Privacy Policy

Last updated: April 26, 2026 · Effective immediately

This Privacy Policy describes how Crunchly ("we", "us", or "our") collects, uses, and shares information about you when you use our website, mobile applications, and related services (collectively, the "Services").

Plain-English summary: we collect what we need to run Crunchly and nothing more. Your deal data lives on your device by default. We don't sell your information. You can delete your account at any time.

1. Information We Collect

Information you provide

• Account information: name, email address, and password (stored as a salted hash) when you create an account.
• Billing information: if you subscribe to a paid plan, payment details are processed and stored by our payment processor (Stripe). We never see or store your full card number.
• Deal data: property details, financial inputs, and calculations you enter into Crunchly. By default, this data is stored locally on your device. Optional cloud sync is available on Pro and Investor plans.
• Communications: if you email our support team or fill out a contact form, we keep that correspondence to help you.

Information we collect automatically

• Usage data: aggregate, non-identifying information about how the Services are used (page views, feature usage, error reports). We use privacy-first analytics that does not track individuals across sites.
• Device data: browser type, operating system, screen size, and IP address (used for security and abuse prevention; truncated and not stored long-term).
• Cookies: a small number of necessary cookies for login session management and your saved preferences. See our cookie disclosure below.

2. How We Use Information

• To provide, maintain, and improve the Services.
• To authenticate users and prevent unauthorized account access.
• To process subscription payments and send receipts.
• To respond to your inquiries and provide customer support.
• To send transactional emails (account verification, password reset, billing receipts). You cannot opt out of these without closing your account.
• To send optional product updates if you opt in. You can unsubscribe at any time.
• To detect, investigate, and prevent fraudulent or harmful activity.
• To comply with legal obligations.

3. How We Share Information

We do not sell your personal information. We share information only in these limited circumstances:

• Service providers: trusted third parties that help us operate (payment processing, email delivery, hosting, analytics). These vendors are contractually bound to use your information only as we direct.
• Legal requirements: when required by law, subpoena, or to protect rights, safety, or property.
• Business transfers: if Crunchly is acquired or merged, your information may transfer to the successor entity. We will notify you of any such change.

4. Data Storage and Security

We use industry-standard encryption in transit (TLS 1.2+) and at rest. Passwords are hashed using bcrypt or equivalent. We restrict access to personal data to employees and contractors who need it to do their jobs.

By default, your deal data is stored locally on your device using browser storage. If you opt into cloud sync, your data is encrypted in our database and accessible only by you.

No security system is perfect. If we become aware of a breach affecting your information, we will notify you in accordance with applicable law.

5. Your Rights and Choices

• Access and correction: you can view and update your account information at any time from your account settings.
• Deletion: you can delete your account and associated data at any time. Some information may be retained as required by law (e.g., tax records).
• Data export: you can export your deal data in CSV or PDF format at any time.
• Marketing communications: you can unsubscribe from marketing emails using the link in each email.
• Do Not Track: we do not currently respond to browser Do Not Track signals because there is no industry standard for compliance.

6. Regional Privacy Rights

California residents (CCPA / CPRA)

You have the right to know what personal information we collect, request deletion, opt out of any sale or sharing of your information (we do neither), and not be discriminated against for exercising these rights. Submit requests to privacy@crunchly.io.

European Economic Area, United Kingdom, Switzerland (GDPR)

You have the rights of access, rectification, erasure, restriction, portability, and objection. The legal basis for our processing is performance of contract (to provide the Services), legitimate interest (to operate and improve the Services), and consent (where required). To exercise these rights, contact privacy@crunchly.io.

7. Children's Privacy

Crunchly is not directed to children under 18, and we do not knowingly collect information from children. If you believe a child has provided us information, contact us and we will delete it.

8. Cookies

We use only essential cookies (for login sessions and your preferences) and privacy-friendly analytics that does not use third-party tracking cookies. We do not use cookies for advertising.

9. International Data Transfers

Crunchly is operated from the United States. If you access the Services from outside the U.S., your information will be transferred to and processed in the U.S. We use Standard Contractual Clauses for transfers from the EEA where required.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by email or by a notice on the website at least 14 days before they take effect. Continued use of the Services after changes constitutes acceptance.

11. Contact

Questions about this policy or your privacy? Email privacy@crunchly.io or write to:

Crunchly
[Mailing address to be added]
[City, State ZIP]
United States

This Privacy Policy is provided as a starting template and should be reviewed by qualified legal counsel before publication. Address blocks marked with brackets need to be filled in with your business details.