Privacy Policy

Effective Date: 31 May 2026 · Last Updated: 31 May 2026

This Privacy Policy explains how Crescevo collects, uses, and protects personal data across crescevo.com and our niche newsletter sites (finance, ai, marketing, tech, biz, and work — collectively, the "Sites"), our products, and our client services.

Who We Are

The Sites, products, and services are operated by Crescevo Technologies LLC ("Crescevo", "we", "us"), 16185 Unity Street NW, Andover, MN 55304, USA. Contact: [email protected].

We act in two distinct roles:

  • Data controller — for personal data of our website visitors, newsletter subscribers, and product customers (described in this policy).
  • Data processor — when we deploy or operate marketing infrastructure for a client (e.g. the Owned Audience Growth Stack or Crescevo Managed), the client's contact/subscriber data is processed by us on the client's behalf and instructions. That processing is governed by the Data Processing Agreement (DPA) in the client engagement, not by this policy. Clients are the controllers of their own audience data.

What We Collect (as controller)

  • Email address and name when you subscribe to a newsletter or request a resource.
  • Purchase & billing data when you buy a product. Payments are processed by Stripe; we receive transaction metadata (product, amount, email) but never store full card numbers.
  • Engagement & inquiry data when you book a discovery call, submit a contact/agency-inquiry form, or correspond with us.
  • Analytics data via our self-hosted Umami — cookieless, no cross-site tracking, honors Do Not Track.
  • Optional behavioral data (email opens, page visits, form submissions) via our self-hosted Mautic. On our Sites this uses a cookie set only after you consent via our cookie banner; decline and no such cookie is set.
  • AI assistant interactions when you use a chatbot on our Sites. Do not enter sensitive personal information into chatbots.

Lawful Bases (GDPR Article 6)

  • Consent — newsletter subscription (double opt-in) and optional analytics cookies.
  • Contract — delivering products and services you purchase, and pre-contract steps (quotes, discovery calls).
  • Legitimate interests — securing our Sites, preventing abuse, and operating our business, balanced against your rights.

How We Use It

To deliver newsletters and resources you request; to fulfil and support product/service purchases; to respond to inquiries; to understand and improve our Sites (aggregate analytics); and, only with consent, to tailor follow-up communications. We do not sell, rent, or share your personal data with advertisers or data brokers, and we use no Google Analytics, Meta Pixel, or third-party ad-tracking.

Infrastructure, Subprocessors & International Transfers

Primary data is hosted on a Hetzner VPS in the EU; encrypted backups are stored on Backblaze B2. We use the subprocessors below; some process limited data in the United States (notably AI inference and email). Where data leaves the EU/EEA we rely on Standard Contractual Clauses or an equivalent mechanism, with a DPA in place with each:

  • Stripe — payment processing (US/EU)
  • Resend — transactional & newsletter email (US)
  • Anthropic and Groq — AI assistant inference (US)
  • Cloudflare — CDN & DNS (global)
  • Hetzner — VPS hosting (EU)
  • Backblaze B2 — encrypted backup storage (US)

Data Retention

  • Newsletter subscribers: retained while active and up to 24 months after your last engagement, then deleted or anonymized.
  • Customer & inquiry records: retained for the duration of the relationship and as required for tax, accounting, and legal obligations (typically up to 7 years for transaction records), then deleted.
  • Lead/CRM & analytics data: up to 24 months after last activity.
  • Client (processor) data: handled per the engagement DPA; on a client's VPS it belongs to the client; for Managed clients it is deleted/returned per the DPA on termination.

Your Rights

Unsubscribe anytime via the link in any email. If you are in the EU/UK you have GDPR rights (access, rectification, erasure, restriction, portability, objection); in California you have CCPA/CPRA rights. To exercise any right, email [email protected]; we respond within 30 days. You may also complain to your local data protection authority. For data we process on a client's behalf, direct requests to that client (the controller).

Cookies

See our Cookie Policy. Essential cookies are required for the Sites and checkout to function; the optional analytics cookie is set only with your consent and can be withdrawn via the cookie banner.

Children

Our Sites and products are intended for businesses and professionals and are not directed to anyone under 16. We do not knowingly collect data from children.

Changes

We may update this policy; the "Last Updated" date reflects the latest version. Material changes will be communicated by email or an on-site notice.

Contact

Crescevo Technologies LLC · 16185 Unity Street NW, Andover, MN 55304, USA · [email protected]

\n