Skip to content

Privacy Policy

Effective date: May 28, 2026. Last updated: May 28, 2026.

1. Who We Are

SaasCrisp ("we", "us", "our") is a SaaS design intelligence database operated by FlowConverts, based in the United Kingdom. We score and annotate SaaS websites using the CRISP framework.

FlowConverts is the data controller for personal data collected through this Site. For questions about this policy, contact us at hello@saascrisp.com.

2. Information We Collect

2.1 Newsletter Subscriptions

When you subscribe to our newsletter, we collect:

  • Your email address
  • The source of your subscription (e.g. homepage, footer) for internal analytics
  • A unique unsubscribe token assigned to your subscription
  • The date and time of subscription

We do not collect your name, billing information, or any other personal data for newsletter subscriptions. You can unsubscribe at any time using the link in any email we send you.

2.2 Site Submissions

When you submit a website for review, we may collect:

  • The website URL (required)
  • Company name (optional)
  • Your name (optional)
  • Your email address (optional - used only to send a submission confirmation and outcome notification)
  • Notes about the site (optional)
  • Date and time of submission

Providing your email address when submitting is entirely optional. If you do provide it, we will use it only to confirm receipt of your submission and to notify you of whether it was approved or rejected. We will not add your submission email to our marketing list without your separate consent.

2.3 Usage and Analytics Data

We use analytics tools to understand how visitors use our site. These tools may collect:

  • Pages visited and time spent on those pages
  • Referring URL
  • Browser type, operating system, and device type
  • General geographic location (country or city level)
  • Clicks and interactions with site features

This data is collected in aggregated or pseudonymous form. See Section 5 (Cookies and Tracking) for details.

2.4 IP Addresses

We temporarily process your IP address for rate limiting purposes on our subscription and submission endpoints (to prevent abuse). IP addresses are held in server memory for up to 15 minutes and are not written to any persistent database.

3. How We Use Your Information

PurposeLegal Basis (GDPR)
Sending our weekly newsletterConsent (you opted in)
Sending transactional emails about your submissionLegitimate interest / contract performance
Notifying admin of new submissionsLegitimate interest
Preventing abuse via rate limitingLegitimate interest
Improving the site via analyticsLegitimate interest
Complying with legal obligationsLegal obligation

We do not sell your personal data. We do not use your data to serve third-party advertisements.

4. Data Sharing and Third-Party Services

We share data with the following third-party service providers only to the extent necessary to operate the site:

Convex

Our primary database and file storage provider. All subscriber and submission data is stored on Convex infrastructure. Data is processed under Convex's data processing agreement.

Resend

Our transactional email service provider. Email addresses are shared with Resend to deliver our newsletter and transactional emails. You can unsubscribe at any time.

Vercel

Our hosting provider. Vercel processes web requests and collects anonymized performance and traffic data via Vercel Analytics.

PostHog

Product analytics. PostHog collects pseudonymous usage data to help us understand how visitors use the site. Data is processed under PostHog's privacy policy.

Anthropic (Claude API)

When we generate CRISP scores for submitted websites, we send the website URL and page content to Anthropic's Claude API for AI-powered analysis. This is an internal admin operation and does not involve your personal data unless you submitted the site and provided contact details.

Screenshot.one

We use Screenshot.one to capture screenshots of websites in our gallery. Only website URLs are sent to this service. No personal data is transmitted.

All third-party providers are contractually required to handle data in accordance with applicable data protection law. We do not permit them to use your data for their own marketing purposes.

5. Cookies and Tracking

We use the following categories of cookies and tracking technologies:

We do not use advertising cookies, remarketing pixels, or social media tracking cookies on the public-facing site.

Most browsers allow you to refuse or delete cookies. Doing so may affect some site functionality. Refer to your browser's help documentation for instructions.

6. Data Retention

  • Newsletter subscriber data - retained until you unsubscribe. Upon unsubscribe, your email is removed from our database and Resend audience within 24 hours.
  • Submission data - retained for 24 months from the date of submission. Submissions that are rejected are purged on a rolling basis. If you provided an email address, it is retained solely for the submission record and is not used for further communication.
  • Analytics data - retained per the data retention settings of the respective provider (PostHog: 7 years by default; Vercel Analytics: 90 days).
  • Server logs - temporary in-memory rate limit data is discarded within 15 minutes. No request logs containing personal data are written to disk by us.

7. Your Privacy Rights

7.1 Rights Under UK GDPR and EU GDPR

We process personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If you are in the UK, EU, or EEA, you have the right to:

  • Access - request a copy of the personal data we hold about you
  • Rectification - ask us to correct inaccurate or incomplete data
  • Erasure - request deletion of your personal data ("right to be forgotten")
  • Restriction - ask us to restrict processing of your data in certain circumstances
  • Portability - receive your data in a structured, machine-readable format
  • Objection - object to processing based on legitimate interest
  • Withdraw consent - withdraw consent for newsletter emails at any time by unsubscribing

To exercise any of these rights, email us at hello@saascrisp.com. We will respond within one calendar month. We may ask you to verify your identity before acting on a request.

If you are in the UK and are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. If you are in the EU/EEA, you may contact your national data protection authority.

7.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the right to:

  • Know what categories of personal information we collect and how it is used
  • Delete personal information we have collected about you (subject to exceptions)
  • Opt out of sale - we do not sell personal information, so this right is already satisfied
  • Non-discrimination - we will not discriminate against you for exercising these rights

To submit a CCPA request, contact us at hello@saascrisp.com.

8. International Data Transfers

Some of our service providers (including Convex, Resend, PostHog, Vercel, Anthropic, and Screenshot.one) operate in the United States. This means your personal data may be transferred to and processed in the US or other countries outside the UK and EEA.

Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place as required by UK GDPR Article 46 - typically via the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses (SCCs) as adopted by our sub-processors. For transfers to countries covered by a UK adequacy regulation, we rely on that adequacy decision.

You can request details of the specific transfer mechanisms in place by emailing hello@saascrisp.com.

9. Children's Privacy

SaasCrisp is not directed at children under the age of 13 (or 16 in the EU). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, contact us immediately at hello@saascrisp.com and we will delete it promptly.

10. Security

We implement reasonable administrative, technical, and physical safeguards to protect your personal data. These include encrypted transport (HTTPS), server-side session authentication for admin access, and access controls on our database. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

If you discover a security vulnerability, please disclose it responsibly by emailing hello@saascrisp.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. If the changes are significant, we will notify newsletter subscribers by email. Continued use of the site after the effective date of any update constitutes acceptance of the revised policy.

12. Contact Us

For any questions, requests, or concerns about this Privacy Policy or how we handle your data, contact:

SaasCrisp / FlowConverts

Email: hello@saascrisp.com