Legal · Data protection
Privacy Policy
Effective 7 June 2026 · UK GDPR and EU GDPR aligned
01 — Who we are
Crado is a clause-level compliance intelligence platform for hardware manufacturers, operated by BloomX Analytica Limited ("we", "our", "us"). This policy explains how we collect, use, and protect personal data when you use the platform, and applies alongside our Terms of Service. For personal data contained in documents you upload, you are the controller and we act as processor. For account, usage, and technical data described below, we are the controller.
02 — Information we collect
Account information: name, email address, company name, and job role. Uploaded data: hardware specifications, compliance-related documents, and project inputs. Usage data: log activity, feature interaction, and session behaviour. Technical data: IP address, browser type, and device information.
03 — How we use data
We use data to provide and operate the platform, generate compliance analysis outputs, improve system performance and accuracy, secure and monitor usage, and communicate product updates where you have opted in. Our legal bases under UK and EU GDPR are performance of a contract, our legitimate interests in operating and improving the Service, consent where required, and compliance with legal obligations.
04 — AI and data processing
Crado uses automated systems and AI models to analyse compliance-related inputs. You acknowledge that AI outputs are probabilistic and not guaranteed accurate, that they are informational only, and that you remain responsible for verifying regulatory compliance. The analysis assesses products and documents, not individuals, and does not make automated decisions about people.
05 — Data sharing
We do not sell personal data. We share data only with trusted infrastructure providers acting as sub-processors under written terms, such as hosting, authentication, payment, and analytics providers, and with legal authorities where required by law. We require all third parties to handle data securely and to process it only on our instructions.
06 — Data retention
We retain personal data only as long as necessary to provide the Service, maintain performance, and meet legal obligations. Uploaded content is deleted following account termination or on documented request, except where retention is legally required. You may request deletion of your data at any time.
07 — Your rights
Under UK and EU GDPR you have the right to access your data, request correction or deletion, restrict or object to processing, request portability, and withdraw consent where applicable. To exercise these rights, contact hello@crado.io. You may also complain to the UK Information Commissioner's Office or your local supervisory authority, though we ask that you contact us first.
08 — Security
We implement technical and organisational measures appropriate to the risk, including encryption of data in transit and at rest, role-based access control, and controlled, least-privilege access to systems. No system is perfectly secure, and we maintain a process for assessing and responding to security incidents.
09 — International transfers
Your data may be processed in locations outside your country, including the UK and EU. Where data is transferred outside the UK or EEA, we rely on appropriate safeguards, such as an adequacy decision or Standard Contractual Clauses with the UK International Data Transfer Addendum.
10 — Updates
We may update this policy periodically. Material changes take effect on notice through the platform or by email, and the effective date reflects the current version.
11 — Contact
For privacy-related questions, contact hello@crado.io. Crado is operated by BloomX Analytica Limited.
