Our Commitment to Your Data
This is how we responsibly handle the information you share with Crexaro. We believe transparency builds trust, and we've designed our practices to respect your privacy while delivering our services.
What We Collect, and Why
We collect information only when it's necessary to provide our web design and development services, or to improve your experience on our website. We never collect data for the sake of collection, and we avoid any information we don't need.
Direct Information: When you contact us, we collect your name, email address, company details, and the contents of your message. This allows us to respond to your inquiry, understand your project needs, and maintain a professional correspondence. We do not require sensitive personal identifiers like national ID numbers or financial data for initial consultations.
Technical & Behavioral Data: Like most modern websites, our hosting provider (a European-based service) logs basic technical data—such as your IP address, browser type, and access timestamps—for security monitoring and to ensure the site functions correctly. This data is aggregated and anonymized, meaning it cannot be used to identify you personally. We use this to understand general traffic patterns, like which portfolio sections are most viewed.
How We Use Your Information
We follow a simple, purpose-driven approach. Here’s how different types of information serve a specific role in our workflow.
For Client Communication
- → Email address to send proposals, updates, and final deliverables.
- → Phone number for urgent project coordination (if provided).
- → Project brief content (text/files) to build your website.
For Service Improvement
- → Aggregated site analytics (no personal tracking) to refine our portfolio.
- → Feedback on our process to improve future client experiences.
What We Absolutely Do Not Do
Third Parties & Data Storage
We partner with essential service providers who help us operate. They are bound by strict confidentiality agreements.
Essential Partners
Hosting Provider
Hosts our website files. They have access to server logs (technical, anonymous data).
Email Service
Manages our @crexaro.company email. They store email content to deliver messages.
International Transfers
Our primary servers are located within the European Economic Area (EEA), which adheres to robust data protection standards (GDPR). For services outside the EEA (e.g., certain analytics tools), we ensure appropriate safeguards are in place via standard contractual clauses.
"We treat your project data as we would our own studio's internal work: with care, confidentiality, and a clear end-of-use policy."
Clarity on Key Terms
A few definitions to ensure we're on the same page.
Personal Data
Any information that can identify you directly (like your email) or indirectly (like your company name combined with other details).
Data Controller
The entity that determines the purpose and means of processing data. That's Crexaro for information you give us directly.
Data Processor
A third party that processes data on our behalf (e.g., our hosting provider).
Anonymized Data
Technical information stripped of all identifiers, used only for system performance and security.
Your Rights
Depending on your location, you may have specific rights regarding your personal data. We honor the following:
Access & Portability
Request a copy of the personal data we hold about you.
Correction
Ask us to fix any inaccurate information we may have.
Deletion
Request the erasure of your personal data, subject to legal or contractual retention needs.
Objection
Object to our processing of your data for specific purposes.
A Practical Example
Imagine you contact us for a website quote. We collect your email and company details.
Two years later, you haven't moved forward with the project. You contact us to exercise your right to deletion.
Our process: We will permanently delete your contact information and project correspondence from our active systems within 30 days. We may retain a brief, anonymized record (e.g., "Client from [Industry] inquired in 2024") for internal process analysis, but this record will contain no personal identifiers.
This mirrors standard GDPR principles, even if your local laws differ.
Exercising Your Rights
To request access, correction, or deletion of your data, or for any other privacy-related inquiries, please contact our designated privacy contact.
Primary Contact
Physical Mail
Halkalı Merkez Mah. Dereboyu Cd. No:4, Küçükçekmece/İstanbul, Türkiye
We will respond to your request within 30 days of receipt. For verification, we may need to confirm your identity before processing the request.