CrateCanvas Privacy Policy

Effective date: June 1, 2026

What we collect

When a tenant signs up we collect the business name, the owner's name + email + password (hashed), and tier selection. When users sign in we record timestamps. Per-tenant business data (customers, orders, routes) lives in that tenant's isolated database — we don't read it or share it.

How we use it

• Operate your CrateCanvas account: authentication, billing, support, transactional email.
• Send service notifications (security, billing, scheduled maintenance).
• Aggregate, anonymized usage metrics to improve the product. We do not sell personal data.

Tenant isolation

Every tenant gets a physically separate SQL database. A coding bug cannot leak Tenant A's data to Tenant B. The catalog database holds only tenant metadata + identity records — not your operational data.

Subprocessors

Stripe (payments), SendGrid (email), Google (route optimization, geocoding). Each receives only the data needed to do their job.

Your choices

• You can edit account info at any time.
• You can request a data export of your tenant's database.
• You can request deletion of your account; some records (billing, audit) are retained per applicable law.

Contact

Privacy questions: privacy@cratecanvas.com.