Privacy Policy#

Last updated: 14 April 2026

1. Controller and Contact#

The controller responsible for the processing of your personal data is:

Cranny (operated by Daniel Jancar)
Email: [email protected]

This Privacy Policy applies to the Cranny website (the-cranny.com) and the Cranny mobile application (collectively, the "Service"). It describes how we collect, use, store, and protect your personal data, and explains your rights under the Swiss Federal Act on Data Protection (nFADP / revDSG, SR 235.1) and, where applicable, the EU General Data Protection Regulation (GDPR) and other applicable international privacy laws.

2. Data We Collect#

2.1 Account data#

When you register for an account:

• Email address
• Password (hashed; managed by Supabase Auth — we never have access to your plaintext password)

2.2 Profile data#

When you complete your profile:

• Username
• Bio (optional)
• Location text (optional, free-form)
• Profile picture
• Preferred routing app (optional)

2.3 User content#

• Spots: title, description, category, GPS coordinates, tags, images
• Traces: photos and short videos attached to spots
• Bookmarks (private, linked to your account)
• Follower relationships (which accounts you follow and which follow you)

2.4 Device permissions (mobile app)#

The Cranny mobile app requests the following device permissions at runtime:

• Location (while in use): Your precise GPS coordinates are used to display your position on the map and to pre-fill the location of a new Spot. Location is only accessed while the app is in the foreground and only when you grant permission. We do not collect or store your location history.
• Camera: Used to take photos directly within the app for Spots or your profile picture.
• Photo library: Used to select existing photos from your device for Spots or your profile picture.

When you select a photo, we may read its embedded EXIF metadata — specifically GPS coordinates — to suggest a location for your Spot. EXIF data is processed on-device and only the extracted GPS coordinates are sent to our servers if you choose to use them. Raw EXIF data is not stored.

2.5 Contact form submissions#

When you use our contact form: name, email address, subject, and message. These are retained for up to 90 days after your request has been addressed, then permanently deleted.

2.6 App usage analytics (mobile app)#

The Cranny mobile app uses EAS Insights, a service provided by Expo, to collect anonymous usage data. This currently includes only app launch events (cold starts). No personally identifiable information is collected through this service — data is limited to technical metadata such as platform, app version, and timestamps. This data helps us understand how the app is used and improve the experience.

2.7 Technical data#

• Authentication session tokens (stored as cookies on your device — see section 7)
• Server-side request logs (IP address, browser type, timestamps) retained briefly for security and abuse-prevention purposes

3. How We Use Your Data#

We do not sell your personal data to third parties.

Promotional use of public content#

Public content you submit — such as spot titles, descriptions, images, and tags — may be used by Cranny on our website, social media channels (including Instagram and TikTok), in advertising, and in other promotional materials. We will not use your private data (such as bookmarks or contact messages) for promotional purposes. If you do not want your content used for promotion, you may contact us at [email protected] to opt out of future promotional use. Note that content already published or shared cannot be retroactively removed from existing promotional materials.

4. Third-Party Processors#

We share data only with the following processors, who act strictly on our instructions and are bound by data processing agreements:

We may add further processors in the future (for example, analytics or social media integrations). This policy will be updated before any new processing begins.

5. Your Rights#

Under the nFADP and, where applicable, the GDPR, you have the following rights:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate data (you can also update your profile directly in the app)
• Erasure — request deletion of your account and all associated data (see section 8 for how to delete your account and what happens to your data)
• Restriction — request that we limit processing of your data in certain circumstances
• Portability — request your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

You may also lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at www.edoeb.admin.ch, or with the supervisory authority in your EU member state if applicable.

6. International Users#

Cranny is based in Switzerland and our primary database infrastructure is located in Switzerland (Supabase EU-Central-2, Zurich). We operate internationally and your data may be processed across borders. We take appropriate steps to ensure that international transfers comply with applicable law.

EU / EEA users: The GDPR applies to our processing of your personal data. You have the rights described in section 5 and may lodge a complaint with your local EU supervisory authority.

UK users: We comply with the UK GDPR. You may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

All other users: Regardless of where you are located, we apply the standards of the nFADP and GDPR as a baseline for all users globally.

7. Data Retention#

• Account and profile data — retained until you request deletion
• Spots and images — deleted when you remove them individually, or when your account is deleted
• Bookmarks — deleted when your account is deleted
• Contact form submissions — retained for up to 90 days after your inquiry is resolved, then permanently deleted
• Session cookies — expire at end of session or after up to one year

Account deletion: When you delete your account, it is immediately deactivated and no longer accessible to you or other users. After a 10-day period, your account and all associated personal data — including your profile, spots, images, and bookmarks — is permanently and irreversibly deleted. If you change your mind during the 10-day window, contact us at [email protected] to restore your account.

8. How to Delete Your Account#

You can delete your account in one of two ways:

• In the app: Go to Settings → Account → Delete Account. Your account will be immediately deactivated and all your content will be hidden. After 10 days, everything is permanently deleted.
• By email: Send a request to [email protected] and we will process it and confirm once complete.

During the 10-day deactivation window you can cancel the deletion by signing back in to your account or by contacting us at [email protected]. After 10 days, deletion is permanent and cannot be undone.

9. Cookies#

Cranny's website currently uses only the following cookies:

We do not currently use advertising or third-party tracking cookies on the website. The mobile app collects anonymous usage analytics via EAS Insights (see section 2.6), but this does not involve cookies. We may add non-essential cookies in the future, in which case this policy will be updated and your renewed consent will be requested before any such cookies are set.

10. User-Uploaded Images and Third-Party Personal Data#

Spots on Cranny include photos uploaded by users. These photos may incidentally contain images of identifiable people who have not consented to being photographed or appearing on the platform.

Users who upload images are solely responsible for:

• Holding all necessary rights and permissions to share the content
• Ensuring compliance with applicable privacy laws regarding any identifiable individuals visible in the images
• Obtaining any required consent from identifiable persons where required by law

If you believe an image of you has been posted without your consent, please contact us at [email protected] and we will review the content and take appropriate action.

11. Security#

We implement appropriate technical and organisational measures to protect your personal data, including encrypted connections (TLS/HTTPS), access controls, and industry-standard cloud infrastructure. No method of transmission over the internet is completely secure; we cannot guarantee absolute security but we take reasonable precautions to protect your data.

12. Children#

Cranny requires users to be at least 16 years old, in line with applicable data protection law (nFADP / GDPR). We do not knowingly collect personal data from anyone under 16. If you believe a person under 16 has created an account, please contact us at [email protected] and we will delete the account and its data promptly.

13. Changes to This Policy#

We may update this Privacy Policy from time to time. The "last updated" date at the top of this page reflects the most recent version. Material changes will be communicated to registered users by email where possible. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

14. Governing Law and Supervisory Authority#

This Privacy Policy is governed by Swiss law, in particular the Federal Act on Data Protection (nFADP, SR 235.1). The competent supervisory authority is the Swiss Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, Switzerland (www.edoeb.admin.ch).

15. Contact#

Privacy questions or requests? [email protected]