Introduction
This Privacy Policy explains how COMPANY_NAME ("we," "us," or "our"), operating the CrankBench platform, collects, uses, discloses, and protects your personal data when you use our bicycle repair shop management service.
We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
Data Controller
COMPANY_NAMEADDRESS Slovenia
Data Protection Contact: Email: jure.repar@reweb.si
Information We Collect
Account Information
- Full name
- Email address
- Password (encrypted)
- Phone number (optional)
Business Information
- Shop name and address
- Business registration details
- Team member information
- Service types and pricing
Customer Data (Processed on Your Behalf)
As a data processor, we store customer data you enter into CrankBench:
- Customer names and contact details
- Bicycle information and repair history
- Service records and notes
Payment Information
- Billing address
- Payment method details (processed by Stripe)
- Subscription and invoice history
Usage Data
- Log data (IP address, browser type, pages visited)
- Feature usage analytics
- Error reports and diagnostics
Cookies and Similar Technologies
- Authentication tokens
- Language preferences
- Session data
Legal Basis for Processing
Under GDPR Article 6, we process your personal data based on the following legal grounds:
| Data Category | Legal Basis | Purpose |
|---|---|---|
| Account data | Contract performance | Service delivery and account management |
| Business data | Contract performance | Enabling platform functionality |
| Payment data | Contract performance | Processing subscriptions and billing |
| Usage data | Legitimate interest | Service improvement and security |
| Cookies (essential) | Contract performance | Authentication and preferences |
| Marketing communications | Consent | Promotional materials (opt-in only) |
How We Use Your Information
We use your personal data to:
- Provide and maintain the CrankBench platform
- Process payments and manage subscriptions
- Send service communications (account updates, security alerts)
- Improve our services through analytics and feedback
- Provide customer support and respond to inquiries
- Ensure security and prevent fraud
- Comply with legal obligations
Data Sharing and Third-Party Processors
We share your data with the following third-party service providers:
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Supabase | Database hosting and authentication | EU (Frankfurt) | GDPR-compliant, DPA |
| Stripe | Payment processing | USA/EU | EU-US DPF, SCCs |
| Vercel | Application hosting | Global (EU preferred) | GDPR-compliant, DPA |
We do not sell your personal data to third parties.
International Data Transfers
When your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- EU-US Data Privacy Framework certification (where applicable)
- Adequacy decisions for transfers to countries with equivalent protection
Data Retention
We retain your personal data for the following periods:
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 2 years |
| Transaction records | 7 years (legal requirement) |
| Usage logs | 90 days |
| Backup data | 30 days after deletion |
| Customer data (you enter) | Until you delete it or account closure |
After these periods, data is securely deleted or anonymized.
Your Rights Under GDPR
You have the following rights regarding your personal data:
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure ("Right to be Forgotten")
Request deletion of your personal data under certain circumstances.
Right to Restriction
Request limitation of processing in specific situations.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests or direct marketing.
Right to Withdraw Consent
Withdraw consent at any time for consent-based processing.
Right to Lodge a Complaint
File a complaint with your supervisory authority.
To exercise these rights, contact us at jure.repar@reweb.si.
Data Security
We implement appropriate technical and organizational measures to protect your personal data:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Access controls with role-based permissions
- Regular security audits and vulnerability assessments
- Secure authentication with password hashing and optional 2FA
- Data backup with encrypted storage
- Incident response procedures for data breaches
Children's Privacy
CrankBench is not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by:
- Email notification to your registered address
- Prominent notice on our platform
- Updating the "Last Updated" date above
Continued use of CrankBench after changes constitutes acceptance of the updated policy.
Supervisory Authority
If you are located in Slovenia, you may lodge a complaint with:
Informacijski pooblaščenec Republike Slovenije (Information Commissioner of the Republic of Slovenia) Dunajska cesta 22 1000 Ljubljana Slovenia Website: www.ip-rs.si Email: gp.ip@ip-rs.si
Contact Us
For questions or concerns about this Privacy Policy or our data practices:
Email: jure.repar@reweb.si
Address:COMPANY_NAMEADDRESS Slovenia
We aim to respond to all inquiries within 30 days.