Legal
Processors Register
Crowdseek Ltd • Version 1.1 • Updated 28 May 2026
Crowdseek Ltd is the sole data controller for personal data we process in operating our website (crowdseek.com), pilot landing pages (try.crowdseek.com, sleep.crowdseek.com, pilot.crowdseek.com), web app (app.crowdseek.com), and related services (together, the "Service").
We engage the third-party organisations listed below to process personal data on our behalf, or, in two specified cases, as joint controllers under UK GDPR Article 26. Each organisation is engaged under a written contract that includes the data protection terms required by UK GDPR Article 28 (for processors) or Article 26 (for joint controllers).
This Register is a living document. We may add, change or remove processors from time to time. We will keep this page up to date and, where the change is material, we will surface a notice through the Service.
1. Controller
Crowdseek Ltd
- Role
- Sole Data Controller for all personal data processed by the Service.
- Registered
- England & Wales No. 09560574
- Address
- 23 Westfield Park, Redland, Bristol, BS6 6LT, United Kingdom
- Privacy contact
- privacy@crowdseek.com
2. Processors (Article 28)
The following organisations process personal data on our written instructions under UK GDPR Article 28 terms.
Rocketmakers Ltd
- Role
- Web application development, build, and hosting of the Crowdseek web app at app.crowdseek.com.
- Data processed
- Account and contact details, plan content (including Article 9 wellbeing data), usage and device data, log data.
- Location
- United Kingdom
- Transfer mechanism
- Not applicable — UK-located.
- Contract
- CRS-26-003 master services agreement, with AI/IP side letter pending signature.
Amplify Growth (trading as Amplify Growth, formerly Amplify Social)
- Role
- Pilot landing-page hosting (try.crowdseek.com, sleep.crowdseek.com, pilot.crowdseek.com); paid-media operations and account management for Crowdseek's Meta and Google Ads accounts; design and creative production for landing pages and ads.
- Data processed
- Landing-page form submissions (name, email, optional fields) before transfer to the Crowdseek web app; ad measurement events at aggregate level.
- Location
- United Kingdom
- Transfer mechanism
- Not applicable — UK-located.
- Contract
- Monthly retainer with separate landing-page build engagement; UK GDPR Article 28 data processing terms in place.
Evergreen Computing Limited
- Role
- Website infrastructure and IT support for crowdseek.com (currently hosted on WordPress) and related Crowdseek-owned IT systems.
- Data processed
- Any personal data submitted via contact forms on crowdseek.com; administrative access to system configuration and content management.
- Location
- United Kingdom
- Transfer mechanism
- Not applicable — UK-located.
Cookiebot by Usercentrics A/S
- Role
- Consent management platform — operates the cookie consent banner on try.crowdseek.com, sleep.crowdseek.com, pilot.crowdseek.com and app.crowdseek.com, records consent choices and timestamps, and provides the audit log of consent given.
- Data processed
- IP address (truncated), consent identifier (random), consent choices, timestamp.
- Location
- European Union (Denmark / Germany)
- Transfer mechanism
- Not applicable — EU-located, UK adequacy applies.
Klaviyo (Klaviyo, Inc.) Confirmed
- Role
- Email service provider — sends sign-in (magic-link) emails, service notices, and the new-user email series and other marketing communications where the user has opted in. Records open and click engagement for marketing emails.
- Data processed
- First name, email address, opaque outcome and reason codes, marketing-consent flag and timestamp, email engagement events (opens, clicks, bounces). Crowdseek does NOT transfer Article 9 wellbeing free-text to Klaviyo.
- Location
- United States
- Transfer mechanism
- EU-US Data Privacy Framework (Klaviyo is self-certified to the DPF) and the UK Extension to the DPF (the "UK Data Bridge"); Klaviyo's Data Processing Addendum also incorporates EU Standard Contractual Clauses and the UK IDTA as a backstop.
- Status
- Confirmed as email service provider for the pilot by founder decision on 28 May 2026.
Customer support and email delivery tooling
- Role
- Inbound email handling for support@crowdseek.com and privacy@crowdseek.com (currently Microsoft 365), and the outbound transactional email pipeline used by the web app for magic-link sign-in and account notices (currently Amazon SES via Rocketmakers' infrastructure).
- Data processed
- Email address, message content and metadata.
- Location
- European Union (Microsoft 365 UK / EU tenant) and United States (Amazon SES, with EU regional storage where supported).
- Transfer mechanism
- Where US-based, UK IDTA and SCCs incorporated into provider terms.
Privacy-focused analytics, error monitoring and performance tools
- Role
- Aggregate measurement of how the Service performs, with a privacy-first posture (IP anonymisation, no third-party advertising integration).
- Data processed
- Aggregated usage and performance signals; truncated IP address; device and browser metadata.
- Location
- UK / EU regional storage preferred. Current provider listed in the linked sub-processor register on confirmation of supplier.
- Transfer mechanism
- SCCs / UK IDTA where the provider is located outside the UK or EEA.
3. Joint controllers (Article 26)
The following organisations process personal data in joint-controller arrangements with Crowdseek under UK GDPR Article 26. The essence of these arrangements is summarised in Section 6B of the Privacy Policy.
Meta Platforms Ireland Ltd (Facebook / Instagram)
- Role
- Joint controller for Meta Pixel events fired on Crowdseek's pilot landing pages and the web app, where the user has given consent for advertising cookies.
- Data processed
- Meta Pixel events tied to a hashed user identifier; ad conversion measurement.
- Location
- European Union (Ireland), with onward transfer to the United States.
- Transfer mechanism
- SCCs and EU-US Data Privacy Framework, as published by Meta. UK component covered by the UK Addendum.
- Crowdseek's role
- Deciding which audiences to target and which conversions to measure, and gating the Pixel on user consent.
Google (Google Ireland Ltd / Google LLC)
- Role
- Joint controller for Google Ads tags fired on Crowdseek's pilot landing pages and the web app, where the user has given consent for advertising cookies. Where Google Analytics is configured separately, Google acts as a processor under its Data Processing Terms.
- Data processed
- Google Ads conversion measurement events; (separately) Google Analytics usage events.
- Location
- European Union (Ireland), with onward transfer to the United States.
- Transfer mechanism
- SCCs and EU-US Data Privacy Framework, as published by Google. UK component covered by the UK Addendum.
- Crowdseek's role
- Deciding which campaigns to run and which conversions to measure, and gating the tags on user consent.
4. Other recipients
The organisations below receive personal data from Crowdseek in limited circumstances and act as independent data controllers in their own right.
Crowdseek's professional advisers
- Role
- Where Crowdseek instructs external counsel (for example, Wynne-Jones IP for trade-mark filings, or external solicitors for review-only legal work), limited personal data may be shared. These advisers act as independent controllers for their own client records.
Banking, payments, and statutory authorities
- Role
- Where required for billing, tax, regulatory or lawful enforcement reasons.
5. How we maintain this Register
This Register is reviewed and refreshed at least every six months and on every material change of processor. To request more detail about any entry, or to ask about a specific data flow, contact privacy@crowdseek.com.
Document version: v1.1, updated 28 May 2026. Mailchimp candidate entry replaced with Klaviyo following founder decision. First publication 27 May 2026. Hosted on Crowdseek pilot landing pages during the pilot; canonical version may move to crowdseek.com post-pilot.