity.com. Unresolved complaints may be referred to JAMS (https://www.jamsadr.com/DPF-Dispute-Resolution) at no cost to the individual.

13. Choice

Individuals can opt out of data disclosure to non-agent third parties or use for materially different purposes by contacting us.

14. Cookies

We use cookies for essential functionality, security, and analytics. Users can manage preferences via browser settings.

15. Children’s Data

Our services are not directed to individuals under 16.

16. Changes to This Policy

Material changes will be posted on our website and communicated to customers as required.

17. Contact Information