Crossroad

Data Processing Addendum

Crossroad · Last updated: 16 July 2026

This Addendum applies where you use Crossroad for business purposes and the content you capture includes personal data of other people (for example customers, prospects, or colleagues). For that data you are the data controller and Crossroad is your data processor under the GDPR. It forms part of, and is governed by, our Terms of Service.

1. Processing details

Subject matterCapturing, structuring, storing, and querying insights you save.
DurationFor as long as you use the Service, until deletion (see §7).
Nature & purposeHosting your captures, AI extraction/transcription/embedding, and answering your questions.
Types of personal dataWhatever you choose to capture — typically names, quotes, opinions, and business context found in text, documents, or screenshots.
Categories of data subjectsThe people referenced in your captures (e.g. your customers, prospects, contacts).

2. Our obligations as processor

3. Sub-processors

You give general authorisation for us to engage the sub-processors listed in our Privacy policy (currently Anthropic and Voyage AI for AI processing, Hetzner and Cloudflare for hosting and network, Resend for transactional email, and PostHog (EU) for consent-gated product analytics). We impose data-protection obligations on our sub-processors and remain responsible for their performance. We will give notice of any intended change so you can object.

4. Security measures

5. Data-subject rights

You can export a full copy of your data and delete your account and its data at any time from Workspace → Your data. For requests you can't complete in-app, contact us and we will assist within 30 days.

6. International transfers

Storage and hosting are in the EU. AI sub-processors (Anthropic, Voyage) may process content outside the EU to provide their services; such transfers rely on the appropriate safeguards in those providers' own terms and data-processing agreements.

7. Deletion & return

You may delete your data at any time in-app. On termination of the Service, or on your request, we delete your data within a commercially reasonable period, except where retention is required by law. Backups are encrypted, stored off-site, and rotate on a rolling cycle.

8. Audits

On reasonable request, we will provide the information necessary to demonstrate compliance with this Addendum.

9. Contact

[email protected]

Terms of Service · Privacy policy · Cookie policy · Data Processing Addendum · Cookie settings