Privacy

Effective 23 May 2026. This policy applies to data collected through thecrux.works. It will be updated when anything material changes — the date at the top will tell you when.

Who is responsible for your data

The data controller is Gillian M. Power, trading as The Crux. For any privacy matter, write to privacy@thecrux.works. That address reaches a person, not a ticketing system.

What this site collects

Contact form

When you submit the contact form, we receive your name, email address, the nature of your enquiry, and whatever you write in the message field. This is processed by Formspree (our form provider) and delivered to us. We use it to respond to you. That is its only purpose.

Scheduling

When you book through Zoom Scheduler, Zoom collects your name, email address, and scheduling information. Zoom's own privacy policy governs that data. We use what you provide to manage the booking and any working relationship that follows.

Why we hold your data and on what basis

Contact form data is processed on the basis of legitimate interest — you reached out, and we need to respond. If an engagement follows, the basis shifts to contractual necessity. We do not use your data for marketing without explicit agreement, and we do not sell it under any circumstances.

How long we keep it

Contact form submissions are retained for as long as necessary to respond and maintain a reasonable record of correspondence — typically two years from last contact, after which they are deleted. Booking data is governed by Zoom's retention policies. If you ask us to delete your data sooner, we will do so unless there is a legal reason we cannot.

Third-party services

Your data touches two external services: Formspree (form processing, United States, EU–US Data Privacy Framework participant) and Zoom Scheduler (scheduling, United States). Neither party receives your data for their own commercial purposes. Each operates under their own privacy policy, which we encourage you to review.

Your rights

Your rights depend on where you are. Here is what applies.

European Union (GDPR). You have the right to access your personal data, correct it, have it deleted, object to its processing, restrict how it is used, and receive it in a portable format. You also have the right to lodge a complaint with the Data Protection Commission at dataprotection.ie.

United Kingdom (UK GDPR). The same rights apply. Your supervisory authority is the Information Commissioner's Office at ico.org.uk.

California, United States (CCPA/CPRA). You have the right to know what personal data is held about you, to request its deletion, and to opt out of its sale. We do not sell personal data. California residents also have the right to non-discrimination for exercising these rights.

Canada (PIPEDA). You have the right to access your personal data and to request corrections. You may also withdraw consent to processing, subject to legal or contractual constraints.

Australia, New Zealand, South Africa, India, and other jurisdictions. We respect the data rights established under applicable local law in every jurisdiction where we operate. Contact us and we will respond in accordance with the law that applies to you.

To exercise any of these rights, write to privacy@thecrux.works. We will respond within 30 days under GDPR and UK GDPR, within 45 days under CCPA, and within the applicable timeframe under all other frameworks.

International data transfers

Data processed through our third-party services may be handled in the United States. Where this occurs, we rely on standard contractual clauses or participation in recognized data transfer frameworks. If you have questions about where your data goes, ask.

Changes to this policy

If this policy changes in a material way, we will update the effective date at the top of this page. We will not retroactively alter how we handle data already collected without notice.