Instant Crush Privacy Policy

Last updated: 28 January 2026

This Privacy Policy explains how Instant Crush | AI Marketing Engine (“Instant Crush”, “we”, “us”, “our”) collects, uses, and protects personal data when you use our website, application, and related services (collectively, the “Service”).

This Privacy Policy is aligned across all Instant Crush platforms and replaces any prior versions.

1. Who We Are

• Legal entity: Instant Crush BV
• Jurisdiction: The Netherlands
• Contact for privacy matters: info@instantcrush.com

Instant Crush BV is the data controller for the processing of personal data described in this Privacy Policy.

2. Personal Data We Collect

We collect only personal data that is necessary to operate and improve the Service, including:

• Name
• Email address
• Authentication data (password hash or Google account identifier)
• Basic account metadata (e.g. account creation date, status)
• Company information required for billing and invoicing (if applicable)
• Subscription status and payment references

We do not store full payment card details.

3. How We Collect Personal Data

Personal data is collected when you:

• Create an account using email and password
• Sign in using Google Single Sign-On (SSO)
• Subscribe to a paid plan
• Use the Service and interact with its features
• Contact us for support or account-related matters

4. Purpose of Processing

We process personal data for the following purposes:

• Creating and managing user accounts
• Authenticating access to the Service
• Processing subscriptions, payments, and invoicing
• Operating, maintaining, and improving the Service
• Communicating about account, security, or service-related matters
• Complying with legal, tax, and administrative obligations

5. Legal Basis for Processing

We process personal data based on one or more of the following legal grounds under the GDPR:

• Performance of a contract
• Legitimate interests (such as improving and securing the Service)
• Compliance with legal obligations
• User consent, where required

6. Third-Party Service Providers

We share limited personal data with trusted third-party processors solely to operate the Service, including:

• Google Authentication – for Google Single Sign-On
• Google Analytics – to analyse aggregated usage patterns
• Stripe – for payment processing and subscription management

Payment information is transmitted directly to Stripe and processed under Stripe’s own privacy policy. Instant Crush does not have access to full payment card details.

All third-party processors are contractually bound to protect personal data in accordance with applicable data protection laws.

7. Cookies and Analytics

We use:

• Essential cookies required for authentication, security, and core functionality
• Google Analytics cookies to analyse aggregated and anonymised usage patterns

Analytics data is used at an aggregated level and is not intended to identify individual users.

8. Data Retention

We retain personal data only for as long as necessary to:

• Provide the Service
• Fulfil contractual obligations
• Comply with legal and regulatory requirements

Billing and tax-related records may be retained for legally required periods. Upon account deletion, personal data is deleted or anonymised within a reasonable period, unless retention is required by law.

9. Your Rights

Under applicable data protection laws, including the GDPR, you have the right to:

• Access your personal data
• Correct inaccurate or incomplete data
• Request deletion of your data
• Object to or restrict processing
• Request data portability
• Withdraw consent where processing is based on consent

Requests can be submitted to: info@instantcrush.com

We may require verification of your identity before fulfilling a request.

10. Data Security

We apply appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, or alteration.

11. International Data Transfers

Personal data may be processed outside the EU/EEA. Where this occurs, we ensure appropriate safeguards are in place in accordance with GDPR requirements, such as standard contractual clauses or equivalent protections.

12. Children’s Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that such data has been collected, it will be deleted.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be published on this page. Continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.