Last updated: May 2, 2026
CRIA Collective ("we," "us," or "our") operates the website thecriacollective.com and the CRIA Assessment platform. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website or take the CRIA Assessment.
By using our website or submitting the assessment, you agree to the practices described in this policy. If you do not agree, please do not use the site or submit your information.
When you take the CRIA Assessment and submit your results, we collect: your first and last name, work email address, company name, company size, job role, industry (optional), how you heard about us (optional), the scope you selected for the assessment (team, department, or organization), and your responses to all assessment questions.
If you accept analytics cookies, we use Google Analytics 4 to collect standard usage data such as pages visited, time on site, browser type, device type, and general geographic region. This data is aggregated and does not personally identify you. If you decline cookies, no analytics data is collected.
We use your information for the following purposes: to generate your personalized CRIA Assessment report and display your results; to send you a copy of your results by email if you request it; to notify our team when a new assessment is completed so we can follow up appropriately; to improve the assessment and our services based on aggregated, anonymized response patterns; and to contact you about team-level assessments or consulting services that may be relevant to you.
We do not sell, rent, or trade your personal information to third parties. We do not use your information for automated decision-making or profiling that produces legal effects.
Your data is stored securely in Supabase, a hosted database platform that encrypts data at rest and in transit and maintains SOC 2 Type II compliance. Access to the database is restricted to authorized personnel only. Our website is served over HTTPS, ensuring that all data transmitted between your browser and our servers is encrypted.
We use the following third-party services to operate our platform:
Supabase — database hosting and authentication. Your assessment data and contact information are stored here.
Resend — email delivery. Used to send you a copy of your results and to notify our team of new submissions. Your email address is shared with Resend solely for the purpose of delivering these emails.
Vercel — website hosting. Standard server logs may include IP addresses and are retained according to Vercel's privacy policy.
Google Analytics 4 — website analytics (only if you accept cookies). Collects anonymized usage data to help us understand how visitors use the site. Google's privacy policy applies to data collected through this service.
Our website uses cookies only for analytics purposes (Google Analytics 4). When you first visit the site, a banner will ask for your consent before any analytics cookies are set. If you decline, no analytics cookies are placed and the site functions normally. You can change your cookie preferences at any time by clearing your browser cookies and revisiting the site.
Depending on your location, you may have the following rights regarding your personal data:
Access — You can request a copy of the personal data we hold about you.
Correction — You can request that we correct any inaccurate information.
Deletion — You can request that we delete your personal data. We will comply unless we have a legal obligation to retain it.
Opt-out of communications — You can opt out of any follow-up communications at any time by contacting us.
To exercise any of these rights, please contact us at the email address listed below. We will respond to your request within 30 days.
We retain your assessment data and contact information for as long as it is needed to provide our services and for a reasonable period afterward for follow-up and record-keeping. If you request deletion of your data, we will remove it within 30 days of your request.
Our services are hosted in the United States. If you are accessing the site from outside the United States, including from the European Economic Area (EEA) or United Kingdom, please be aware that your data will be transferred to and processed in the United States. By submitting your information, you consent to this transfer. We take reasonable steps to ensure your data is treated securely and in accordance with this policy.
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.
We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
If you have questions about this Privacy Policy, would like to exercise your data rights, or wish to request deletion of your data, please contact us at:
hello@thecriacollective.com
CRIA Collective
Madison, Wisconsin, United States