privacy policy
last updated: 2026-05-25
summary
We try to collect as little data as possible. Payments go through Stripe; emails go through Resend; errors go to Sentry tagged only with internal IDs. We don't run trackers, analytics pixels, or marketing cookies.
what we collect
- Payment data: handled entirely by Stripe. We never see card numbers. We store the Stripe customer ID and payment intent ID, which we use to derive a pseudonymous buyer handle on the public feed.
- Email address: collected at checkout, used only to send the magic link to your authoring page. Not added to any marketing list.
- Submitted prompts: stored indefinitely, shown on the public activity feed with personal information redacted automatically.
- Generated bundles: stored indefinitely, publicly visible at crowdslop.com.
- Session metadata: timestamps, slot IDs, session-rotation history. Used for the single-device auth rotation that protects your authoring window.
- Server logs: IP address, user agent, and request paths are logged by our hosting providers (Vercel, Cloudflare) and retained per their policies.
what we share with third parties
- Stripe: processes all payments. See stripe.com/privacy.
- Resend: delivers magic-link emails. Your email address is shared with Resend for delivery only.
- Sentry: receives error reports tagged with internal run/slot identifiers. Not tagged with email or payment data.
- Cloudflare: provides DNS and DDoS protection; sees request metadata in aggregate.
- Vercel: hosts the site; sees per-request logs per its policy.
- Cloudflare AI Gateway / Anthropic: processes your prompts to generate the site bundle. Prompts are sent to Anthropic via Cloudflare AI Gateway for content classification and code generation.
what we do not share
- Your email address with anyone besides Resend (for delivery) and never with marketers.
- Your buyer handle's derivation seed: the handle on the public feed is a one-way HMAC of your Stripe payment intent ID; we can't reverse it back to your identity from the public side, and we don't share the mapping.
cookies
We use one session cookie to keep you logged in to your own authoring page after clicking the magic link. We do not use third-party tracking cookies, advertising cookies, or fingerprinting.
your rights
- Delete account data: email privacy@crowdslop.com to remove personal data linked to your buyer handle. Note: deployed bundles are publicly visible and content-addressed; we cannot retroactively remove them (the permanent record is the point of the auction).
- Export: email the same address for a copy of data linked to your buyer handle.
- California / EU residents: you have additional rights under CCPA and GDPR including access, correction, deletion, and portability. Same contact method.
contact
Privacy requests, data exports, deletions: privacy@crowdslop.com. Other questions: support@crowdslop.com.
changes
This policy may be updated. Material changes will be flagged at the top of this page with a new revision date.