Crumbroad

Privacy Policy

Effective date: 9 July 2026

This Policy explains how Crumbroad handles personal data when you visit crumbroad.com, create an account, use AI-assisted workflows, publish or buy marketplace content, connect Stripe, or contact us.

1. Controller

The controller responsible for your personal data is:

Dmytro Pustovitenko Tech Creations
Tax identification number (NIP): 9452278715
Józefa Wybickiego 44a/3
31-302 Kraków, Poland
Privacy and legal contact: legal@crumbroad.com
Data-rights and security contact: security@crumbroad.com

2. Personal data we collect

We receive data directly from you, automatically from your browser and use of the Service, and from providers such as Google, Stripe, connected applications, and fraud or security services.

3. Why we process data and our legal bases

PurposeTypical dataLegal basis under GDPR
Create accounts, authenticate users, provide workflows, storage, AI generation, and requested integrationsAccount, content, files, settings, connected-app dataPerformance of our contract and steps requested before entering it
Process purchases, subscriptions, credits, creator onboarding, marketplace sales, refund requests sent to our contact email, and supportAccount, transaction, seller, communicationsContract; legal obligations; legitimate interests in operating and protecting commerce
Secure the Service, prevent fraud and abuse, diagnose errors, enforce rules, and establish legal claimsAccount, content where necessary, logs, device, transaction dataLegitimate interests; legal obligations; establishment, exercise, or defence of claims
Measure and improve product performance and understand feature usageUsage, device, cookie identifiers, errorsConsent where required for non-essential analytics; otherwise legitimate interests where law permits
Send product and service communicationsEmail, account, transaction dataContract and legitimate interests
Send promotional emailEmail, marketing choice and engagementYour separate consent; where legally permitted, legitimate interests for similar-product communications subject to opt-out
Comply with tax, accounting, consumer, regulatory, and law-enforcement requirementsIdentity, transaction, content, and communications as requiredLegal obligation

Providing account and transaction information is necessary to create an account or complete a purchase. If you do not provide it, we cannot provide the relevant Service. Marketing and optional analytics consent are voluntary and may be withdrawn without affecting prior lawful processing.

4. AI processing

When you use AI features, relevant prompts, chat history, workflow context, files or images, and instructions are sent to OpenAI through its API or to another AI provider configured for the requested feature. The provider returns generated content to Crumbroad. We use the result to provide your requested workflow and may retain inputs and outputs in your account history.

OpenAI states that API inputs and outputs are not used to train its models by default unless the API customer opts in. Its standard abuse-monitoring logs may retain content for up to 30 days unless longer retention is legally required. Provider practices may change; the provider's own privacy and data-control terms also apply.

Crumbroad does not use AI to make decisions about you that produce legal or similarly significant effects. AI-generated recommendations and classifications assist content creation and Service operation and should be reviewed by a person.

5. When we share data

We disclose personal data only as needed for the purposes above:

We do not sell personal data. We do not share personal data for cross-context behavioural advertising.

6. International transfers

Crumbroad is established in Poland, but providers may process data in the EEA and other countries, including the United States. Where GDPR or similar law requires safeguards, we rely on an adequacy decision, the EU Standard Contractual Clauses, the UK Addendum or International Data Transfer Agreement where relevant, or another lawful transfer mechanism. You may request information about applicable safeguards at legal@crumbroad.com.

7. Retention

We retain personal data only as long as necessary for the purpose collected, including:

Specific information may be retained longer if necessary to comply with law, prevent fraud, enforce agreements, protect users, or establish or defend legal claims.

8. Cookies and similar technologies

Crumbroad uses essential cookies and local storage for authentication, security, session continuity, preferences, and payment or OAuth flows. These are necessary to provide the Service.

We also use PostHog analytics technologies to understand visits, interactions, errors, and feature usage. Where required by law, non-essential analytics must not be activated until you consent, and you must be able to reject or later withdraw consent as easily as you gave it. Browser controls can remove stored cookies, but blocking essential cookies may prevent sign-in or other features from working.

9. Marketing communications

We send promotional email only when you separately opt in or another lawful basis permits it. Marketing consent is not required to create or use an account. You can withdraw consent at any time through an unsubscribe link or by emailing legal@crumbroad.com. You will still receive necessary account, security, billing, and transaction messages.

10. Public content and other users

Public profiles, storefronts, listings, templates, reviews, and media can be viewed, copied, indexed, and shared by others. Do not publish personal information you do not want to make public. Removing public content from Crumbroad may not remove copies already indexed, lawfully retained by buyers, or shared outside the Service.

11. Security

We use reasonable technical and organizational measures designed to protect personal data, including access controls, encryption in transit, provider security controls, and restricted administrative access. No online service is completely secure. Report suspected vulnerabilities or account compromise to security@crumbroad.com.

12. Your rights

Depending on your location, you may have rights to:

Send requests to security@crumbroad.com. We may verify your identity and will normally respond within one month under GDPR, subject to lawful extensions. Rights are not absolute; we may retain information where law permits or requires it.

In Poland, you may complain to the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych), ul. Stanisława Moniuszki 1A, 00-014 Warsaw, Poland, at uodo.gov.pl. EEA, UK, and Swiss residents may also contact the competent authority where they live or work.

13. Additional United States privacy rights

If a US state privacy law applies to our processing, residents may have rights to know, access, correct, delete, and obtain portable copies of personal data; opt out of sale, targeted advertising, or certain profiling; and appeal a denied request. We do not sell personal data or use it for cross-context behavioural advertising. We will not discriminate against you for exercising applicable rights. Submit requests or appeals to security@crumbroad.com.

14. Children

The Service is not directed to children under 13 or a higher minimum digital-consent age required by local law. Users under 18 need permission from a parent or legal guardian. Paid purchases and creator-selling features are restricted to adults. If you believe a child provided data contrary to this section, contact security@crumbroad.com.

15. Changes to this Policy

We may update this Policy to reflect legal, technical, or product changes. We will post the updated version, revise the effective date, and provide additional notice for material changes where required.

16. Contact

For privacy questions, contact legal@crumbroad.com. For rights requests, deletion, or security matters, contact security@crumbroad.com or write to the controller address in Section 1.