Skip to main content
Sign In
Request a demo

Privacy Policy

Effective date: April 7, 2026

Crunchafi Privacy Policy

Crunchafi respects and values your privacy. We are committed to maintaining the confidentiality, integrity and security of information about our users and their organizations. For purposes of this Privacy Policy, “Crunchafi”, “we”, “us” and “our” means Crunchafi, LLC, Crunchafi Data Extraction, Inc and its Affiliates. For purposes of this Privacy Policy “Affiliates” shall mean any entity that controls, is controlled by or is under common control with another party.

Crunchafi will endeavor to protect and develop or use technology that provides a safer online experience for the customer, consumer, and users of our website and services (“you” or “your”) and has created this privacy statement (“Privacy Policy”) to demonstrate its firm commitment to secure and trustworthy internet commerce and your privacy.

This Privacy Policy describes the information collected, used, and disclosed by Crunchafi through our website, Crunchafi.com (the “Website”). While this Privacy Policy describes how we treat personal information we collect from the Website, please be aware that additional terms and conditions may apply to the use of the Website. For example, the Terms of Use apply to your use of the Website and the Acceptable Use Policy and the Subscription Agreement apply to your use of our services.

Crunchafi is established in the United States. For the purposes of EU GDPR and UK GDPR, Crunchafi has designated the following representatives:

EU Representative (GDPR Art. 27)/ UK Representative (UK GDPR Art. 27)

Adam Brogden

GDPR Local LDT

dpo.support@gdprlocal.com

Tel + 441 772 217 772

1st Floor Front Suite 278-29 North Street, Brighton, England BN1 1EB

Crunchafi acts in different ways when processing data:

  1. Crunchafi acts as a controller of your personal information when you sign up for our products and services, visit our websites or interact with us through other channels (for example in person events or trainings). We use this data for a variety of purposes, including to provide our products and services to you, contact you about relevant content, and improve and promote our products and services.
  2. Crunchafi acts as a processor when our customers use our products and services to collect and process personal information in connection with customer products and services. In this case we act as a processor or service provider on behalf of our customers (who are controllers of personal data) under a data processing agreement that is included with our customers subscription agreement. When Crunchafi acts as a processor for its customers, we may collect personal information subject to our contractual obligations. When we act as a service provider, we follow the instructions of our customer on how to process personal information on our customer’s behalf.

Lawful Basis for Processing

This Privacy Policy describes how Crunchafi collects and uses your information. We process your personal data only on lawful bases permitted under applicable law. The table below identifies the lawful basis we rely upon for each category of processing activity. Where we rely on legitimate interests as our lawful basis, we have carried out a Legitimate Interests Assessment (LIA); a summary is available on request.

Processing Purpose

Lawful Basis (EU/UK GDPR Art. 6)

Providing our products and services; account management

Art. 6(1)(b) — Performance of a contract

Sending marketing communications (new customers)

Art. 6(1)(a) — Consent

Sending marketing communications (existing customers, soft opt-in)

Art. 6(1)(f) — Legitimate interests (promoting similar products/services)

Website analytics; improving products and services

Art. 6(1)(f) — Legitimate interests (understanding how our services are used)

Compliance with legal obligations; responding to law enforcement

Art. 6(1)(c) — Legal obligation

Security; fraud prevention; enforcing our terms

Art. 6(1)(f) — Legitimate interests (protecting our business and users)

Merger, acquisition or asset sale due diligence

Art. 6(1)(f) — Legitimate interests (business continuity)

Processing as a data processor on behalf of customers

Art. 6(1)(b) / Art. 6(1)(c) — as directed by the relevant data controller under a Data Processing Agreement

Special Category Data:We do not intentionally collect special category data (Article 9 GDPR) through the Website. If special category data is submitted by a customer as part of the data we process on their behalf, such processing is governed by the applicable Data Processing Agreement and the customer's own lawful basis for collection.

International Transfers. Where we transfer your personal data outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place as described in the Cross-Border Transfer of Personal Information section below. Such transfers are made subject to standard contractual clauses or other lawful transfer mechanisms, and do not occur on the basis that foreign laws are merely "less stringent."

Collection of Your Personal Information

Information you provide to us. We may collect personal information about you when you provide it to us while registering for an account or using or interacting with the Website. You will be required to register in order to be granted access to certain information, services, and/or products on the Website.

We may collect the following personal information when you provide it to us:

  • Your name;
  • Your title;
  • Your company name;
  • Your CPA firm name, if applicable;
  • Your e-mail address;
  • Your mailing address;
  • Your telephone number;
  • Usage data
  • Marketing and communications data
  • Aggregated data
  • Account/payment information, if you use any portion of the Website for the exchange of payments; and
  • to provide you with goods or services and to otherwise operate our business;
  • to provide information about our company, products, and/or services, including updates, notifications, and details of any offers or promotions;
  • to assist us in improving our products, services, or the content of this Website;
  • to contact you to participate in a market research survey so that we can gauge customer satisfaction and develop better products;
  • for our own internal marketing and research purposes;
  • to make the Website easier to use by eliminating the need for you to repeatedly enter the same information or by customizing the Website to your particular interests or preferences;
  • to analyze information for trends and statistics;
  • to comply with our legal obligations or requests from law enforcement and government agencies;
  • to enforce or protect the terms of our services, rights, property, safety, or that of our users or third parties; and
  • as part of due diligence for, or the consummation of, a transaction involving the merger, sale, divestiture, or other transaction involving the equity or assets of Crunchafi.
  • with service providers that assist us in providing services offered through the Website, including, but not limited to, services related to technical maintenance, database management, or advertising and marketing research;
  • with users of the Website;
  • to comply with our legal obligations or requests from law enforcement and government agencies;
  • to enforce or protect the terms of our services, rights, property, safety, or that of our users or third parties;
  • with Affiliates, joint ventures or other related entities, in which case we will ask that these entities honor the terms of this Privacy Policy;
  • as part of due diligence for, or the consummation of, a transaction involving the merger, sale, divestiture, or other transaction involving the equity or assets of Crunchafi; or
  • in accordance with consent you’ve provided.
  • User Input Data: Text, files, or other content you submit for processing by AI features.
  • Usage Data: Technical data related to your interaction with AI features, including timestamps, feature use frequency and performance data.
  • System and Diagnostic Data: Logs, error reports, and other metadata generated by the system to ensure stability and improve functionality.
  • Access the personal data we hold about you;
  • Rectify any inaccurate personal data;
  • Erasure of your personal data in certain circumstances;
  • Restrict or object to certain processing activities; and
  • Data portability where processing is based on consent or contract.
  • Changing your settings at Google’s Ad Settings at: http://www.google.com/settings/ads
  • Installing an opt-out browser add-on available at: https://tools.google.com/dlpage/gaoptout/
  • Adjusting the settings on your web browser: See http://www.google.com/intl/en/policies/technologies/managing

We may also receive messages or content you submit that contain personal information when you use the Website, as well as other information that may personally identify you that you submit to us. If you apply for a position with Crunchafi, we will also collect your professional or educational information. If you choose to respond to a survey we conduct, we will collect your responses.

Information we collect automatically. As you use our Website, we may use technologies that collect certain information about you automatically. We may collect, among other things, your IP address, location, device type, date and time of visit, operating system, browser type and version, activities on the Website, and information about how you use the Website. If you are visiting the Website via a mobile device, we may also collect your mobile device’s unique device ID and information about how you use the Website. We may also collect information about what you download and upload to the Website. For more information on how the Website uses cookies, please see the below section titled “Use of Cookies.”

Information we receive from other sources. From time to time, we may also receive information about you from our third-party service providers, affiliates, customers, and partners, including our marketing, conference, and advertising partners and social media networks. For example, we receive information on our email campaigns from our third-party service providers, including whether you have read an email sent by us or on our behalf, forwarded an email, and when and how many times you have opened an email. We may also receive information from third-party analytics on the Website that allows us to improve our Website.

We may also collect information about you from publicly available sources. Crunchafi has a legitimate interest in understanding how its users, customers and potential customers use its Website. This assists Crunchafi with providing more relevant products and services, with communicating value to our sponsors and corporate members, and with providing appropriate staffing to meet user and customer needs.

Use of Your Personal Information

The personal information that you provide to Crunchafi may be stored, processed, and used by Crunchafi and its affiliates for the following purposes:

Use of Cookies

See Crunchafi’s Cookie Policy for full information on the cookies we use and your choices regarding them.

Sharing Your Information with Third Parties

We may share your information with third parties as follows:

We may share aggregate, de-identified information with others, including affiliated and non-affiliated companies, for any legal purpose. Where we share your personal data with third-party processors, we ensure such processors are subject to contractual obligations (pursuant to GDPR Art. 28) requiring them to process data only on our instructions and to implement appropriate technical and organizational security measures. A list of our current sub-processors is available upon request.

Use of Artificial Intelligence

Some of our services incorporate artificial intelligence (“AI”) and machine learning technologies provided through Microsoft Azure Open AI and Anthropic to enable and enhance certain features of the service such as document data entry, data analysis, content generation, automation and predictive functionality. These features are intended to improve performance, accuracy and user experience.

Data Processed by AI Systems

When you use AI-enabled features, the following categories of data may be processed:

We process this data only for purposes compatible with providing and improving the Service and its AI components.

Third-Party AI Providers

Our service may rely on third-party AI models or APIs. When we engage such provider, we ensure they are contractually bound to process data only as instructed and to implement appropriate safeguards consistent with this Privacy Policy and applicable data protection laws.

Data Minimization and Retention

We limit AI data processing to what is strictly necessary for the intended functionality. Input and output data processed by Azure AI and or Anthropic is not used to train or improve public models. We retain AI-processed data only as long as needed for Service provision, troubleshooting, or compliance with legal obligations.

No Automated Decision Making

We do not make automated decisions about you — including profiling — that produce legal effects or similarly significant impacts on you, as described in Article 22 of the UK/EU General Data Protection Regulation (GDPR).

Any artificial intelligence or machine learning features made available through our platform are provided as tools to assist you, our customer. All decisions based on outputs generated by these tools remain solely with you or your authorized users. We do not use AI or automated processing to make decisions on your behalf, nor do we use your data to make decisions that affect your legal rights or other matters of similar significance.

Because we do not engage in automated decision-making that produces legal or significant effects, Article 22 rights (the right not to be subject to solely automated decisions) are not directly triggered by our processing. However, you retain all other rights under GDPR, including the right to:

To exercise any of these rights, please contact our Data Protection Officer (contact information listed below)

Use of AI Features in the Service

Where our Services incorporate AI-assisted functionality, such features are designed to support human judgment, not replace it. You are responsible for reviewing any AI-generated outputs before acting on them and for ensuring that any decisions made using our platform comply with applicable laws, including your own obligations under GDPR where you act as a data controller.

Updates and Transparency

We will notify you of material changes to our AI data processing practices through updates to this Privacy Policy and, where required by applicable law, by direct notification (e.g., by email). Where such changes affect processing activities that rely on your consent, we will seek fresh consent before processing your data under the revised terms.

Your Choices

You have the ability to accept or decline cookies. However, if you choose to decline cookies, you may not be able to fully experience the features of the Website or services you visit. Information on deleting or controlling cookies can be found at www.aboutcookies.org.

You can opt out of Google Analytics by:

Our Website does not respond to "Do Not Track" browser signals. However, we honor Global Privacy Control (GPC) opt-out signals where required by applicable law, including for California residents under the CPRA (Cal. Civ. Code § 1798.135(b)). If you are located in the UK or EU, you may exercise your right to object to processing based on legitimate interests, or withdraw cookie consent, at any time through our cookie preference center or by contacting us directly.

Opt-Out. You may opt out of receiving future marketing communications from us at any time. You can opt out by using the unsubscribe process in our communications or by contacting us using the below listed methods. We will process such requests within the timeframe required by applicable law (e.g., within 45 days for CCPA/CPRA requests, which may be extended by an additional 45 days where reasonably necessary; within 30 days for GDPR requests, extendable by up to two months for complex requests). Depending on where you live, you may have other rights related to your personal information. If you have a question regarding such rights, please contact us at the below-provided information.

Submitting a Data Subject Request

If the right is provided to you by applicable law and you would like to request to review, correct, update, delete or otherwise limit our use of personal information that has been previously provided to us, you may make a request using one of the methods listed below:

  1. Online Request Form
  2. Email: privacy@Crunchafi.com

We will respond to your request consistent with applicable law. For your protection, we may only implement requests with respect to the personal data associated with a particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and consistent with applicable law. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting the change or deletion.

Security of Information

To protect the privacy of personal information provided by you, Crunchafi has implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.

Unfortunately, the transmission of information via the internet is not completely secure. We urge you to take every precaution to protect your personal information when you are on the internet. Although we will take reasonable efforts to protect your personal information, we cannot guarantee the security of such information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

Retention of Personal Information

How long we keep information we collect about you depends on the type of information and how we collect and store it. After a reasonable period of time, we will either delete or anonymize your information or if that is not possible, then we will securely store your information and isolate it from any further use until deletion is possible.

We retain personal information that you provide to us where we have an ongoing legitimate business need to do so (for example, as needed to comply with our legal obligations and enforce our agreements).

When we have no ongoing legitimate business need to process your personal information we securely delete the information or anonymize it or, if this is not possible securely store your personal information and isolate it from any further processing until deletion is possible. We will delete this information at an earlier date if you so request as described in the Data Subject Rights section.

If you have elected to receive marketing communications from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our content, products or services. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.

The data we process on behalf of customers is stored and secured according the subsection agreement and data processing agreement between Crunchafi and customer.

Links to other Websites

The Website may provide links to other websites. When you choose to use a link to visit another website, you are then subject to the security and privacy policy of that website. We are not responsible for the privacy, security, accuracy, or reliability of the information on third-party websites. You access such links at your own risk. We recommend you read the privacy policy of a website before disclosing any of your information. Links to third-party websites do not imply an affiliation between us and the website owner, or any endorsement, approval, or verification of any content contained on those websites.

Children Under the Age of 13

We do not knowingly collect personal information from children under 13. In the event that we learn that we have collected personal information from a child under the age of 13 without parental consent, we will delete that information and otherwise comply with the requirements of any applicable law including the Children’s Online Privacy Protection Act. If you believe someone under the age of 13 has provided us with personal information, we ask that you contact us through the methods described below. Additionally, in compliance with the California Privacy Rights Act (CPRA), we do not sell or share the personal information of California consumers whom we have actual knowledge are between the ages of 13 and 15 years old, without their affirmative authorization (Cal. Civ. Code § 1798.120(c)).

Additional Information for California

If you are a resident of California, the California Consumer Privacy Act (“CCPA”) (Civil Code §§ 1798.100 et seq. and its regulations) provides you with specific rights regarding your personal information. These include:

  • You can request information about our collection, use and disclosure of your personal information over the past twelve (12) months concerning: (i) the categories of personal information we collected about you, (ii) the business or commercial purpose for collecting your personal information, (iii) the categories of sources from which your personal information is collected, and (iv) the categories of third parties with whom we share your personal information. You can request a list disclosing the categories of your personal information we have shared in connection with a business purpose.
  • You can request to correct any inaccurate personal information we maintain about you.
  • You can request to receive a copy of your personal information in a commonly used and machine-readable format.
  • You can request that we delete your personal information, subject to certain exceptions.
  • Right of access to: You have the right to obtain confirmation as to whether personal data concerning you is being processed and, where that is the case, access to that personal data. Reasonable access to your personal data will be provided at no cost.
  • Right of rectification: You have the right to request the rectification of any inaccurate or incomplete personal data concerning yourself.
  • Right to erasure ("right to be forgotten"): You have the right to request deletion of your personal data from our systems, including from third parties who may have access to that data, subject to any legal obligation to retain it.
  • Right to restrict processing: You have the right to ask us to restrict processing of your personal data in certain circumstances.
  • Right to object to processing: You have the right to object to processing of your personal data, including where it is based on legitimate interests or used for direct marketing.
  • Right to data portability — You have the right to receive your personal data in a structured, commonly used and machine-readable format, and to transmit that data to another controller where technically feasible.
  • Rights related to automated decision-making including profiling — See the No Automated Decision Making section above.
  • Right to withdraw consent — Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint. If you are located in the United Kingdom, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk or by calling 0303 123 1113. If you are located in the European Union, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities is available at https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.

To exercise the rights described above, it may be necessary for us to verify your identity or authority to make the request and confirm the personal information relates to you. Only you, or a natural person or a business entity that you have authorized to act on your behalf, may make a verifiable consumer request related to your personal information. We will not discriminate against you for exercising any of your privacy rights under CCPA or applicable law

During the past twelve (12) months, we collected the categories of personal information described above from California residents. We also disclosed such personal information to third parties for the purposes specified above during the past twelve (12) months. In the last twelve (12) months, we have not sold or shared (as those terms are defined under Cal. Civ. Code § 1798.140) the personal information of California residents with third parties for monetary or other valuable consideration or for cross-context behavioral advertising purposes. [ATTORNEY NOTE: If Crunchafi engages in any sale or sharing of personal information as defined under CCPA/CPRA, this disclosure must be updated and a “Do Not Sell or Share My Personal Information” link must be added to the Website homepage in compliance with Cal. Civ. Code § 1798.120 and § 1798.135.]

You may exercise any of the rights described in this section by contacting us using the information provided in the Contact Us section below.

Data Subject Rights

The European Union's General Data Protection Regulation (GDPR), UK GDPR, and other countries' privacy laws provide certain rights for data subjects. Data subject rights under GDPR/UK GDPR include the following:

This Privacy Policy is intended to provide you with information about what personal data Crunchafi collects about you and how it is used.

If you wish to confirm that Crunchafi is processing your personal data, or to have access to the personal data Crunchafi may have about you, please contact us.

You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside Crunchafi might have received the data from Crunchafi; what the source of the information was (if you didn’t provide it directly to us) and how long it will be stored. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Reasonable access to your personal data will be provided at no cost. If access cannot be provided within a reasonable time frame, Crunchafi will provide you with a date when the information will be provided. If for some reason access is denied, Crunchafi will provide an explanation as to why access has been denied.

For questions or complaints concerning the processing of your personal data, you can email us atprivacy@Crunchafi.com. Alternatively, if you are located in the European Union, you have the right to lodge a complaint with your local supervisory authority..

Our Obligations

Crunchafi processes personal data only where a lawful basis under Article 6 (and, where applicable, Article 9) of the GDPR and UK GDPR exists for that processing. The specific lawful bases we rely upon for each processing activity are set out in the "Lawful Basis for Processing" section above. The following principles govern all of our processing activities:

  1. Processed lawfully, fairly and in a transparent manner;
  2. Collected for specified and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  4. Accurate and kept up to date. Every reasonable step will be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  5. Kept for no longer than is necessary for the purposes for which the personal data is processed(see Retention of Personal Information section above);
  6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

Cross Border Transfer of Personal Information

Your personal information may be stored and processed in any country where we have facilities or in which we engage service providers. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your personal information.

If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection standards according to EEA standards. The full list of those countries is available on the EU Commission’s adequacy list online. For transfers from the UK and the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission and the UK, to protect your personal information.

Data Protection Officer

Crunchafi is headquartered in Milwaukee, WI in the United States. Crunchafi has appointed a data protection officer for you to contact if you have any questions or concerns about Crunchafi’s personal data policies or practices. If you would like to exercise your privacy rights, please direct your query to Crunchafi’s Data Protection Officer.

Data Protection Officer Info

Adam Brogden

GDPR Local LDT

dpo.support@gdprlocal.com

Tel + 441 772 217 772

1st Floor Front Suite 278-29 North Street, Brighton, England BN1 1EB

Revisions

We update this Privacy Policy from time to time and encourage you to review this Privacy Policy periodically. We will post any Privacy Policy changes on this page and if the changes are material, notify you directly (for example by sending you an email notification),

Contact us

If you have any questions or concerns regarding our Privacy Policy, please contact us at

Crunchafi

Legal Department

Crunchafi, LLC

790 North Milwaukee Street

Suite 302

Milwaukee, WI 53202

privacy@crunchafi.com.

EU Representative/UK Representative

Adam Brogden

GDPR Local LDT

dpo.support@gdprlocal.com

Tel + 441 772 217 772

1st Floor Front Suite 278-29 North Street, Brighton, England BN1 1EB

Effective Date: April 7, 2026