Privacy Policy
Effective date: May 28, 2026. Last updated: May 28, 2026.
1. Who We Are
SaasCrisp ("we", "us", "our") is a SaaS design intelligence database operated by FlowConverts, based in the United Kingdom. We score and annotate SaaS websites using the CRISP framework.
FlowConverts is the data controller for personal data collected through this Site. For questions about this policy, contact us at hello@saascrisp.com.
2. Information We Collect
2.1 Newsletter Subscriptions
When you subscribe to our newsletter, we collect:
- Your email address
- The source of your subscription (e.g. homepage, footer) for internal analytics
- A unique unsubscribe token assigned to your subscription
- The date and time of subscription
We do not collect your name, billing information, or any other personal data for newsletter subscriptions. You can unsubscribe at any time using the link in any email we send you.
2.2 Site Submissions
When you submit a website for review, we may collect:
- The website URL (required)
- Company name (optional)
- Your name (optional)
- Your email address (optional - used only to send a submission confirmation and outcome notification)
- Notes about the site (optional)
- Date and time of submission
Providing your email address when submitting is entirely optional. If you do provide it, we will use it only to confirm receipt of your submission and to notify you of whether it was approved or rejected. We will not add your submission email to our marketing list without your separate consent.
2.3 Usage and Analytics Data
We use analytics tools to understand how visitors use our site. These tools may collect:
- Pages visited and time spent on those pages
- Referring URL
- Browser type, operating system, and device type
- General geographic location (country or city level)
- Clicks and interactions with site features
This data is collected in aggregated or pseudonymous form. See Section 5 (Cookies and Tracking) for details.
2.4 IP Addresses
We temporarily process your IP address for rate limiting purposes on our subscription and submission endpoints (to prevent abuse). IP addresses are held in server memory for up to 15 minutes and are not written to any persistent database.
3. How We Use Your Information
| Purpose | Legal Basis (GDPR) |
|---|---|
| Sending our weekly newsletter | Consent (you opted in) |
| Sending transactional emails about your submission | Legitimate interest / contract performance |
| Notifying admin of new submissions | Legitimate interest |
| Preventing abuse via rate limiting | Legitimate interest |
| Improving the site via analytics | Legitimate interest |
| Complying with legal obligations | Legal obligation |
We do not sell your personal data. We do not use your data to serve third-party advertisements.
4. Data Sharing and Third-Party Services
We share data with the following third-party service providers only to the extent necessary to operate the site:
Our primary database and file storage provider. All subscriber and submission data is stored on Convex infrastructure. Data is processed under Convex's data processing agreement.
Our transactional email service provider. Email addresses are shared with Resend to deliver our newsletter and transactional emails. You can unsubscribe at any time.
Our hosting provider. Vercel processes web requests and collects anonymized performance and traffic data via Vercel Analytics.
Product analytics. PostHog collects pseudonymous usage data to help us understand how visitors use the site. Data is processed under PostHog's privacy policy.
When we generate CRISP scores for submitted websites, we send the website URL and page content to Anthropic's Claude API for AI-powered analysis. This is an internal admin operation and does not involve your personal data unless you submitted the site and provided contact details.
We use Screenshot.one to capture screenshots of websites in our gallery. Only website URLs are sent to this service. No personal data is transmitted.
All third-party providers are contractually required to handle data in accordance with applicable data protection law. We do not permit them to use your data for their own marketing purposes.
5. Cookies and Tracking
We use the following categories of cookies and tracking technologies:
We do not use advertising cookies, remarketing pixels, or social media tracking cookies on the public-facing site.
Most browsers allow you to refuse or delete cookies. Doing so may affect some site functionality. Refer to your browser's help documentation for instructions.
6. Data Retention
- Newsletter subscriber data - retained until you unsubscribe. Upon unsubscribe, your email is removed from our database and Resend audience within 24 hours.
- Submission data - retained for 24 months from the date of submission. Submissions that are rejected are purged on a rolling basis. If you provided an email address, it is retained solely for the submission record and is not used for further communication.
- Analytics data - retained per the data retention settings of the respective provider (PostHog: 7 years by default; Vercel Analytics: 90 days).
- Server logs - temporary in-memory rate limit data is discarded within 15 minutes. No request logs containing personal data are written to disk by us.
7. Your Privacy Rights
7.1 Rights Under UK GDPR and EU GDPR
We process personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If you are in the UK, EU, or EEA, you have the right to:
- Access - request a copy of the personal data we hold about you
- Rectification - ask us to correct inaccurate or incomplete data
- Erasure - request deletion of your personal data ("right to be forgotten")
- Restriction - ask us to restrict processing of your data in certain circumstances
- Portability - receive your data in a structured, machine-readable format
- Objection - object to processing based on legitimate interest
- Withdraw consent - withdraw consent for newsletter emails at any time by unsubscribing
To exercise any of these rights, email us at hello@saascrisp.com. We will respond within one calendar month. We may ask you to verify your identity before acting on a request.
If you are in the UK and are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. If you are in the EU/EEA, you may contact your national data protection authority.
7.2 Rights Under CCPA (California Residents)
If you are a California resident, you have the right to:
- Know what categories of personal information we collect and how it is used
- Delete personal information we have collected about you (subject to exceptions)
- Opt out of sale - we do not sell personal information, so this right is already satisfied
- Non-discrimination - we will not discriminate against you for exercising these rights
To submit a CCPA request, contact us at hello@saascrisp.com.
8. International Data Transfers
Some of our service providers (including Convex, Resend, PostHog, Vercel, Anthropic, and Screenshot.one) operate in the United States. This means your personal data may be transferred to and processed in the US or other countries outside the UK and EEA.
Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place as required by UK GDPR Article 46 - typically via the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses (SCCs) as adopted by our sub-processors. For transfers to countries covered by a UK adequacy regulation, we rely on that adequacy decision.
You can request details of the specific transfer mechanisms in place by emailing hello@saascrisp.com.
9. Children's Privacy
SaasCrisp is not directed at children under the age of 13 (or 16 in the EU). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, contact us immediately at hello@saascrisp.com and we will delete it promptly.
10. Security
We implement reasonable administrative, technical, and physical safeguards to protect your personal data. These include encrypted transport (HTTPS), server-side session authentication for admin access, and access controls on our database. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
If you discover a security vulnerability, please disclose it responsibly by emailing hello@saascrisp.com.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. If the changes are significant, we will notify newsletter subscribers by email. Continued use of the site after the effective date of any update constitutes acceptance of the revised policy.
12. Contact Us
For any questions, requests, or concerns about this Privacy Policy or how we handle your data, contact:
SaasCrisp / FlowConverts
Email: hello@saascrisp.com