Effective date: 2026-07-06
We collect the minimum needed to run the service and nothing more. This page tells you exactly what we collect, what we don't, and how long we keep it.
What we collect (registered users only)
- Your email address, stored as a one-way hash. We cannot read it back.
- Your API keys, stored as one-way hashes. We cannot use them on your behalf.
- Your claimed domains, if you choose to verify ownership.
What we do NOT collect
- Your IP address is checked briefly for anonymous rate limiting, then discarded. We do not store it.
- Your browser User-Agent is not stored or linked to you.
- Your search history is not logged, stored, or analyzed.
- We do not use third-party analytics, trackers, advertising, or cookies beyond a single session cookie when you log in.
Third-party services
We use Amazon SES only to send your verification email. Amazon receives your email address once for that delivery and nothing else. We do not share any other data with Amazon or any other provider.
Account deletion
You can delete your account at any time. When you do, we remove your hashed email, API keys, claimed domains, and session data in a single transaction.
Server logs
We keep operational logs (server logs, Litestream replication logs) for 7 days, then they roll off automatically. These logs are used only for debugging and capacity planning.
Changes to this policy
We may update this policy. The current version will always be posted here with the effective date. If you do not agree to the changes, you can delete your account at any time.
Contact
For privacy questions, data deletion help, or GDPR data subject requests, email privacy@crtlog.com.