Ideacrawl ("we," "us," or "our") operates the website at Ideacrawl (the "Service"). We are an idea discovery and community platform that allows users to browse, submit, react to, and comment on ideas.

This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service. By using the Service, you agree to the practices described in this policy.

For any privacy-related questions, please contact us at admin@ideacrawl.com.

We collect the following categories of personal data:

We collect data through three methods:

• Directly from you — when you register an account, fill out a form, post an idea, leave a comment, or contact us.
• Automatically — when you browse the Service, we automatically collect technical and usage data via cookies, server logs, and Google Analytics.
• From third parties — when you choose to sign in with Google, Google sends us your name, email address, and profile picture. When you subscribe to a paid plan, Stripe sends us confirmation of your subscription status and transaction IDs.

We use your personal data for the following purposes:

We do not use your data to serve you third-party advertisements or sell your information to advertisers.

Ideacrawl offers "Sign in with Google" as an authentication option. When you choose this method, Google shares the following with us:

• Your full name
• Your Google email address
• Your Google profile picture URL

We do not receive access to your Google Drive, Gmail, Contacts, Calendar, or any other Google services. We request only the minimum scope necessary for authentication.

Your use of Google Sign-In is additionally governed by Google's Privacy Policy. If you delete your Google account, your Ideacrawl account remains active but you will need to set a password to continue logging in — please contact admin@ideacrawl.com if this happens.

All payment processing is handled by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. When you subscribe to a paid plan:

• Your payment card details are entered directly into Stripe's secure form and are never transmitted to or stored on Ideacrawl's servers
• We receive from Stripe only: your subscription status, plan type, transaction IDs, and a tokenised customer reference
• Stripe may collect additional data as part of their fraud prevention and compliance processes, governed by Stripe's Privacy Policy

If you cancel your subscription or delete your account, we retain billing records for up to 7 years as required for accounting and tax compliance purposes.

We use Google Analytics to understand how visitors use Ideacrawl. Google Analytics uses cookies — small text files stored in your browser — to collect anonymous usage data including pages visited, session duration, device type, and approximate geographic location (country/city level).

The cookies we use:

Google Analytics data is processed by Google and subject to Google's Privacy Policy. We have enabled IP anonymisation in Google Analytics, meaning your full IP address is never stored by Google in connection with Analytics data.

When you post ideas, comments, or reactions on Ideacrawl, that content is publicly visible to all users of the platform by default. Your display name and profile picture are shown alongside any content you submit.

Please do not include sensitive personal information (such as your home address, financial details, or private contact information) in any public-facing content you post on the platform.

If you delete your account, your public content (ideas, comments) may remain visible on the platform in anonymised or attributed form, or may be deleted — this depends on the nature of the content and community context. You can request full removal by contacting admin@ideacrawl.com.

We do not sell your personal data to third parties. We share data only in the following limited circumstances:

• Stripe — your email and subscription data are shared with Stripe to process payments and manage your billing
• Google — we use Google Sign-In and Google Analytics, both of which involve data processing by Google under their own privacy policy
• Hosting & infrastructure providers — our servers and databases may be managed by third-party cloud providers (such as AWS, Vercel, or similar) who process data on our behalf under strict data processing agreements
• Legal requirements — we may disclose your data if required by law, court order, or government authority, or to protect the rights, safety, or property of Ideacrawl or its users
• Business transfers — if Ideacrawl is acquired, merged, or its assets are transferred, your data may be transferred as part of that transaction. You will be notified via email before any such transfer occurs.

All third-party service providers we work with are contractually required to handle your data securely and only for the purposes we specify.

We retain your personal data for as long as your account is active or as needed to provide the Service. Specific retention periods:

• Account data (name, email, profile picture) — retained while your account is active. Deleted within 30 days of account deletion request, except where legal retention is required.
• Payment & billing records — retained for 7 years for legal and tax compliance, even after account deletion.
• Usage & analytics data (Google Analytics) — retained for 26 months per Google Analytics default settings.
• Server logs (IP addresses, request logs) — retained for up to 90 days for security and debugging purposes.
• Content (ideas, comments) — retained while your account is active. Upon account deletion, content may be anonymised or removed at our discretion.

To request early deletion of your data, please contact admin@ideacrawl.com.

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:

• HTTPS encryption for all data in transit
• Encrypted storage of passwords (bcrypt hashing — we never store plain-text passwords)
• Restricted access to databases and production systems
• Stripe's PCI-DSS compliance for all payment data
• Regular security reviews and dependency updates

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users by email within 72 hours of becoming aware of the breach.

Depending on your location, you may have the following rights regarding your personal data. We honour these rights regardless of your jurisdiction:

To exercise any of these rights, email us at admin@ideacrawl.com with the subject line "Privacy Request." We will respond within 30 days. We may need to verify your identity before processing your request.

You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data appropriately.

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at admin@ideacrawl.com and we will delete that information promptly.

Ideacrawl may store and process your data in countries outside your country of residence, including the United States, where our infrastructure providers and third-party processors (Stripe, Google) are based.

When your data is transferred internationally, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) adopted by the European Commission, or processing by providers certified under recognised transfer mechanisms.

By using the Service, you acknowledge that your data may be transferred to and processed in countries with data protection laws that may differ from those in your home country.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following additional protections apply to you under the General Data Protection Regulation (GDPR) and equivalent laws:

• We process your data on the legal bases of contract performance, legitimate interest, legal obligation, and in some cases consent (e.g., for optional analytics cookies).
• You have all the rights outlined in Section 12, and these are enforceable legal rights under GDPR.
• You have the right to withdraw consent at any time where we rely on consent as a legal basis.
• You may lodge a complaint with your national data protection authority (e.g., the ICO in the UK, CNIL in France, or the supervisory authority in your EU member state).

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

• Update the "Effective date" at the top of this page
• Notify you via email if the changes are material (e.g., new data categories collected, new sharing practices)
• Where required by law, seek your renewed consent

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please reach out to us:

• Privacy inquiries: admin@ideacrawl.com
• General support: admin@ideacrawl.com
• Website: Ideacrawl

We aim to respond to all privacy-related requests within 30 days. For urgent data breach concerns, please use the subject line "URGENT: Data Concern" and we will prioritise your request.