CraveLog Privacy Policy
Effective Date: June 2026
1. Our Commitment to Your Privacy
CraveLog is committed to protecting your privacy. We understand that the emotional and personal information you share — including food cravings, emotional states, and personal triggers — is deeply sensitive.
WE WILL NEVER SELL YOUR PERSONAL DATA.
WE WILL NEVER USE YOUR DATA FOR ADVERTISING.
2. Information We Collect
Information you provide:
- Account details: name, email, password, country, phone number
- Craving logs: food types, emotions, triggers, outcomes, timestamps
- Payment information (processed by Creem.io; we never store your card details)
- Communications and support requests
Information collected automatically:
- Device type, operating system, browser
- Usage patterns and features accessed
- IP address and access timestamps
- App analytics (aggregated, anonymized)
3. How We Use Your Information
We use your information to:
- Create and maintain your account
- Process your craving logs and generate personalized AI insights
- Deliver weekly reports to Pro subscribers
- Send transactional emails (welcome, streak alerts, weekly reports)
- Process payments and manage subscriptions
- Improve our Service and develop new features
- Ensure security and prevent fraud
- Comply with legal obligations
4. Legal Basis for Processing (GDPR)
For EEA users, we process your data based on:
- Contract performance: to provide the Service
- Legitimate interests: to improve the Service
- Consent: where you have given explicit consent
- Legal obligation: to comply with applicable law
5. Data Sharing and Disclosure
We share your data only with:
- Creem.io: payment processing
- Resend: transactional email delivery
- Supabase: secure database hosting
- Anthropic (Claude API): AI insight generation
- Railway: application hosting
We do NOT share your data with:
- Advertisers or marketing companies
- Data brokers
- Third parties for their own marketing
- Anyone without your consent except as required by law
We may disclose information if required by law, court order, or to protect safety.
6. Data Security
We implement comprehensive security measures:
- All data encrypted in transit (TLS)
- Data encrypted at rest
- Row Level Security — you can only access your own data
- Access restricted to authorized personnel
- Regular security assessments
No method of transmission is 100% secure. We will notify you of any data breach as required by applicable law.
7. Data Retention
- Account data: retained while account is active plus 30 days after deletion
- Craving logs: retained while account is active
- Payment records: retained 7 years for legal compliance
- On account deletion: personal data removed within 30 days
8. Your Rights
All users:
- Access your personal information
- Correct inaccurate information
- Delete your account and data
- Export your data in portable format
- Opt out of non-essential communications
EEA users (GDPR):
- Restrict processing
- Object to processing
- Lodge a complaint with your data protection authority
California users (CCPA):
- Know what data we collect and how we use it
- Delete your personal information
- We do not sell personal information
To exercise any rights: hello@cravelog.ai. We will respond within 30 days.
9. Sensitive Personal Information
Your emotional states and craving data are treated with the highest protection:
- Never shared with third parties except as described above
- Never used for advertising or profiling
- Never disclosed to researchers individually
- Aggregate anonymized data may improve our AI models
10. Cookies
We use only essential and functional cookies:
- Essential: required for authentication and security
- Functional: remember your preferences
- Analytics: aggregated, anonymized usage data
We do NOT use advertising cookies or third-party tracking for marketing.
11. Children's Privacy
CraveLog is not directed to anyone under 18. We do not knowingly collect data from children under 18. If you believe a child has provided us data, contact us immediately at hello@cravelog.ai.
12. International Data Transfers
Your data may be processed in the United States and other countries. For EEA users, we use Standard Contractual Clauses and other approved mechanisms for international transfers.
13. Changes to This Policy
We will notify you of material changes via email and by updating this page. Continued use after changes constitutes acceptance.
14. Contact Us
Email: hello@cravelog.ai
Website: https://cravelog.ai/privacy
For GDPR inquiries you may also contact your local data protection authority.
© 2026 CraveLog. All rights reserved.