About
What We Do
Books & StorytellingPartnershipsDigital PlatformAuthors & Contributors
Who We Work With
Why Us
Shop

Privacy Policy

Your privacy is important to us. This policy explains how The Curious Crew collects, uses, stores, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable EU legislation.

Last updated: February 6, 2026

1. Data Controller

The data controller responsible for the processing of your personal data is:

The Curious Crew

An EU-based education and content initiative

Email: team@curious-crew.com

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us using the details above.

2. What Personal Data We Collect

We collect the following categories of personal data:

2.1 Contact Form Data

When you submit our contact form, we collect the following information:

  • First name and last name
  • Email address
  • Organization name (optional)
  • Reason for inquiry
  • Message content

2.2 Automatically Collected Data

When you visit our website, certain technical data may be collected automatically:

  • IP address (used for security, rate limiting, and fraud prevention)
  • Browser type and version
  • Operating system
  • Referring URL
  • Pages visited and time spent
  • Date and time of access

2.3 Cookie and Analytics Data

With your consent, we may use Google Analytics to collect aggregated, anonymized usage data. See Section 6 for details on cookies and analytics.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6(1) GDPR:

Consent - Art. 6(1)(a) GDPR

For analytics cookies, marketing communications, and any non-essential data processing. You may withdraw consent at any time.

Contractual Necessity - Art. 6(1)(b) GDPR

To respond to your inquiries and process partnership or collaboration requests submitted through our contact form.

Legitimate Interest - Art. 6(1)(f) GDPR

For website security, fraud prevention (including honeypot spam detection and IP-based rate limiting), and improving our services. Our legitimate interest does not override your fundamental rights and freedoms.

Legal Obligation - Art. 6(1)(c) GDPR

Where required to comply with applicable EU or member state laws.

4. How We Use Your Data

We use the personal data we collect for the following purposes:

  • Responding to inquiries: To reply to your messages submitted through our contact form and to send you a confirmation email acknowledging your inquiry.
  • Record keeping: Contact form submissions are stored in a secure Google Sheets document for internal communication and follow-up purposes.
  • Email notifications: To send you a confirmation email after you submit our contact form, and to notify our team about new inquiries.
  • Security and abuse prevention: To detect and prevent spam, bot submissions, and abusive behavior through honeypot fields, IP-based rate limiting, and email-based rate limiting.
  • Website improvement: To understand how visitors interact with our website and improve the user experience (only with your consent via analytics).

5. Data Sharing and Third-Party Services

We do not sell, rent, or trade your personal data. We share data only with the following third-party processors, all of which are bound by data processing agreements:

Google Workspace (Google Sheets)

Purpose: Storage of contact form submissions for internal follow-up.

Data processed: Name, email, organization, inquiry reason, message.

Location: EU/EEA (subject to Google's data processing terms and Standard Contractual Clauses where applicable).

Email Service Provider

Purpose: Sending confirmation emails to users and notification emails to our team upon contact form submission.

Data processed: Name and email address.

Location: EU/EEA or with appropriate safeguards (Standard Contractual Clauses).

Google Analytics (with consent)

Purpose: Anonymized website usage analytics to improve user experience.

Data processed: Anonymized IP address, browser information, pages visited, session duration.

Location: Data processed under Google's EU data processing terms. IP anonymization is enabled.

Google reCAPTCHA (if enabled)

Purpose: Protecting forms from automated spam and abuse.

Data processed: IP address, browser and device information, cookies, mouse movements and interaction patterns.

Location: Data processed by Google LLC under Standard Contractual Clauses. See Google's Privacy Policy at https://policies.google.com/privacy.

Vercel (Hosting)

Purpose: Website hosting and delivery.

Data processed: Server logs including IP address, request timestamps, and URLs accessed.

Location: EU region (Frankfurt/Belgium). Subject to Vercel's Data Processing Addendum.

6. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. We categorize them as follows:

Essential Cookies

Not required (strictly necessary)

These cookies are necessary for the website to function properly. They enable core features such as security, network management, and accessibility. You cannot opt out of these cookies.

  • Session cookies for form submission
  • Security cookies (CSRF protection)
  • Cookie consent preference storage

Analytics Cookies

Required - opt-in only

These cookies allow us to understand how visitors use our website by collecting anonymized, aggregated data. They are only activated after you give explicit consent through our cookie banner.

  • Google Analytics (_ga, _gid, _gat)
  • Page view tracking
  • Session duration measurement

Third-Party Cookies (reCAPTCHA)

Legitimate interest / consent

If Google reCAPTCHA is active on our forms, it may set cookies to distinguish between human users and bots. These cookies are used solely for security purposes.

  • reCAPTCHA session cookies
  • Browser fingerprint data (processed by Google)

You can manage your cookie preferences at any time through our cookie banner or by adjusting your browser settings. Note that disabling essential cookies may affect website functionality.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

Data TypeRetention Period
Contact form submissionsUp to 24 months, or until you request deletion
Email correspondenceUp to 24 months after last interaction
Server / security logsUp to 90 days
Analytics data14 months (Google Analytics default with anonymization)
Rate-limiting recordsTemporary (automatically purged within minutes/hours)

8. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

Right of Access (Art. 15)

You have the right to obtain confirmation as to whether your personal data is being processed and, if so, to request a copy of that data.

Right to Rectification (Art. 16)

You have the right to request correction of inaccurate personal data or completion of incomplete data.

Right to Erasure (Art. 17)

You have the right to request deletion of your personal data ("right to be forgotten") where there is no compelling reason for its continued processing.

Right to Restriction of Processing (Art. 18)

You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of your data.

Right to Data Portability (Art. 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Right to Object (Art. 21)

You have the right to object to the processing of your personal data based on legitimate interests, including profiling.

Right to Withdraw Consent (Art. 7(3))

Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in your EU member state of habitual residence, place of work, or place of the alleged infringement.

To exercise any of these rights, please contact us at team@curious-crew.com. We will respond to your request within 30 days as required by the GDPR.

9. International Data Transfers

The Curious Crew is an EU-based initiative and our website is hosted within the EU (Vercel EU region). We strive to keep your data within the European Economic Area (EEA).

Where data is transferred to third-party service providers located outside the EEA (for example, Google LLC in the United States), we ensure that appropriate safeguards are in place, including:

  • EU Standard Contractual Clauses (SCCs) approved by the European Commission
  • The EU-U.S. Data Privacy Framework, where the recipient is certified
  • Binding Corporate Rules where applicable

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or destruction. These measures include:

  • HTTPS encryption (TLS 1.2+) for all data in transit
  • Content Security Policy (CSP) headers to prevent cross-site scripting
  • Server-side input validation and sanitization of all form submissions
  • Honeypot fields and rate limiting to prevent automated abuse
  • Secrets and API keys stored in environment variables, never exposed in client-side code
  • Access to stored data is restricted to authorized team members only

11. Children's Privacy

Although The Curious Crew develops educational content for children, our website is designed for and directed at adults - parents, caregivers, educators, and institutional partners.

We do not knowingly collect personal data from children under the age of 16. Our contact form and other data collection mechanisms are intended for adult users. If we become aware that we have inadvertently collected personal data from a child under 16 without appropriate parental consent, we will take steps to delete that data promptly.

If you believe a child has provided us with personal data, please contact us at team@curious-crew.com so we can investigate and take appropriate action.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable legislation. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Post a notice on our website where appropriate
  • Seek renewed consent where required by the GDPR

We encourage you to review this page periodically to stay informed about how we protect your data.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: team@curious-crew.com

General inquiries: Contact page

This Privacy Policy is governed by the laws of the European Union and the applicable member state in which The Curious Crew is established.

We use cookies to understand how you interact with our website and to improve your experience. Analytics cookies help us learn which content resonates most. Learn more