CrowTraceCrowTrace
TorLoginGet Access
Legal · GDPR compliant

Privacy Policy

Last updated · June 3, 2026

01

Data controller

CrowTrace is the controller of your personal data. For any question regarding your data, contact us via @crowtrace_bot on Telegram.

02

Data collected

We collect only the data necessary to operate the service:

  • Account — email address, username, password (bcrypt-hashed, non-reversible)
  • Identifier — a unique ID in the format CT-XXXXXX-XXXXXX generated on sign-up
  • Activity — history of searches performed (query + timestamp)
  • Technical — connection logs (IP address, user-agent, timestamp) for security purposes
03

Purposes of processing

  • Authentication and management of user accounts
  • Provision of the OSINT search service
  • Abuse detection and platform security
  • Aggregated, anonymized usage statistics
  • Compliance with legal obligations
04

Legal basis

Processing is based on the performance of the contract (service provision) and our legitimate interests (security, abuse prevention). No data is processed for advertising purposes.

05

Retention period

  • Account data — for the account's active life + 3 months after closure
  • Search history — rolling 12 months
  • Technical logs — 90 days maximum
06

Data sharing

We do not sell, rent, or share your personal data with commercial third parties. Data may be disclosed to the competent authorities upon a valid legal request.

07

Your rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Access — obtain a copy of all your data
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data ('right to be forgotten')
  • Portability — retrieve your data in a structured, machine-readable format
  • Objection — object to certain processing where permitted by law
  • Restriction — request temporary suspension of processing

To exercise these rights, contact us via @crowtrace_bot with the subject GDPR — [request type]. Response within 30 days.

You also have the right to lodge a complaint with the CNIL (cnil.fr).

08

Security

  • Passwords hashed with bcrypt (non-reversible)
  • Secure sessions via httpOnly + Secure JWT
  • Encrypted transmission over HTTPS/TLS
  • No payment-card data stored on our servers
09

Cookies

CrowTrace uses only a strictly necessary session cookie for authentication (httpOnly, Secure, SameSite=Strict). No advertising, tracking, or third-party profiling cookies are used.