Privacy Policy

What we collect from clients

When you engage CROW, we collect the minimum information needed to deliver your report and process payment:

• Email address — used to deliver your report and communicate during the engagement
• Payment information — processed securely through Stripe. CROW never sees or stores your full card number.
• Subject information — the name and identifying details you provide at intake so we know who to research

What we collect about subjects

CROW reports are built exclusively from public record sources. We access court records, property records, business filings, government databases, published news, and public social media profiles. We do not access private records, sealed records, medical records, financial accounts, or private communications.

All subject information is sourced from lawfully accessible public records.

Data retention

CROW deletes all report data, working files, and subject information 30 days after report delivery. This includes all drafts, source materials, and final reports stored on our systems.

If you have an active monitoring subscription, data related to the monitored subject is retained for the duration of that subscription and deleted 30 days after cancellation.

Payment records are retained as required by applicable tax and financial regulations.

• Report delivery links — expire 48 hours after delivery
• Raw intelligence data — purged after 90 days
• Consent records — retained for 7 years (legal requirement)
• Dispute records — retained for 7 years
• Payment records — retained per Stripe’s policies

No selling of data

CROW does not sell, rent, license, or share client or subject data with any third party. Not for marketing. Not for analytics. Not for any reason. Ever.

How we protect your information

• Reports are delivered via encrypted, expiring links (48-hour expiration)
• Data at rest is encrypted using AES-256
• Access to client data is limited to the analyst assigned to your engagement
• We do not use shared drives, cloud folders, or third-party collaboration tools for report delivery

Cookies and tracking

The CROW website uses minimal analytics to understand traffic patterns. We do not use retargeting cookies, advertising pixels, or cross-site tracking. We do not sell browsing data.

FCRA compliance

CROW is not a Consumer Reporting Agency under the Fair Credit Reporting Act. Our reports cannot be used for employment screening, tenant screening, credit decisions, or insurance underwriting. We verify permissible purpose for every engagement and reject prohibited uses.

By engaging CROW, you certify that you will not use report information for any FCRA-regulated purpose.

California residents

Under the CCPA, California residents have the right to know what personal information is collected, request deletion, and opt out of sale of personal information. CROW does not sell personal information.

State-specific rights

Illinois (BIPA), New York (Fair Chance Act), and other states provide additional protections. Contact disputes@crowsearch.com for state-specific inquiries.

Your rights

You may request a copy of any data CROW holds about you, or request deletion of that data, at any time. Contact us and we will respond within 5 business days.

• Request a copy — of any report about you
• Dispute inaccurate findings — within 30 days of report delivery
• Request deletion — of your personal data at any time
• Opt out — of any monitoring subscriptions
• File complaints — with your state attorney general

Your rights under GDPR (EU/EEA residents)

If you are a resident of the European Union or European Economic Area, you are entitled to the following rights under the General Data Protection Regulation (GDPR). These rights apply to any personal data CROW processes about you, whether as a client or as the subject of a report.

• Right to access — You have the right to request a copy of the personal data we hold about you, along with information about how it is being processed.
• Right to rectification — You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
• Right to erasure — You have the right to request the deletion of your personal data ("right to be forgotten"), subject to certain legal exceptions such as compliance with legal obligations.
• Right to restrict processing — You have the right to request that we limit how we process your personal data in certain circumstances, such as when you contest its accuracy.
• Right to data portability — You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
• Right to object — You have the right to object to the processing of your personal data where we rely on legitimate interests as the legal basis for processing.

How to exercise these rights: Submit your request by email to privacy@ravnintel.com. Please include your full name, email address, and a description of the right you wish to exercise. We will acknowledge your request within 5 business days and provide a substantive response within 30 calendar days. If we require additional time, we will notify you of the extension and the reasons for the delay.

If you believe your rights have not been adequately addressed, you have the right to lodge a complaint with a supervisory authority in your country of residence.

Third-party service providers

CROW uses a limited number of third-party service providers to operate our platform. We share only the minimum data necessary for each provider to perform its function. We do not permit any provider to use your data for their own marketing or unrelated purposes.

• Stripe (payment processing) — Receives your payment card details, billing address, and transaction amounts to process payments securely. CROW never sees or stores your full card number. Stripe Privacy Policy
• Sentry (error tracking) — Receives anonymized technical data such as error messages, stack traces, browser type, and IP address (truncated) to help us identify and resolve software issues. No report content or subject data is sent to Sentry.
• Railway (hosting) — Hosts our application servers and databases. All data processed by CROW passes through Railway's infrastructure. Data is encrypted in transit and at rest. Railway Privacy Policy
• Vercel (CDN/hosting) — Serves our static website assets and marketing pages. Vercel may process visitor IP addresses and request metadata for performance optimization and security.
• Google Workspace / Gmail (email) — Used for internal team communication and to send transactional emails (e.g., report delivery notifications). Email content may include your name, email address, and reference number.
• Plausible Analytics (privacy-friendly analytics) — Collects aggregated, anonymous website usage data (page views, referral sources, device type). Plausible does not use cookies, does not collect personal data, and is fully GDPR-compliant. Plausible Data Policy
• ODIN Intelligence Engine (report generation — internal) — Our proprietary intelligence platform that processes subject information submitted at intake (name, location, date of birth, and context) to compile public records research. ODIN operates on RAVN's own infrastructure and does not share data with external parties.

Contact

For privacy-related questions or requests:
privacy@crowsearch.com