Privacy Policy

Last Updated: 1/7/2026

This Privacy Policy explains how Crowbar collects, uses, processes, and protects your personal data when you use the Crowbar ecosystem, including Skill Events and partner platforms such as EcoWorldBuy, TalentKonnect, and CareDuel. All activities are strictly skill-based; no elements of chance or gambling are involved. We are committed to complying with applicable data protection laws, including GDPR (for EU/UK residents), DPDP (for Indian residents), UAE Data Law, and US state laws (e.g., CCPA in California). For more details on skill-based compliance, see our Terms & Conditions.

1. Personal Data We Collect

Data Protection Disclaimer

Your personal data is collected, processed, and protected in accordance with applicable laws. We ensure lawful processing, security, and your rights (e.g., access, deletion). Data is not sold or used for non-skill purposes. See full Privacy Policy for details.

  • Categories of Data:
  • Account and Identity Data: Email address, profile information, membership tier, credits, event entries, and referral activity.
  • Verification Data: For the discounted $19 tier (Under 25 or Over 60), government ID, selfie, and social media link for age/KYC verification to ensure skill-based eligibility.
  • Technical Data: IP address, device information, and basic analytics to support skill-based platform functionality.
  • Sources: Directly from you (e.g., during signup, KYC, or event participation), automatically via our platform, or from partners.
  • Sensitive Data: Age/KYC data is collected only with explicit consent for skill-based verification; no profiling for chance-based activities.

2. How We Use Your Data

  • Lawful Bases (GDPR/DPDP/UAE):
  • Consent (e.g., for KYC and marketing).
  • Contract performance (e.g., managing skill-based memberships and events).
  • Legitimate interests (e.g., improving skill-based Services, fraud prevention).
  • Legal obligations (e.g., age verification for skill compliance).
    • Purposes:
  • Creating and managing your Crowbar account and skill-based membership.
  • Allocating credits, tracking skill-based event entries, and displaying dashboard data.
  • Processing payments securely via third-party providers (e.g., Stripe); we do not store full payment details.
  • Reviewing age-discount KYC submissions to verify eligibility for skill-based discounts.
  • Sending essential emails (e.g., payment confirmations, skill event updates).
  • Analytics to enhance skill-based features and ensure fair play.
  • Profiling and Automation: We may use automated tools for age/KYC checks to confirm skill-based eligibility. You have the right to object under GDPR/DPDP.

3. Data Sharing and Transfers

  • Third Parties: We share limited data with trusted service providers (e.g., authentication, hosting, payment processors) under contracts with data protection clauses. Sharing is necessary for skill-based Service delivery only. We do not sell your personal data.
  • International Transfers: Data may be transferred globally. We use safeguards like Standard Contractual Clauses (GDPR) or adequacy decisions. For UAE/India, transfers comply with localization rules where applicable (e.g., DPDP requires certain data to stay in India).

4. KYC and Age Verification Data

KYC files (ID document, selfie, social media link) for the $19 discount tier are used solely to verify age and eligibility for skill-based participation. These are reviewed manually by authorized personnel, stored securely (e.g., encrypted), and deleted after verification unless required for legal/compliance reasons.

5. Cookies and Tracking

  • We use cookies and similar technologies for essential functions (e.g., keeping you signed in), preferences, and analytics to improve skill-based usage patterns.
  • Types: Essential (for platform operation), Analytics (with consent), and Marketing (opt-in).
  • Manage via browser settings or our cookie banner.

6. Data Security and Retention

  • We implement measures like encryption, access controls, and audits to protect data against breaches.
  • Retention: Account/transaction data retained while active or as needed for legal/operational purposes (e.g., 3 years post-account closure). KYC data deleted after verification unless legally required.
  • In case of a breach, we notify affected users and authorities within required timelines (e.g., 72 hours under GDPR).

7. Your Rights

  • General Rights (applicable across regions):
  • Access: Request a copy of your data.
  • Rectification: Correct inaccuracies.
  • Erasure: Delete data ("right to be forgotten") where lawful.
  • Restriction/Objection: Limit processing or object to it.
  • Portability: Receive data in a usable format.
  • Withdrawal: Revoke consent anytime.
  • Regional Specifics:
  • UK/EU (GDPR): Includes rights against automated decisions and profiling.
  • India (DPDP): Grievance redressal via our officer; no consent for harm.
  • UAE: Rights to correction, deletion, and objection per UAE Data Law.
  • US: State-specific (e.g., CCPA: right to know, delete, opt-out of sales).
  • How to Exercise:
  • Contact us at privacy@crowbarltd.com or support@crowbarltd.com. We respond within 30 days (or as required by law). No fees unless excessive requests.
  • Children's Data: We do not collect data from minors (under 13 in US, 16 in EU, etc.) without consent; delete if discovered.
  • Compliance Notes:Rights ensure skill-based data handling; no misuse for chance elements.

8. Changes to This Policy

We may update this Policy to maintain compliance. Changes will be posted here with a new “Last Updated” date. For material changes, we'll notify you (e.g., via email).

10. Contact Us

For questions or rights requests:

Email: privacy@crowbarltd.com

Address: Crowbar Ventures Limited, 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

Complaints: File with your local authority (e.g., EU DPA, India's Data Protection Board, UAE TRA, or US state AG).