Legal

Privacy Policy

Last updated: February 28, 2026

On this page

1.Information We Collect

We collect information in three categories when you use the Crux platform at crux.camp:

Account Data

When you create an account, we collect your name, email address, and profile picture (if you sign in with Google). Property Owners also provide business name, property details, location, contact information, and brand settings.

Booking & Transaction Data

When Guests make a reservation, we collect reservation details (dates, guest count, selected accommodations, activities, and packages), guest contact information (name, email, phone number), special requests, and payment transaction identifiers from Stripe. Crux does not store raw credit card numbers — all payment card data is handled exclusively by Stripe in compliance with PCI-DSS standards.

Usage Data

We automatically collect information about how you interact with the Platform, including pages visited, features used, browser type and version, operating system, IP address, device identifiers, and referring URLs.

2.How We Use Information

We use the information we collect to:

  • Operate and maintain the booking platform, including processing reservations and managing availability
  • Process payments through Stripe Connect and disburse funds to Property Owners
  • Send transactional communications including booking confirmations, payment receipts, balance reminders, and check-in notifications
  • Provide customer support and respond to inquiries
  • Generate analytics and reports for Property Owners (occupancy rates, revenue trends, booking volume)
  • Improve, personalize, and optimize the Platform based on usage patterns
  • Comply with legal obligations, including tax reporting and fraud prevention
  • Send product updates and feature announcements to Property Owners (with opt-out available)

3.How We Share Information

We do not sell your personal data to third parties.

We share information only in the following circumstances:

  • With Property Owners — When a Guest makes a booking, the Property Owner receives the Guest's name, email, phone number, booking details, and special requests. Guests consent to this sharing when they complete a reservation.
  • With Stripe — Payment and identity information is shared with Stripe for payment processing, fraud prevention, and regulatory compliance. Stripe's handling of your data is governed by Stripe's Privacy Policy.
  • With service providers — We use trusted third-party services for infrastructure, email delivery, error monitoring, and analytics, as described in Section 7. These providers process data on our behalf under data processing agreements.
  • As required by law — We may disclose information if required to comply with applicable law, legal process, or governmental request, or to protect the rights, property, or safety of Crux, our users, or the public.

4.Data Retention

We retain your data according to the following schedule:

Data TypeRetention Period
Account dataWhile account is active + 2 years after closure
Booking & transaction data7 years (legal and tax compliance)
Usage & analytics data13 months

You may request deletion of non-legally-required data at any time by contacting us at the address provided in Section 12.

5.Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption in transit — All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security)
  • Payment security — Credit card data is handled exclusively by Stripe, a PCI-DSS Level 1 certified payment processor. Crux never stores, processes, or transmits raw card numbers.
  • Access controls — Employee access to personal data is restricted on a need-to-know basis with role-based access controls
  • Regular reviews — We conduct periodic security assessments of our infrastructure and code

In the event of a data breach affecting your personal information, Crux will notify affected users and relevant authorities as required by applicable law.

6.Cookies & Tracking

Crux uses a limited number of cookies to operate the Platform:

  • Essential cookies — Required for authentication and session management. These cannot be disabled as the Platform requires them to function.
  • Analytics cookies — Used to understand usage patterns and improve the Platform. These can be declined without affecting core functionality.

We do not use advertising cookies or cross-site tracking technologies.

Property Owners who embed the Crux booking widget on their websites should disclose the widget's use of essential cookies in their own privacy and cookie policies.

7.Third-Party Services

We use the following third-party services to operate the Platform. Each service processes data according to its own privacy policy:

ServicePurpose
StripePayment processing, Stripe Connect payouts, fraud detection
Google OAuthAuthentication (sign-in with Google)
SentryError monitoring and performance tracking
ResendTransactional email delivery
VercelApplication hosting and edge network
MongoDB AtlasDatabase hosting

8.Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right to access — Request a copy of the personal data we hold about you
  • Right to correction — Request correction of inaccurate or incomplete data
  • Right to deletion — Request deletion of your personal data, subject to legal retention obligations described in Section 4
  • Right to data portability — Request your data in a structured, commonly used, machine-readable format
  • Right to opt out — Opt out of non-essential communications at any time via email preferences or by contacting us

To exercise any of these rights, contact us at aylormackenzie@gmail.com. We will respond to your request within 30 days.

9.Children's Privacy

The Crux platform is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided personal data to Crux, please contact us immediately at aylormackenzie@gmail.com and we will take steps to delete that information.

10.International Data Transfers

Crux is based in the United States. If you access the Platform from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

By using the Platform, you consent to the transfer of your information to the United States. Where required by applicable law, we implement appropriate safeguards (such as standard contractual clauses) to protect your data during international transfers.

11.Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via email to the address associated with your account and through a notice displayed in the dashboard.

Continued use of the Platform after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this page periodically for the latest information.

12.Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

Crux — Data Protection

Email: aylormackenzie@gmail.com

Website: crux.camp

We aim to respond to all privacy-related inquiries within 30 days.