Legal
Privacy Policy
Effective Date: March 6, 2026
Three Crowns Policy Group LLC (“Three Crowns,” “we,” “us,” or “our”) operates the website at threecrownspolicygroup.com and the associated client intelligence portal. This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit our website, use our platform, or subscribe to our newsletter.
By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.
1. Information We Collect
Account Information
When your organization subscribes to Three Crowns, we collect information necessary to create and manage user accounts, including:
- Full name and email address
- Company or organization name
- Password (stored securely via our authentication provider and never accessible to our team in plain text)
Client Configuration Data
To tailor our intelligence platform to your business, we collect information your organization provides during onboarding and account setup, including:
- Business description and industry sectors
- NAICS codes relevant to your operations
- Competitor names for competitive intelligence
- Contact information for your primary point of contact
Usage Data
We automatically collect certain information when you use our platform, including:
- Login timestamps and session activity
- Pages and features accessed within the portal
- Actions taken (such as setting alerts or generating reports)
This data is used to improve our platform, diagnose issues, and understand how clients use our services.
Newsletter Subscriptions
If you subscribe to our newsletter, we collect your email address. You may unsubscribe at any time using the link included in every newsletter email.
Contact Form Submissions
When you submit an inquiry through our contact form, we collect your name, email address, company name, and the content of your message.
2. How We Use Your Information
We use the information we collect to:
- Provide and operate our federal policy intelligence platform
- Generate AI-powered analysis tailored to your organization’s business context, sectors, and competitive landscape
- Send transactional emails, including account invitations, password resets, and platform notifications
- Send newsletter emails to subscribed recipients
- Respond to inquiries submitted through our contact form
- Maintain platform security and prevent unauthorized access
- Improve our services based on aggregated, non-identifying usage patterns
3. What We Do Not Do With Your Data
- We do not sell, rent, or trade your personal information to third parties
- We do not use advertising trackers, marketing pixels, or retargeting cookies
- We do not share client data between client organizations — each client’s intelligence portal is fully isolated
- We do not use your data to train AI models — client data sent to our AI analysis provider is used solely to generate your organization’s intelligence output
4. Third-Party Services
We use the following third-party services to operate our platform. Each is used in a limited capacity as described:
Supabase (Database & Authentication)
Client data, user accounts, and authentication are managed through Supabase, which hosts data on Amazon Web Services (AWS) infrastructure. Supabase handles password hashing, session management, and secure data storage.
Vercel (Web Hosting)
Our website and application are hosted on Vercel’s infrastructure. Vercel may process standard web server logs (IP addresses, request timestamps) as part of delivering our application.
Anthropic (AI Analysis)
We use Anthropic’s Claude API to generate AI-powered analysis of federal policy data. Client configuration data (business description, sectors, NAICS codes) is sent to the Claude API to produce relevance-scored intelligence. Anthropic does not use this data to train its models under its commercial API terms.
Google Analytics
We use Google Analytics (GA4) to collect anonymized data about how visitors use our public website, such as pages visited, session duration, and referral sources. Google Analytics cookies are only loaded after you consent via the cookie banner. You can learn more about how Google uses data at Google’s partner policy.
Resend (Transactional Email)
We use Resend to deliver transactional emails such as account invitations, password reset links, and newsletter communications. Resend processes recipient email addresses solely for the purpose of email delivery.
5. Government Data Sources
Our platform aggregates and analyzes publicly available data from federal government sources including Congress.gov, the Federal Register, SAM.gov, USAspending.gov, and the Federal Election Commission. All source data is public information made available by the U.S. government. Our analysis and presentation of this data constitutes our proprietary service.
6. Cookies and Tracking
We use a minimal number of cookies to operate our website and platform:
- Authentication session cookies — managed by Supabase to maintain your logged-in state in the portal
- Analytics cookies (Google Analytics) — used to understand how visitors interact with our website, including pages visited, traffic sources, and general usage patterns. These cookies are only set after you provide consent via the cookie banner displayed on your first visit
- Cookie preference — a local storage entry that remembers your cookie consent choice so we do not ask again
You may decline analytics cookies at any time using the cookie banner. If you decline, no analytics data will be collected. We do not use marketing cookies, retargeting cookies, or participate in cross-site tracking or behavioral advertising networks.
7. Data Retention
Client account data and associated intelligence data are retained for the duration of your organization’s active subscription. Upon cancellation, we will retain your data for up to 90 days to facilitate any reactivation, after which it will be permanently deleted upon request.
Newsletter subscriber information is retained until you unsubscribe. Contact form submissions are retained for up to 12 months.
8. Data Security
We implement commercially reasonable security measures to protect your information, including:
- Encrypted data transmission (HTTPS/TLS)
- Secure password hashing and session management
- Row-level security policies ensuring client data isolation at the database level
- Role-based access controls within the platform
No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
9. Your Rights
Depending on your jurisdiction, you may have certain rights regarding your personal information, including:
- Access and portability — request a copy of the personal information we hold about you
- Correction — request that we correct inaccurate personal information
- Deletion — request that we delete your personal information, subject to certain exceptions
- Opt-out of communications — unsubscribe from newsletter emails at any time
California Residents
Under the California Consumer Privacy Act (CCPA), California residents have additional rights, including the right to know what personal information we collect and how it is used, and the right to request deletion. As noted above, we do not sell personal information. To exercise your rights under the CCPA, please contact us using the information below.
10. Children’s Privacy
Our services are designed for business use and are not directed at individuals under the age of 18. We do not knowingly collect personal information from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. If we make material changes, we will notify active subscribers by email or through the platform prior to the changes taking effect. We encourage you to review this page periodically.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise any of your data rights, please contact us at: