Privacy Policy

1. Introduction

Crimson LegalTech Ltd (“Crimson”, “we”, “our” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use and protect your information when you interact with our website.

By using our website, you agree to the practices described in this Privacy Policy.

2. Information We Collect

We collect certain information to provide and improve our services. The legal basis for processing your data may include your consent, the performance of a contract, compliance with legal obligations or Crimson's legitimate interests in improving our services and ensuring their security.

2.1 Information You Provide

• Contact Information: Name, email address, phone number and company details when you fill out a contact form or request a demo.

2.2 Information We Collect Automatically

• Device Information: IP address, browser type, operating system and device identifiers.
• Usage Data: Pages visited, time spent on the site, links clicked, and other website interactions.

3. How We Use Your Information

• Service Delivery: To provide and improve our website and related services.
• Customer Support: To respond to inquiries and resolve issues.
• Marketing: To send promotional emails or updates about Crimson’s services. You can opt out at any time.
• Security: To monitor and protect against fraud, unauthorised access or illegal activities.
• Compliance: To comply with legal obligations and enforce agreements.

4. Sharing Your Information

We do not sell your information. We only share it in the following circumstances:

• Service providers: With trusted vendors who assist with hosting, analytics, payment processing or marketing.
• Legal compliance: When required by law, regulation or court order.
• Business transfers: In connection with a merger, acquisition or sale of assets, subject to confidentiality obligations.
• With your consent: In specific instances where you have agreed to data sharing.

Where data is transferred outside the EEA/UK, Crimson ensures that appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions in line with GDPR.

5. Your Rights

Under applicable data protection laws, you have the following rights:

• Access: Request access to the personal data we hold about you.
• Correction: Request corrections to inaccurate or incomplete data.
• Erasure: Request the deletion of your data, subject to legal retention requirements.
• Restriction: Request limits on how we process your data.
• Portability: Request a copy of your data in a machine-readable format.
• Objection: Object to certain data processing activities, including marketing.
• Withdraw consent: Where processing is based on your consent, you can withdraw it at any time.

To exercise your rights, contact us at privacy@crimson.law.

If you believe we have not addressed your concerns, you have the right to lodge a complaint with your local data protection authority. For UK residents, this is the Information Commissioner’s Office (ICO).

6. Data Retention

We retain your data only as long as necessary to fulfil the purposes outlined in this policy or comply with legal obligations.

7. Security

We implement robust security measures to protect your information, including encryption, access controls, and regular security assessments. Crimson implements role-based access controls, encrypts all data in transit and at rest, and conducts regular vulnerability scans, penetration tests, and security audits to identify and mitigate risks. However, no system is completely secure, and we encourage you to protect your account credentials.

8. Cookies and Tracking

We do not use any cookies or similar tracking technologies on our website. We do not collect or process any browsing data that would require cookie consent. If we decide to introduce cookies or other tracking methods in the future, we will update this policy and seek any necessary consent at that time.

Crimson does, however, maintain security logs to detect and prevent unauthorized access or suspicious activities. These logs do not involve storing personal browsing data and are regularly reviewed as part of our SOC 2 compliance framework.

9. Third-Party Links

Our website may include links to third-party websites or services. We are not responsible for their privacy practices or content. Please review their policies before sharing any information.

10. Updates to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. In particular, our Privacy Policy is reviewed periodically to align with evolving security and compliance standards, including SOC 2 and GDPR requirements.

Updates will be communicated through our website.

11. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us: