Back to Crada

Privacy Policy

Effective Date: March 6, 2026 · Last Updated: March 6, 2026

TL;DR

  • • Your saved content belongs to you. We never sell it or use it for advertising.
  • • We use AI (Groq) to classify your content. Your data is not used to train AI models.
  • • Gmail data is accessed read-only and only when you explicitly connect it.
  • • We use Supabase, Vercel, Stripe, Groq, and Resend to run the service — nothing else.
  • • You can export or delete all your data at any time.

Crada (“we,” “us,” or “our”) operates the crada.live website and service. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our service.

By using Crada, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address — Used for authentication, account recovery, and service communications.
  • Name (optional) — Used to personalize your experience.
  • Password — Stored as a salted hash. We never store passwords in plain text.

If you sign in via a third-party provider (e.g., Google), we receive your email address, display name, and profile photo from that provider. We do not receive or store your third-party password.

1.2 Content You Save

When you use Crada, you save content references including:

  • URLs and links
  • Article titles, descriptions, and excerpts
  • Notes and text you write
  • Tags and categories you create
  • Metadata such as source domain and author information
  • AI-generated classifications, summaries, and analysis

This content is stored to provide the core service: saving, organizing, and searching your references.

1.3 Gmail Integration Data

If you connect your Gmail account, we access the following data with your explicit consent:

  • Email metadata — Subject line, sender, and date of emails in the label you select.
  • Email body content — Processed to extract articles and links. Raw email content is stored temporarily for processing and audit, then retained only as extracted items in your library.

We request read-only access to Gmail (the gmail.readonly scope). We cannot send, delete, or modify your emails. You can revoke access at any time from your Google Account permissions page or by disconnecting Gmail in Crada settings.

Crada's use of Google API data adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Gmail data for advertising, market research, or to train AI models.

1.4 Payment Information

Payment processing is handled entirely by Stripe. We do not store your credit card number, CVV, or full billing details. We receive only a transaction confirmation, the last four digits of your card, and your billing email for receipt purposes.

1.5 Automatically Collected Information

We automatically collect limited technical information:

  • Usage data — Pages visited within Crada, features used, and search queries. This helps us improve the product.
  • Device information — Browser type, operating system, and screen resolution. This helps us ensure compatibility.
  • Log data — IP address, access times, and referring URLs. This is standard web server logging for security and debugging.

1.6 Information We Do NOT Collect

  • Biometric data or protected characteristics
  • Cross-site browsing history
  • Precise location data (beyond IP-derived country)
  • Contacts, calendar, or phone data
  • Data from Gmail labels you have not explicitly selected

2. How We Use Your Information

We use your information solely to:

  • Provide the service — Store your saved content, enable search, and display your library.
  • Classify content with AI — Send saved content to Groq for automatic categorization, summarization, and analysis (see Section 3).
  • Authenticate you — Manage your account, sessions, and password resets.
  • Process payments — Handle credit purchases and subscription billing via Stripe.
  • Communicate with you — Send account-related emails (password resets, security alerts) via Resend. We do not send marketing emails without your explicit opt-in.
  • Improve the product — Understand usage patterns to prioritize features and fix bugs.
  • Ensure security — Detect and prevent abuse, unauthorized access, and fraud.

We do not sell, rent, or share your personal information with third parties for advertising purposes.

3. AI and Machine Learning

Crada uses AI to help you organize and understand your saved content:

  • What we process: When you save an item or import an email, the title, description, and content text are sent to Groq (our AI provider) for classification, summarization, and analysis.
  • What AI produces: Actionability ratings, topic themes, summaries, and related-content suggestions.
  • No model training: Your content is never used to train, fine-tune, or improve AI models. It is processed for classification only and not retained by the AI provider after processing.
  • Accuracy: AI-generated classifications may contain errors. They are provided as organizational aids and should not be relied upon as professional advice.

4. How We Share Your Information

We share your data only with the service providers necessary to operate Crada:

ServicePurposeData Shared
SupabaseDatabase, auth, storageAccount data, saved content
VercelWeb hostingIP address, request logs
StripePayment processingBilling information
GroqAI content classificationContent text for processing
ResendTransactional emailEmail address
Google APIsGmail integrationEmail data per user consent

We may also share your information if required by law, court order, or to protect our rights.

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.

5. Cookies and Tracking

Crada uses cookies strictly for essential functionality:

  • Session cookie — Stores your authentication session. This is an HTTP-only, secure cookie required for the service to function.

We do not use advertising cookies, third-party tracking cookies, or cross-site tracking. We do not participate in ad networks.

6. Your Rights

6.1 All Users

  • Access: View all data associated with your account by logging in to Crada.
  • Correction: Update your profile information through the settings page.
  • Deletion: Delete individual items through the app. To delete your entire account, go to Settings → Your Data and request account deletion. We process deletions within 30 days.
  • Data export: Export all your data in JSON format at any time from Settings → Your Data. No need to contact support — it's instant and self-service.
  • Restriction: Request that we restrict processing of your data.
  • Withdraw consent: Revoke consent for optional processing (e.g., disconnect Gmail) at any time without affecting the lawfulness of prior processing.

6.2 GDPR Rights (EEA/UK)

If you are in the European Economic Area or United Kingdom, you have additional rights under the GDPR:

  • Legal basis: We process data based on (a) your consent, (b) necessity to perform the contract, and (c) legitimate interests in improving and securing the service.
  • Data portability: Export your data in a structured, machine-readable JSON format from Settings → Your Data.
  • Right to erasure: Request deletion of your personal data from Settings → Your Data.
  • Data Protection Authority: You have the right to lodge a complaint with your local data protection authority.
  • International transfers: Your data is stored in the United States. We rely on Standard Contractual Clauses and our vendors' compliance frameworks for lawful data transfers.

6.3 CCPA Rights (California)

If you are a California resident:

  • Right to know: Request details about the personal information we collect.
  • Right to delete: Request deletion of your personal information.
  • Right to opt-out of sale: We do not sell your personal information.
  • Non-discrimination: We will not discriminate against you for exercising your rights.

To exercise your CCPA rights, contact support@crada.live.

7. Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of an account deletion request.
  • Saved content: Retained while your account is active. Individual items can be deleted at any time.
  • Email import records: Retained for audit and deduplication purposes while your account is active.
  • Server logs: Retained for up to 90 days, then deleted.
  • Payment records: Retained as required by law (typically 7 years for tax purposes).
  • AI processing: Content is not retained by the AI provider after classification is complete.

8. Data Security

  • All data in transit is encrypted via TLS (HTTPS).
  • Data at rest is encrypted via AES-256 (provided by Supabase/AWS).
  • Database access is protected by Row-Level Security (RLS) policies that ensure each user can only access their own data.
  • Authentication tokens are stored in HTTP-only, secure cookies.
  • Service-level keys are stored as encrypted environment variables and are never exposed to client-side code.
  • Regular automated backups are maintained by Supabase.

9. Children's Privacy

Crada is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the “Last Updated” date at the top of this page. For significant changes, we will notify you via email or an in-app notification at least 30 days before they take effect. Continued use of Crada after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or your personal data, contact us at support@crada.live.