GDPR Compliance
CrystalQore is committed to protecting your data rights under the General Data Protection Regulation.
Our Commitment
We have built CrystalQore with privacy by design and by default, aligning with the core principles of the GDPR.
Data Minimization
We only collect and process data that is strictly necessary for providing the Service. We do not collect data “just in case.”
Purpose Limitation
Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
Storage Limitation
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, after which it is securely deleted or anonymized.
Integrity & Confidentiality
We implement appropriate technical and organizational measures to ensure the security of personal data against unauthorized processing, loss, or damage.
Your Rights Under GDPR
The GDPR grants EU/EEA residents specific rights regarding their personal data. We are committed to honoring all of them.
Right of Access
You have the right to obtain confirmation of whether we process your personal data and to receive a copy of that data.
Right to Rectification
You can request correction of inaccurate personal data or completion of incomplete data we hold about you.
Right to Erasure
You can request deletion of your personal data when it is no longer necessary for the purposes for which it was collected.
Right to Restriction
You can request that we restrict the processing of your personal data under certain circumstances, such as when accuracy is contested.
Right to Portability
You can receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
Right to Object
You can object to the processing of your personal data for direct marketing or where processing is based on legitimate interests.
Automated Decision Making
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects.
Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.
To exercise any of these rights, contact us at privacy@clearconverse.com. We will respond within 30 days as required by the GDPR.
Data Processing
We process personal data on clear lawful bases as defined by Article 6 of the GDPR.
What Data We Process
- Account information (name, email, organization)
- Usage metadata (features accessed, timestamps, session data)
- Device and browser information (IP address, user agent, language)
- Billing information (processed by Stripe; we do not store payment card details)
- Communication metadata (call durations, message timestamps — not content)
Lawful Bases & Purposes
| Lawful Basis | Processing Purposes |
|---|---|
| Contract Performance | Account creation, service provisioning, communication processing, customer support |
| Legitimate Interests | Service improvement, security monitoring, fraud prevention, analytics |
| Consent | Marketing communications, optional analytics cookies, newsletter subscriptions |
| Legal Obligation | Tax and accounting records, responding to lawful data requests, regulatory compliance |
Sub-Processors
We engage the following third-party sub-processors to help deliver the Service. Each is bound by data processing agreements that ensure GDPR compliance.
| Sub-Processor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure & hosting | United States / EU |
| Stripe | Payment processing & billing | United States |
| SendGrid (Twilio) | Transactional email delivery | United States |
| QuestBlue | SMS & voice services (where applicable) | United States |
We will notify customers of any changes to our sub-processor list at least 30 days before engaging a new sub-processor, giving you the opportunity to object.
Data Processing Agreement
Enterprise customers can request a Data Processing Agreement (DPA) that formalizes our role as a data processor, details our obligations under the GDPR, and provides additional contractual safeguards for your personal data.
To request a DPA, contact legal@clearconverse.com.
International Transfers
When personal data is transferred outside the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission to ensure an adequate level of data protection.
We conduct Transfer Impact Assessments and implement supplementary measures where required to safeguard your data in compliance with GDPR Chapter V.
Data Protection Officer
Our Data Protection Officer oversees our GDPR compliance efforts and is your point of contact for all data protection inquiries.
Submit a Data Request
If you would like to exercise your rights under the GDPR or have questions about how we handle your data, please reach out to our privacy team.