Privacy Policy

Crumbtrail (“we,” “our,” or “us”) is a place-collection and print studio application. This Privacy Policy explains what personal information we collect when you use Crumbtrail, how we use it, who we share it with, and what rights you have over it.

By creating an account or using Crumbtrail, you agree to the collection and use of information described in this policy.

Account data

• Name and email address provided at sign-up.
• Encrypted password (we never store plaintext passwords).
• Account creation date and last-active metadata.
• Account tier (Free or Pro) and subscription status.

Place and collection data

• Place names, addresses, neighborhoods, and notes you enter.
• Place status (Want to Try, Planned, Visited, Favorite).
• Star ratings, tags, and "must-order" notes you add.
• Date visited, if you record it.
• Photos or images you upload to a place (if this feature is enabled).
• GPS coordinates (latitude/longitude) obtained from the places API when you search for a place.

Collection metadata

• Collection title, subtitle, and theme.
• Visibility setting (private, unlisted, or public).
• Sharing tokens for shared or remixable collections.
• Print settings (template, paper size, theme, pin style, and similar export configuration).

Print and export data

• A log of export events (template used, paper size, date) associated with your account.
• Generated PDF and PNG files are produced client-side in your browser using html2canvas and jsPDF; we do not store the rendered file on our servers.

Usage and analytics data

• Events such as page views, button clicks, and feature interactions — used to understand how the product is used and improve it.
• Browser type, operating system, and approximate geographic region derived from IP address.
• Error and performance logs.

Billing and subscription data

• Payment method details (card number, CVV, expiry) are collected and stored by Stripe, our payment processor. We do not store raw payment card data.
• Subscription plan, billing cycle, and payment history.
• Stripe customer ID linked to your account.

Authentication session data

• Session tokens stored in cookies to keep you signed in.
• The cookie name is better-auth.session_token (or __Secure-better-auth.session_token over HTTPS).
• Sessions expire according to Better Auth's configured session duration.

• To create and manage your account.
• To store, display, and sync your collections and places.
• To process billing and subscription management via Stripe.
• To generate print previews and export files in your browser.
• To send transactional emails (account confirmation, billing receipts) — we do not send marketing email without your consent.
• To improve the product through aggregated usage analytics.
• To enforce our Terms of Service and prevent abuse.
• To comply with applicable legal obligations.

We work with the following third-party services. Each has its own privacy policy.

• NeonDB (Neon Inc.) — PostgreSQL database hosting. Your account, place, and collection data is stored in NeonDB servers. Neon is SOC 2 Type 2 certified.
• Better Auth — Authentication library. Session management is powered by Better Auth using a Drizzle ORM adapter pointing to our NeonDB instance.
• Microsoft Azure — Application hosting (Azure Container Apps) and, optionally, file storage (Azure Blob Storage). The application runs in the Azure cloud region selected at deployment.
• Stripe — Payment processing. Stripe collects and processes payment card information on our behalf. See stripe.com/privacy.
• Foursquare / Places API (planned) — Place search. When you search for a place, the query may be sent to a geocoding or places API. This feature is not yet fully active.
• OpenStreetMap tile providers — Map tile images are fetched from public OpenStreetMap tile servers to render the live print preview map. Standard server request logs apply.
• Analytics provider (TBD) — Aggregated usage events. The specific provider is not yet finalized. We will update this policy when one is selected.
• Physical fulfillment partners (planned) — If you order a physical product (raised pin map, laser-cut art), your shipping name and address will be shared with the fulfillment partner. This feature is not yet active.

We do not sell your personal information to third parties. We do not share your place or collection data with advertisers.

We retain your account and collection data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or accounting purposes (typically up to 7 years for billing records).

Analytics event data is retained in aggregated or pseudonymous form for up to 24 months.

Depending on your location, you may have the right to:

• Access a copy of the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your account and associated personal data.
• Export your collection data in a machine-readable format.
• Restrict or object to certain processing activities.
• Withdraw consent where processing is based on consent.

To exercise any of these rights, email us at privacy@crumbtrail.coor use the in-app account deletion option in Profile & Settings. We aim to respond within 30 days.

We use a session cookie (better-auth.session_token) to keep you signed in. This is a strictly necessary cookie; the app cannot function without it.

We may use additional cookies or local storage for analytics and performance monitoring. A cookie consent notice will be added before any non-essential cookies are set.

We use HTTPS for all data in transit. Passwords are stored as bcrypt hashes. Database access is restricted to the application server. We conduct regular dependency audits and follow responsible disclosure practices.

No system is completely secure. If you believe you have found a security vulnerability, please email security@crumbtrail.co.

Crumbtrail is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has created an account, contact us and we will delete the account promptly.

We will update this policy as our practices change. For material changes, we will notify you by email or via an in-app notice at least 14 days before the change takes effect. The “Last updated” date at the top of this page always reflects the current version.

Questions or requests regarding this policy: privacy@crumbtrail.co

Crumbtrail Press
Toronto · Brooklyn