This document outlines how and why Crux manages and handles your data. If you have any questions, please reach out to us at contact@cruxapp.ca.

Data collection

Crux collects information from two primary sources, our sign-in partners (Google & Apple) and the application itself.

From Google and Apple, we collect a name, email, and profile image URL when you sign in. Your name and image URL are used to identify you in the app and will be shared with other users of the app. Your email will be used for email outreach but will never be shared with other app users. Your email will never be sold to third parties for any reason.

From the application, we collect data that users choose to enter into the app including climb comments, session notes, information about climb sends, and more. Most of this information is made public when you post it on the app. For example, other users can see comments that you post on climbs. Users have full control over what information is posted and may edit or delete information at any time using the in-app edit or delete functionality.

We also use issue tracking software that collects IP addresses, browser information, and debug information from your app session. We use this information to assist with tracking bugs and fixing issues. For example, being able to attribute user errors to a specific browser version may help us resolve issues more quickly.

Data security

We take data security seriously and take steps to ensure that your data is secure. We use industry standard encryption and authenticated protocols to ensure that your data is secure in transit. We also use industry standard authentication schemes to ensure that only you can access your data.

We also delete your data when requested or when it is no longer needed to provide the service. For example, when you delete a comment, it is removed from our database and is no longer accessible to anyone, including ourselves.

Internally, we limit access to your data to only those who need it to provide the service. We also use secure passwords, two-factor authentication, and other industry standard security practices to ensure that your data is secure.

If you have any questions or concerns about our approach to data security, please reach out to us at contact@cruxapp.ca.

Service providers

Crux uses several third party service providers to help with running the site such as Sentry, Heroku, Mailchimp, and other similar providers. Your data may be shared with these service providers when required. These service providers are obligated not to sell or disclose this information.

Right to request your data

You have the right to request a copy of your data at any time. To request a copy of your data, please reach out to us at contact@cruxapp.ca. We will provide you with a copy of your data within 30 days of your request. The data will be provided in a machine-readable format.

Right to request changes to your data

You have the right to request changes to your data at any time. Most types of data can be edited within the application using the provided controls. For any data that cannot be edited by the user, or if you require assistance, please send us an email at contact@cruxapp.ca. We will make the requested changes to your data within 30 days of your request.

Right to be forgotten

You have the right to request for your data to be deleted. To request for your data to be deleted, please reach out to us at contact@cruxapp.ca. We will confirm deletion of your data within 30 days.