Login Let's Talk Strategy
LEGAL

Privacy Policy.

How Krossings collects, uses, and protects information about you and your company. Plain language. No dark patterns.

Last updated: November 2025

1. Who We Are

Krossings is a GTM engineering firm. We design, build, and deploy AI-powered revenue systems for B2B companies. This policy describes how we handle personal data on this website and during commercial engagements.

2. Data We Collect

2.1 Information you provide

  • Contact form submissions — name, work email, company, role, and the message you send.
  • Newsletter subscriptions — email address only.
  • Engagement data — during paid engagements, we process the data your team grants us access to (CRM records, marketing tools, product telemetry) under a separate Data Processing Agreement.

2.2 Information collected automatically

  • Analytics — anonymised page views, referrer, country, device type. We use this to improve the site.
  • Server logs — IP address, request timestamp, user agent. Retained for 30 days for security purposes.

3. How We Use It

  • To respond to inquiries and qualify potential engagements.
  • To send you the newsletter you subscribed to (with a one-click unsubscribe in every email).
  • To deliver contracted services to clients under the terms of their engagement agreement.
  • To meet legal, accounting, and security obligations.

We do not sell personal data. We do not use it to train third-party AI models.

4. Who We Share It With

Limited sub-processors that help us run the business — for example, email delivery (Postmark / Resend), cloud hosting (Google Cloud / AWS), and analytics (Plausible / Google Analytics). Each is bound by contractual confidentiality and data-processing terms. A current list is available on request: privacy@krossings.com.

5. Legal Basis (GDPR)

We process personal data on the following bases: (a) legitimate interest for site analytics, security, and responding to commercial inquiries; (b) consent for the newsletter; (c) contract for client engagement data; (d) legal obligation where applicable.

6. Your Rights

If you’re in the EU, UK, Brazil, California, or other regions with similar laws, you have the right to access, correct, delete, port, or restrict processing of your personal data. To exercise any of these, email privacy@krossings.com from the address on file. We respond within 30 days.

7. Retention

  • Contact form submissions — 24 months from last interaction.
  • Newsletter subscribers — until you unsubscribe.
  • Engagement data — per the client’s Data Processing Agreement (typically returned or destroyed within 90 days of contract end).

8. Cookies

We use a minimal set of first-party cookies for session continuity and analytics. We do not use advertising or cross-site tracking cookies. You can disable cookies in your browser without losing any core functionality of this site.

9. International Transfers

Some sub-processors operate outside the EEA/UK. Where applicable, we rely on Standard Contractual Clauses (SCCs) and supplementary measures to protect transferred data.

10. Security

We use encryption in transit (TLS 1.2+), encryption at rest for sensitive client data, role-based access control, and audited logging. No system is impenetrable — we’ll notify affected users and authorities within 72 hours of any confirmed personal-data breach.

11. Changes to This Policy

We update this policy when our practices change. Material changes are announced via the newsletter and at the top of this page. The “Last updated” date above always reflects the current version.

12. Contact

Questions, complaints, or data requests: privacy@krossings.com. For commercial inquiries, use the contact form.