Privacy Policy

1. Information We Collect

When you create a Crige account, we collect your name, email address, and business details you provide during onboarding. We automatically collect certain technical information including your IP address, browser type, device identifiers, and pages visited on our platform. If you connect your Google Maps account or use our Places search feature, we process the business information returned by that service.

For merchant accounts, we collect business information including your address, phone number, opening hours, and any listings or offers you create. Payment information is processed directly by Stripe — we do not store your card details on our servers.

2. How We Use Your Information

We use your information to provide, maintain and improve the Crige platform, including displaying your business page to consumers searching the directory. Your email address is used to send transactional messages such as account confirmations, offer expiry reminders, and important service updates. We do not send unsolicited marketing emails without your consent.

We use aggregated, anonymised data to understand how the platform is used and to improve our services. We do not sell your personal data to third parties, and we do not use your data for targeted advertising outside of the Crige platform.

3. Data Storage and Security

Your data is stored securely using Supabase (powered by Google Cloud infrastructure) on servers located within the United Kingdom and European Economic Area. We apply industry-standard encryption both in transit (TLS) and at rest. Access to personal data is restricted to authorised personnel on a need-to-know basis, and we maintain audit logs of administrative access.

We retain your personal data for as long as your account is active or as required to provide you with our services. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes such as fraud prevention.

4. Cookies

We use essential cookies to keep you logged in and to maintain your session securely. We also use analytics cookies to understand how visitors use Crige, which helps us improve the platform. You can manage cookie preferences using the banner displayed on your first visit, or through your browser settings.

We do not use cookies for cross-site advertising or tracking. Third-party services embedded on our platform (such as Google Maps) may set their own cookies subject to their respective privacy policies.

5. Third-Party Services

Google Maps / Places API: We use Google's Maps and Places APIs to enable business search and address auto-completion. Data submitted to these services is governed by Google's Privacy Policy. We only send the minimum data necessary (business name or search query) to retrieve relevant results.

Stripe: Payment processing is handled by Stripe, Inc. When you upgrade to a paid plan, your payment details are submitted directly to Stripe and are governed by Stripe's Privacy Policy. We receive confirmation of successful payments but never your raw card data.

6. Your Rights (UK GDPR)

Under the UK General Data Protection Regulation, you have the right to access the personal data we hold about you, to correct inaccurate data, to request deletion of your data, to restrict or object to processing, and to data portability. You also have the right to withdraw consent at any time where processing is based on your consent.

To exercise any of these rights, please contact us at info@crige.com. We will respond to all legitimate requests within 30 days. If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

7. Contact Us

If you have questions or concerns about this Privacy Policy or how we handle your personal data, please contact us at info@crige.com. Our registered address is Crige Ltd, Wales, United Kingdom.