CraveLog Privacy Policy

Effective Date: June 2026

1. Our Commitment to Your Privacy

CraveLog is committed to protecting your privacy. We understand that the emotional and personal information you share — including food cravings, emotional states, and personal triggers — is deeply sensitive.

WE WILL NEVER SELL YOUR PERSONAL DATA.
WE WILL NEVER USE YOUR DATA FOR ADVERTISING.

2. Information We Collect

Information you provide:

  • Account details: name, email, password, country, phone number
  • Craving logs: food types, emotions, triggers, outcomes, timestamps
  • Payment information (processed by Creem.io; we never store your card details)
  • Communications and support requests

Information collected automatically:

  • Device type, operating system, browser
  • Usage patterns and features accessed
  • IP address and access timestamps
  • App analytics (aggregated, anonymized)

3. How We Use Your Information

We use your information to:

  • Create and maintain your account
  • Process your craving logs and generate personalized AI insights
  • Deliver weekly reports to Pro subscribers
  • Send transactional emails (welcome, streak alerts, weekly reports)
  • Process payments and manage subscriptions
  • Improve our Service and develop new features
  • Ensure security and prevent fraud
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

For EEA users, we process your data based on:

  • Contract performance: to provide the Service
  • Legitimate interests: to improve the Service
  • Consent: where you have given explicit consent
  • Legal obligation: to comply with applicable law

5. Data Sharing and Disclosure

We share your data only with:

  • Creem.io: payment processing
  • Resend: transactional email delivery
  • Supabase: secure database hosting
  • Anthropic (Claude API): AI insight generation
  • Railway: application hosting

We do NOT share your data with:

  • Advertisers or marketing companies
  • Data brokers
  • Third parties for their own marketing
  • Anyone without your consent except as required by law

We may disclose information if required by law, court order, or to protect safety.

6. Data Security

We implement comprehensive security measures:

  • All data encrypted in transit (TLS)
  • Data encrypted at rest
  • Row Level Security — you can only access your own data
  • Access restricted to authorized personnel
  • Regular security assessments

No method of transmission is 100% secure. We will notify you of any data breach as required by applicable law.

7. Data Retention

  • Account data: retained while account is active plus 30 days after deletion
  • Craving logs: retained while account is active
  • Payment records: retained 7 years for legal compliance
  • On account deletion: personal data removed within 30 days

8. Your Rights

All users:

  • Access your personal information
  • Correct inaccurate information
  • Delete your account and data
  • Export your data in portable format
  • Opt out of non-essential communications

EEA users (GDPR):

  • Restrict processing
  • Object to processing
  • Lodge a complaint with your data protection authority

California users (CCPA):

  • Know what data we collect and how we use it
  • Delete your personal information
  • We do not sell personal information

To exercise any rights: hello@cravelog.ai. We will respond within 30 days.

9. Sensitive Personal Information

Your emotional states and craving data are treated with the highest protection:

  • Never shared with third parties except as described above
  • Never used for advertising or profiling
  • Never disclosed to researchers individually
  • Aggregate anonymized data may improve our AI models

10. Cookies

We use only essential and functional cookies:

  • Essential: required for authentication and security
  • Functional: remember your preferences
  • Analytics: aggregated, anonymized usage data

We do NOT use advertising cookies or third-party tracking for marketing.

11. Children's Privacy

CraveLog is not directed to anyone under 18. We do not knowingly collect data from children under 18. If you believe a child has provided us data, contact us immediately at hello@cravelog.ai.

12. International Data Transfers

Your data may be processed in the United States and other countries. For EEA users, we use Standard Contractual Clauses and other approved mechanisms for international transfers.

13. Changes to This Policy

We will notify you of material changes via email and by updating this page. Continued use after changes constitutes acceptance.

14. Contact Us

Email: hello@cravelog.ai
Website: https://cravelog.ai/privacy

For GDPR inquiries you may also contact your local data protection authority.

© 2026 CraveLog. All rights reserved.