Privacy Policy

Last updated

6/27/2025, 12:28:26 AM
.

1. Introduction

Welcome to CRUMB. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application.

2. Information We Collect

We may collect information about you in a variety of ways. The information we may collect on the Service includes:

A. Personal Data

We collect personally identifiable information that you provide to us directly or through our authentication partners. This includes:

  • Google Account Information. When you register or log in using your Google account, we collect your name, email address, and profile picture URL as provided by Google.
  • User-Provided Information:
    • Contact & Prospect Information. If you are an agent or administrator, you may provide information about prospects, including their name, contact details (e.g., messaging platform and handle), and associated company details.
    • Payment Information. For users receiving payments, we may store payment method details such as the payment platform, handle, and currency code.
  • Internal User Data. We maintain records of user roles and permissions within the application, such as when a user is promoted to an agent, processor, or administrator. We may also "flag" user accounts to indicate specific statuses to our staff.

B. Cookies

We use cookies to maintain your session when you are logged into the dashboard. These cookies are essential for the functionality of the service and are only used to keep you authenticated as you navigate through the application.

C. Business and Operational Data

As part of our service, we store data related to business operations, which may be linked to personal data:

  • Company Information. We must store details about companies, including name, website, industry, and the associated contact person.
  • Order Information. We must store data related to customer orders, such as receipt issue dates, order titles, service types, sales volume, commission rates, and progress updates on deliveries and payments.
  • Uploaded Files. We must store files uploaded by our staff, such as PDF copies of order receipts.

D. Automatically Collected Information & Log Data

When you access and use our service, our servers automatically record information. This audit log data may include:

  • Request Details. We log your request's method (e.g., GET, POST), URL, a unique request ID, and your session identifier.
  • Performance Data. We track the amount of time taken to process your requests for system health monitoring purposes.
  • Error Information. In the event of an error, we may log detailed information to help with debugging. This can include the error message, stack traces, and details of the database query that failed. In some cases, the parameters of a failed database query might contain parts of the data you submitted.
  • User Actions. We log actions performed by authenticated users, such as creating a company, updating an order, or flagging a user, to maintain an audit trail. This log includes the user's ID and the relevant entity's ID.

3. How We Use Your Information

We use the information we collect in order to:

  • Provide, operate, and maintain our services.
  • Create and manage your account.
  • Process transactions and manage orders, including tracking payments and deliveries.
  • Notify follow-ups with prospects and clients.
  • Monitor and analyze usage and trends to improve your experience.
  • Detect, prevent, and troubleshoot technical issues and security incidents.
  • Fulfill our internal administrative and auditing requirements.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share information with third parties under the following circumstances:

  • With Your Consent. We may disclose your personal information for any other purpose with your consent.
  • Third-Party Service Providers. We use third-party services for hosting, logging, and monitoring. These providers include:
    • Google for authentication services. Your interaction with Google Sign-In is governed by their privacy policy.
    • Fly.io for application hosting.
    • Neon for database hosting.
    • Axiom for log management and aggregation in our production environment.
    These service providers have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
  • For Legal Reasons. We may disclose your information if we are required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

5. Data Security

We are committed to ensuring the security of your data. We achieve this by building our service on top of industry-leading, secure infrastructure. Our application and database hosting are managed by Fly.io and Neon, who are responsible for securing the underlying cloud infrastructure.

Both providers are certified for industry-standard compliance frameworks such as SOC2 and employ robust physical and network security measures to protect the servers where your data is stored. This includes, but is not limited to, data encryption at rest and in transit, network vulnerability scanning, and strict access controls.

By leveraging their expertise, we ensure that your data is protected by the highest standards in the industry. However, note that no security measures are perfect, and no method of data transmission can be guaranteed against any interception or other type of misuse.

6. Data Retention

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations (e.g., if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

Audit logs, which include automatically collected information such as request details and user actions, are retained for a maximum of 30 days for security and analysis purposes.

7. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

8. Contact Us

If you have any questions about this Privacy Policy, please contact us at: ortiz@bastidood.dev.