Privacy Policy

We try hard to protect your private data and do not collect anything more than needed for a successful operation of our service.

What we collect, why and how we process your data

Anonymous visitors

Cookies

A cookie is a small piece of data that is stored on your computer, mobile device or tablet. We use cookies for anonymous visitors for security purposes.

Access logs

If you're browsing the cranks.io website we log your IP, browser, previously visited website (a referer) information for security, audit and marketing purposes for 180 days.

Other not connected to personal data analytics (like number of visitors, page views etc) is stored for 24 months.

Registered accounts

Everything mentioned for anonymous users plus the following.

Cookies

We use cookies for storing your user identifier for you to be able to login to Cranks.

Email

When creating an account on Cranks you share some private information with us, like email. We do not resell or in any way share this information with any third party services other than for functionality required for our service to operate (for example for sending email notifications or announcements).

We have three reasons to send an email to you:

  • Important announcements, service issues and data breaches. We reserve the right to use your email in order to notify you of important changes and doings (e.g. an update of this Privacy Policy).
  • Service-specific transactional emails with the results of our service functionality (e.g. your analysis results). This is highly recommended but is optional and can be configured in your user settings.
  • New blog posts, occasional news etc. This is optional and can be configured in your user settings.

For sending emails we use third-party services. Your email is used solely for sending notifications and is stored for a limited time.

Audit logs

For security purposes we store audit logs when you register, login, change your identity preferences and other important actions. They contain your username, IP address and browser information. These logs are kept for 24 months.

Data modification and export

You have the right to modify any personal data that you provide to us (email etc). You also have the right to export your personal data we've collected (from your user settings page).

Account removal

At any time you can delete your account by visiting your settings page. Your account will be marked inactive immediately and will be deleted during the next 30 days.

Protecting your data

In order to make your usage of our service safe we follow these best practices:

  • Use industry standard Transport Security Layer (TLS) throghout the website.
  • Host our service at Hetzner. They have pretty good security standards (PDF).
  • Limit the storage of various technical information (logs, traces) to minimum but enough for security audits.
  • Constantly perform security audit and enforce best practices (like role based permissions, firewalls, software updates).

Data breach disclosure

In case of a data breach or any unauthorized activity on your data, you will be notified immediately with an explanation of what might have leaked and how to mitigate the risks. We will take any needed steps to investigate the issue.

Version

01.2021