CRIMR PRIVACY POLICY
Effective date: April 27, 2026
Last updated: April 28, 2026
This Privacy Policy explains how Detective Analytics LLC ("Detective Analytics," "CRIMR," "we," "us," or "our"), a New Jersey limited liability company, collects, uses, shares, and protects information when you visit our marketing site at crimr.com or use the CRIMR application provided at tenant subdomains such as {your-org}.app.crimr.com and {your-org}.api.crimr.com (together, the "Service").
By using the Service you agree to the collection and use of information as described in this Policy. If you do not agree, please do not use the Service.
CONTENTS
1. Scope
2. Information we collect
3. How we use information
4. Google user data and Limited Use
5. How we share information
6. Sub-processors
7. Data retention
8. Security
9. Your rights and choices
10. Children's privacy
11. International users
12. Changes to this Policy
13. Contact us
1. SCOPE
This Policy applies to information processed by Detective Analytics in connection with the Service. CRIMR is a software platform that helps organizations report, track, and collaborate on criminal incidents and investigations. The Service is sold to organizations ("Customers") that license it for use by their authorized personnel ("Users").
When a Customer uses the Service, the Customer is the controller of the personal information they upload, and Detective Analytics processes that information on the Customer's behalf. This Policy describes our practices in both roles: as a controller of account, billing, and website data, and as a processor of Customer-submitted content.
2. INFORMATION WE COLLECT
2.1 Information you provide
Account information. When you create or are added to a CRIMR organization, we collect your name, email address, phone number, business name, and the subdomain ("slug") chosen for your organization.
Authentication data. We use Stytch for authentication and multi-factor authentication. Stytch processes your email address, phone number, and authentication events on our behalf.
Sign-in via Google (when enabled). If you choose to sign in with Google, Google shares with us your Google account's email address, name, profile picture URL, and Google account identifier. We request only the basic OpenID Connect scopes (openid, email, and profile) needed to sign you in. We do not request access to your Gmail, Google Drive, Google Calendar, Google Contacts, or any other Google product, and we do not use any restricted or sensitive Google API scopes.
Customer-submitted content. Users of the Service create and upload information about incidents and investigations. This content may contain sensitive personal information about individuals who are not themselves Users of the Service.
Communications. If you contact us for support, we receive the contents of your message and any attachments.
2.2 Information collected automatically
Usage and device data. We log IP addresses, device identifiers, browser type, operating system, pages or API endpoints accessed, timestamps, and referring URLs. We use this data for security, debugging, abuse prevention, billing or usage metering, and product improvement.
Login history. We record successful and failed sign-in events.
Location data. When you use a location-based feature, we use the Google Maps Platform to render maps and resolve addresses. Location information you enter is sent to Google for that purpose.
Cookies and similar technologies. The marketing site and the Service use cookies and similar technologies for session management, security, and analytics. You can control cookies through your browser settings.
2.3 Information from third parties
Payment processor. When a Customer purchases a paid plan, our payment processor Stripe handles the transaction and shares with us limited information such as the customer ID, subscription status, and the last four digits of the payment card. We do not store full payment card numbers.
Identity providers. If you sign in via Google, see Section 2.1 above.
3. HOW WE USE INFORMATION
We use the information we collect to provide, operate, maintain, and improve the Service; authenticate Users and apply access controls; process payments and manage subscriptions; detect, investigate, and prevent fraud, abuse, and security incidents; respond to support requests; and comply with legal obligations.
We do not sell personal information, and we do not use Customer-submitted content or Google user data to serve advertising.
4. GOOGLE USER DATA AND LIMITED USE
If you sign in to CRIMR with your Google account, we receive only the basic profile information described in Section 2.1 (email, name, profile picture URL, and Google account ID). We use that information solely to authenticate you to the Service, match your Google identity to your existing CRIMR User record (or create a new User if your organization permits self-signup), and display your name and profile picture to other Users in your organization.
CRIMR's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features of the Service, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
- We do not use Google user data for serving advertisements.
- We do not allow humans to read Google user data except (a) with your affirmative agreement, (b) when necessary for security purposes, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized for internal operations.
You can review and revoke CRIMR's access to your Google account at any time by visiting https://myaccount.google.com/permissions.
5. HOW WE SHARE INFORMATION
5.1 Within your organization
Customer-submitted content is visible to Users within the same CRIMR organization, subject to the access controls and configuration set by the organization's administrators.
5.2 With other CRIMR organizations
Customer Content (including incident records and related information) may be made available to other organizations that use CRIMR, in accordance with criteria that Detective Analytics establishes and may modify from time to time. Detective Analytics applies access controls and other measures it determines appropriate, but does not guarantee that any particular field, record, or category of information will or will not be exposed. The scope and operation of cross-organization sharing is subject to change as we develop the Service. By using the Service to record incidents and related information, you authorize Detective Analytics to make Customer Content available to other CRIMR organizations as described in this Section and in the corresponding section of our Terms of Service.
5.3 With law-enforcement agencies
Customer Content (including incident records and related information) may be made available to law-enforcement agencies that use the Service, both (a) through criteria Detective Analytics establishes for jurisdictional or operational reasons, without further action by the Customer, and (b) through sharing actions initiated by the Customer. Detective Analytics may modify the criteria, scope, and operation of agency access at any time.
5.4 Service providers and sub-processors
We share information with vendors who help us operate the Service, listed in Section 6.
5.5 Law enforcement and legal process
We may disclose information to comply with a subpoena, court order, or other lawful request, to protect our rights or the rights of others, or to investigate fraud or security incidents. Where permitted by law, we will notify the affected Customer. This Section is in addition to, and does not limit, the agency-access mechanisms described in Section 5.3.
5.6 Business transfers
If Detective Analytics is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction. We will notify Customers of any change in ownership or control of personal information.
5.7 With your consent
We may share information for any other purpose disclosed to you and with your consent.
We do not sell personal information for monetary or other valuable consideration, and we do not share personal information for cross-context behavioral advertising.
6. SUB-PROCESSORS
We use the following sub-processors to operate the Service:
- Microsoft Azure - cloud hosting, database, and storage. https://privacy.microsoft.com/privacystatement
- Stytch, Inc. - authentication, MFA, and session management. https://stytch.com/docs/legal/privacy-policy
- Stripe, Inc. - payment processing and subscription management. https://stripe.com/privacy
- Google LLC - Google Maps Platform and (when enabled) Google Identity for sign-in. https://policies.google.com/privacy
- Squarespace, Inc. - hosting of our marketing website at crimr.com. https://www.squarespace.com/privacy
7. DATA RETENTION
We retain Customer-submitted content for as long as the Customer's account is active and for a reasonable period thereafter for backup, dispute resolution, and legal-compliance purposes. After account termination, Customer-submitted content is deleted from active systems within a reasonable period unless retention is required by law or by a legal hold. Account, billing, and log data may be retained longer where required for tax, accounting, fraud-prevention, or legal-compliance purposes.
Upon written request to the contact address below, a Customer may request earlier deletion of their data, subject to our legal and contractual obligations.
8. SECURITY
We use commercially reasonable administrative, technical, and physical safeguards to protect information, including encryption of data in transit and at rest, access controls and data-segregation measures, multi-factor authentication, role-based access within each organization, and logging and monitoring of authentication and API activity.
No method of transmission or storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk.
9. YOUR RIGHTS AND CHOICES
Depending on where you live, you may have rights to access, correct, delete, port, or restrict the processing of personal information about you, and to object to certain processing.
If you are a User of a Customer organization, please contact your organization's administrator first to exercise rights with respect to Customer-submitted content. We will support the Customer in responding to your request.
If you are an account holder or a website visitor, you may exercise your rights by emailing us at the address in Section 13. We will verify your identity before responding.
Google sign-in. You can revoke CRIMR's access to your Google account at https://myaccount.google.com/permissions.
Marketing communications. You can opt out of promotional emails by following the unsubscribe link in any such email. Transactional emails (such as security alerts and billing notices) cannot be turned off while you have an active account.
California, Virginia, Colorado, Connecticut, and similar state laws. If you are a resident of a U.S. state with a comprehensive privacy law, you may have additional rights, including the right to opt out of the sale or sharing of personal information (we do neither) and the right not to be discriminated against for exercising your rights.
EEA, UK, and Switzerland. If you are in the European Economic Area, the United Kingdom, or Switzerland, you may have rights under the GDPR or UK GDPR, including the right to lodge a complaint with your local supervisory authority.
10. CHILDREN'S PRIVACY
The Service is not directed to individuals under 18 years of age, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.
11. INTERNATIONAL USERS
The Service is operated from the United States, and information we collect is processed and stored in the United States. By using the Service, you understand that your information will be transferred to the United States and processed there.
12. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, if the changes are material, we will provide additional notice. Your continued use of the Service after the effective date of the updated Policy constitutes your acceptance of the changes.
13. CONTACT US
If you have questions or requests about this Policy or our privacy practices, please contact:
Detective Analytics LLC
Attn: Privacy
State of New Jersey, United States