Privacy Policy

Version: 1.1
Last Updated: April 12, 2026
Effective Date: April 12, 2026

Introduction

This Privacy Policy describes how Artem Zaporozhets, sole proprietor (ФОП), registered at Romana Ratushnogo 21a, Kyiv 03110, Ukraine ("we," "us," or "our"), collects, uses, and discloses your personal information when you use the CraftRevenue platform at https://craftrevenue.com (the "Service").

By creating an account or using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please do not access or use the Service.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service with a new "Last Updated" date. Your continued use of the Service after such changes constitutes your acceptance of the updated policy.

1. Information We Collect

We collect the following categories of personal information:

Information you provide directly:

  • Name (display name)
  • Email address

Information from Google Sign-In (if you choose to sign in with Google):

  • Your Google account email address
  • Your Google display name
  • Your Google profile photo URL (if publicly available)
  • Your unique Google account identifier (used internally to link your account)

We only receive this information if you explicitly choose "Continue with Google" during sign-up or login. You authorize this data sharing through Google's standard OAuth consent screen. We do not receive your Google password, contacts, calendar, or any other Google services data.

Information collected automatically:

  • Device and browser information (user agent, screen resolution)
  • IP address
  • Pages visited and interactions within the Service
  • Error and crash reports
  • Cookies and similar technologies (see our Cookie Policy)

We do not collect or store payment card information. All payment processing is handled exclusively by our payment provider, Paddle (see Section 4).

2. How We Collect Your Information

We collect information in the following ways:

  • When you register for an account or update your profile
  • When you interact with the Service (e.g., creating projects, using tools)
  • Automatically through cookies and analytics technologies when you visit our website
  • Through error monitoring when technical issues occur
  • Through Google's OAuth authorization flow, when you choose to sign in using your Google account

3. How We Use Your Information

We use your information for the following purposes:

  • Service delivery: Creating and managing your user account, providing access to tools and features based on your subscription plan
  • Communication: Sending transactional emails (account verification, welcome emails, password reset)
  • Analytics: Understanding how the Service is used to improve functionality and user experience
  • Security: Detecting and preventing fraud, abuse, and unauthorized access
  • Legal compliance: Enforcing our Terms of Service and complying with applicable laws

We will not use your information for any purpose beyond those listed above without obtaining your prior consent, unless required by law.

4. How We Share Your Information

We do not sell your personal information to third parties.

We share your information only with the following third-party service providers ("sub-processors") who are necessary for us to operate the Service:

Sub-Processor Location Purpose Data Shared
Google Firebase (Google LLC) USA (with EU data residency for Firestore) User authentication, database storage (Firestore), serverless backend functions Email, display name, account data, project data
Paddle.com Market Ltd UK / Ireland Payment processing and subscription management (Merchant of Record) Email, transaction data. Paddle handles all payment card data exclusively; we never see or store it.
Google Analytics 4 (Google LLC) USA Website analytics and usage measurement Anonymized usage data, device info, pages visited (with Consent Mode v2)
Sentry (Functional Software Inc.) Germany (EU data center) Error monitoring and crash reporting Error details, browser info, anonymized stack traces
Google Sign-In (Google LLC) USA Identity verification during "Continue with Google" flow Email, Google profile basic info (name, photo URL), Google account ID
Cloudflare Turnstile (Cloudflare Inc.) USA Bot protection on login/signup forms (CAPTCHA alternative) IP address, browser fingerprint, interaction signals (processed in real-time, not used for tracking)
Cloudflare Inc. USA DNS, CDN, DDoS protection, and security IP address, request headers (processed in transit, not stored long-term)
Vercel Inc. USA Website hosting and delivery Server access logs (IP, request path, timestamps)
Hostinger Lithuania (EU) Transactional email delivery (SMTP) Recipient email address, email content

We require each sub-processor to use personal information only for the purpose for which it was provided and to maintain appropriate security measures.

We may also disclose your information if required to: (1) comply with applicable law, regulation, or court order; (2) enforce our Terms of Service; (3) protect the rights, property, or safety of CraftRevenue, our users, or the public.

If our business is acquired or merged, your information may be transferred to the new owner.

5. International Data Transfers

Our Service uses sub-processors located in the United States, European Union, and United Kingdom. When your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Sub-processors' compliance with applicable data protection frameworks

6. Data Retention

We retain your personal information according to the following schedule:

Data Type Retention Period
Active user account data For as long as your account is active
Data after account deletion 90-day grace period, then permanently deleted
Unverified accounts (email not confirmed) Automatically deleted after 3 days
Analytics data (GA4) Retained by Google per their data retention settings
Error logs (Sentry) Retained per Sentry's default retention period (90 days)
Server access logs (Vercel) Retained per Vercel's standard log retention

Residual anonymous and aggregate information that does not identify you may be retained indefinitely for statistical purposes.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Restriction: Request that we limit the processing of your data
  • Portability: Request a copy of your data in a structured, machine-readable format
  • Objection: Object to the processing of your data for certain purposes
  • Withdraw consent: Withdraw any consent you have given us at any time
  • Lodge a complaint: File a complaint with a supervisory authority in your jurisdiction

For users in the European Economic Area (EEA): Our legal basis for processing your personal data is: (a) performance of a contract (providing the Service you signed up for); (b) legitimate interests (analytics, security, service improvement); and (c) your consent (where specifically requested).

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or sooner if required by applicable law).

Please note that if you withdraw consent or request deletion of required data, you may no longer be able to access or use the Service.

8. Cookies

We use cookies and similar technologies on the Service. For detailed information about the types of cookies we use and your choices, please refer to our Cookie Policy at https://craftrevenue.com/cookie-policy.html.

9. Security

We implement reasonable technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit (TLS/SSL)
  • Firebase security rules restricting database access
  • Secure authentication with email verification
  • Rate limiting and multi-layered bot protection, including Cloudflare Turnstile (a privacy-friendly CAPTCHA alternative) on authentication forms
  • Regular security reviews

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security and you use the Service at your own risk.

10. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete it.

11. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Artem Zaporozhets
Romana Ratushnogo 21a, Kyiv 03110, Ukraine
Email: [email protected]