Privacy Policy
Last updated: 27 June 2026
Effective date: 27 June 2026
The short version. The Crawlie CLI, MCP server, and desktop app run locally on your own machine. Your crawl data and reports stay on your device — we do not collect or receive them. This policy mainly covers the crawlie.co website (analytics and email signups) and any hosted Crawlie services we may offer in the future.
1. Who we are
Crawlie ("Crawlie", "we", "us", "our") is operated by Spronta Ltd, a company registered in England and Wales (Company number 16278102). Our registered address is 128 City Road, London, EC1V 2NX.
If you have any questions about this Privacy Policy or how we handle your data, contact us at hello@spronta.com.
Data Controller: Spronta Ltd is the data controller for the personal data we collect through the Crawlie website (crawlie.co) and any related hosted services (collectively, the "Service").
2. What data we collect
2.1 The local software
When you run the Crawlie CLI, MCP server, or desktop app, the tool crawls the sites you point it at and stores the results locally on your device. We do not receive your crawl targets, findings, or reports. The desktop app may contact GitHub to check for updates, which involves a standard network request to GitHub's servers.
2.2 Website usage and technical data
When you visit crawlie.co, we automatically collect limited technical data, including:
- Approximate location (country/region), derived from your IP address
- Browser type and version, and operating system
- Referring URL, pages visited, and time spent
- Device type
2.3 Email subscriptions
If you subscribe to our updates, we collect your email address in order to send you the Crawlie digest and release notifications. You can unsubscribe at any time using the link in any email.
2.4 Communication data
If you contact us by email, or open an issue or discussion on our public GitHub repository, we retain the content of those communications to resolve your query and improve the Service.
2.5 Hosted services (future)
If we introduce hosted Crawlie services that require an account (for example scheduled crawls or monitoring), we will collect account data such as your name and email address, and any content you create within those services. We will update this policy before launching such services.
3. How we use your data
We use your personal data for the following purposes:
| Purpose | Legal basis (UK GDPR) |
|---|---|
| Operating and securing the website | Legitimate interests (Art. 6(1)(f)) |
| Sending the email digest and release updates you signed up for | Consent (Art. 6(1)(a)) — you can opt out at any time |
| Analysing website usage to improve Crawlie | Legitimate interests (Art. 6(1)(f)) |
| Responding to your enquiries and support requests | Legitimate interests (Art. 6(1)(f)) |
| Detecting and preventing abuse, fraud, or security threats | Legitimate interests (Art. 6(1)(f)) |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
We do not use your data for:
- Selling to third parties
- Advertising or ad targeting
- Training AI or machine learning models
- Profiling for automated decision-making
4. Who we share your data with
We share personal data only with the following processors, and only to the extent necessary to provide the Service:
| Processor | Purpose | Location | Data shared |
|---|---|---|---|
| Vercel | Website hosting and privacy-friendly analytics | Global (edge network) | Technical/usage data |
| Loops | Email digest and release notifications | United States | Email address |
| GitHub (Microsoft) | Source code hosting, releases, issues, and discussions | United States | Any data you submit to the repository; update-check requests from the desktop app |
Each processor is bound by a Data Processing Agreement (DPA) and processes data only on our instructions. Where data is transferred outside the UK, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) and adequacy decisions. If we add processors for future hosted services (such as a payment provider or database host), we will update this policy accordingly.
We may also disclose your data if required by law, regulation, legal process, or enforceable governmental request.
5. How long we keep your data
| Data type | Retention period |
|---|---|
| Email subscription | Until you unsubscribe, plus a short period to process the request |
| Website analytics data | Up to 12 months |
| Support communications | 2 years from resolution |
6. Your rights
Under UK GDPR, you have the following rights:
- Access — Request a copy of the personal data we hold about you.
- Rectification — Request correction of inaccurate data.
- Erasure — Request deletion of your data (subject to legal retention requirements).
- Restriction — Request that we limit how we process your data.
- Portability — Request your data in a structured, machine-readable format.
- Objection — Object to processing based on legitimate interests.
- Withdraw consent — Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, email us at hello@spronta.com. We will respond within 30 days.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
7. Cookies and tracking
crawlie.co aims to be light on tracking. We use Vercel Analytics, which is privacy-friendly and does not use cross-site tracking cookies. We do not use:
- Google Analytics
- Facebook Pixel
- Any advertising trackers
- Any third-party tracking cookies
You can control cookies through your browser settings.
8. Security
We take the security of your data seriously. Our measures include:
- All data transmitted over HTTPS/TLS encryption
- Access controls and audit logging on our internal systems
- Minimal data collection by design — most Crawlie usage happens locally, with no data sent to us
- Regular security reviews of our infrastructure
No system is 100% secure. If you discover a security vulnerability, please report it to hello@spronta.com.
9. Children
Crawlie is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at hello@spronta.com and we will delete it.
10. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service at least 14 days before the changes take effect.
The "Last updated" date at the top of this page indicates when this policy was last revised.
11. Contact
For any questions, concerns, or requests regarding this Privacy Policy or your personal data:
Email: hello@spronta.com
Postal address:
Spronta Ltd
128 City Road
London, EC1V 2NX
England
ICO registration number: ZC017195