Privacy Policy

How ChangeCrab Limited collects, uses, and protects personal data.

Last updated: 12 January 2026

1. Who we are

ChangeCrab is a changelog and release notes platform operated by ChangeCrab Limited, a company registered in England and Wales.

ChangeCrab Limited is the data controller for personal data collected in connection with:

  • the ChangeCrab website;
  • ChangeCrab user accounts; and
  • Changelog publication and subscription features.

This privacy policy explains how ChangeCrab Limited collects, uses, and protects personal data when you use the ChangeCrab website and services.

2. Scope of this policy

This privacy policy applies to:

  • visitors to the ChangeCrab website;
  • customers who create and use ChangeCrab accounts;
  • team members added to ChangeCrab accounts; and
  • individuals who subscribe to changelog or release note updates.

This policy does not cover other products operated by group companies that have their own separate privacy notices.

3. Children

ChangeCrab is intended for business use only. It is not directed at children, and we do not knowingly collect personal data from children.

If you believe that a child has provided us with personal data, please contact us and we will take appropriate steps to remove it.

4. Contact details

If you have any questions about this privacy policy or how we handle personal data, you can contact us at:

Email: privacy@changecrab.com
Company: ChangeCrab Limited

5. Updates to this policy

We may update this privacy policy from time to time to reflect changes to our services, legal requirements, or how we process personal data.

When we do, we will update the "Last updated" date at the top of this policy.

6. What personal data we collect

Depending on how you interact with ChangeCrab, we may collect the following categories of personal data:

Account and user information

  • Name
  • Email address
  • Username or account identifier
  • Login and authentication details
  • User role or permission level

Team members

ChangeCrab accounts may have multiple users. For each user we collect:

  • Name
  • Email address
  • Access role

We do not collect job titles or employment details.

Changelog and release note subscribers

  • Email address
  • Subscription preferences
  • IP address

Customer-generated content

ChangeCrab allows customers to create and publish changelogs and release notes.

Content created by customers may include personal data, depending on what the customer chooses to include. ChangeCrab does not control the content of customer-generated changelogs or release notes.

Technical and usage data

  • IP address
  • Browser and device information
  • Usage and interaction data within the ChangeCrab service
  • Login timestamps and audit logs

Support communications

  • Support requests and correspondence
  • User identifiers
  • IP address
  • Browser or device metadata associated with support interactions

Billing information

  • Billing contact details
  • Transaction and payment metadata

Payment card details are processed by third-party payment providers and are not stored by us.

7. Our role as data controller and data processor

When we act as a data controller

ChangeCrab Limited acts as a data controller for personal data relating to:

  • Visitors to the ChangeCrab website
  • ChangeCrab account holders and users
  • Team members added to accounts
  • Individuals who subscribe to changelog or release note updates
  • Billing, support, and service communications

In these cases, ChangeCrab Limited determines the purposes and means of processing personal data.

When we act as a data processor

In relation to customer-generated content, including changelogs and release notes created by customers, ChangeCrab Limited acts as a data processor on behalf of the customer.

In this context:

  • The customer is the data controller
  • ChangeCrab processes such content only to store, display, and distribute it at the customer's instruction
  • Customers are responsible for ensuring that any personal data included in changelogs or release notes is processed lawfully

Data Processing Agreement

Where ChangeCrab Limited processes personal data on behalf of customers as a data processor, such processing is governed by our Data Processing Agreement (DPA).

The DPA sets out the respective data protection responsibilities of ChangeCrab Limited and our customers in accordance with applicable data protection laws.

A copy of our Data Processing Agreement is available at:
https://www.statuscake.com/gdpr-statuscake-data-processing-agreement/

8. Lawful bases for processing personal data

We process personal data only where we have a valid lawful basis under the UK General Data Protection Regulation (UK GDPR).

Contract

Processing necessary to:

  • Create and manage ChangeCrab accounts
  • Provide the ChangeCrab service
  • Distribute changelog and release note updates

Legitimate interests

Processing necessary to:

  • Improve and develop our services
  • Understand usage and performance
  • Maintain platform security
  • Communicate with customers about product updates

You can opt out of non-essential communications at any time.

Consent

We rely on consent where required, for example:

  • When individuals subscribe to changelog or release note updates
  • For certain cookies or similar technologies

You can withdraw consent at any time.

Legal obligations

Processing required to comply with legal or regulatory obligations, including financial record-keeping.

9. How we use personal data

We use personal data for the following purposes:

  • Providing and operating the ChangeCrab service
  • Publishing and distributing changelogs and release notes
  • Managing subscriptions to updates
  • Providing customer support
  • Improving and developing product features
  • Ensuring security and preventing misuse
  • Complying with legal obligations

Aggregated and anonymised data

We may aggregate and anonymise personal data so that it can no longer be used to identify any individual.

Aggregated and anonymised data is not personal data and is not subject to data protection laws.

10. Cookies and similar technologies

We use cookies and similar technologies to support website functionality, analytics, and service improvement.

You can manage cookies through your browser settings. Disabling cookies may affect website functionality.

We may update our use of cookies over time and, where required, implement additional consent mechanisms.

11. Data sharing and third-party providers

We may share personal data where necessary to operate the ChangeCrab service or comply with legal obligations. We do not sell personal data.

Third-party providers

We use trusted third-party providers for:

  • Hosting and infrastructure (e.g. DigitalOcean)
  • Email delivery (e.g. SparkPost, Mailchimp)
  • Payment processing (e.g. Stripe)
  • Analytics (e.g. Google Analytics, Mixpanel, Hotjar)
  • Customer support (e.g. Intercom)
  • SMS delivery (e.g. Twilio)
  • Status communications (e.g. Atlassian Statuspage)

Depending on context, these providers may act as processors or independent controllers. Appropriate contractual safeguards are in place.

Group companies

We may share personal data with TrafficCake Limited where necessary for shared personnel, infrastructure, support, or security.

Professional advisers

We may share personal data with our accountants, auditors, and legal advisers where necessary and subject to confidentiality obligations.

Legal disclosures

We may disclose personal data where required by law or to protect our rights or others.

12. International data transfers

Personal data is primarily stored and processed in the United Kingdom.

ChangeCrab is a global service, and some third-party providers may process or access data outside the UK.

Where personal data is transferred outside the UK, appropriate safeguards are used, such as adequacy decisions or approved contractual protections.

13. Data retention

We retain personal data only for as long as necessary for service provision, legal compliance, and legitimate business purposes.

  • Account data is retained while an account remains active
  • Subscriber data is retained until unsubscribed or removed
  • Customer-generated content is retained in accordance with customer instructions
  • Billing records are retained for statutory periods
  • Analytics data may be retained longer in aggregated or anonymised form
  • Backup data may be retained briefly for disaster recovery purposes

14. Your rights

You have rights under UK data protection law, including the right to:

  • Access your personal data
  • Correct inaccuracies
  • Request deletion
  • Restrict or object to processing
  • Receive certain data in a portable format

Where we rely on consent, you may withdraw it at any time.

Requests can be made using the contact details above.

You also have the right to complain to the UK Information Commissioner's Office (ICO).

15. Security

We use appropriate technical and organisational measures to protect personal data, including access controls, secure infrastructure, and contractual safeguards with providers.

16. Contact us

ChangeCrab Limited
Email: privacy@changecrab.com