Cradt
Sign in

Last updated · May 2026

Privacy

Plain-English summary of what we collect, why, and how to delete it. No lawyer dressing. This is what we actually do.

What we collect

  • Account email, for sign-in codes and transactional email (digest, vault delivery).
  • Discogs handle and collection, if you connect Discogs. We mirror your collection and wantlist so we can show and analyze them.
  • Apple Music authorization token, if you connect Apple Music. Encrypted at rest, used only to create your wantlist playlist.
  • Subscription state: tier, status, renewal date. Payment details live with Stripe; we never see your card.
  • Public market data: daily snapshots of Discogs want, have, and price for the records in your collection. This is public data, not personal.

What we don't collect

  • No advertising, ad networks, or data brokers.
  • No selling or renting of your personal data.
  • No session recording. We do not record or replay your screen, and we do not use heatmaps. Product analytics is limited to named events and pageviews.

Who we share with

Our infrastructure providers, processing data on our behalf:

  • Supabase for database, auth, and file storage.
  • Vercel for application hosting.
  • Stripe for payment processing.
  • Resend for transactional email.
  • PostHog for product analytics (named events and pageviews only, no session recording, and only after you accept analytics cookies).
  • Discogs and Apple Music for the integrations you explicitly authorize.

Your rights

From your account page you can:

  • Export every byte of your data as JSON.
  • Permanently delete your account and everything associated with it.
  • Disconnect Discogs or Apple Music at any time.

We honor GDPR and CCPA requests. Email privacy@cradt.com and we'll respond within 30 days.

Retention

We keep your data as long as your account is active. Stats history older than 90 days is pruned automatically. Vault PDFs are stored for as long as your Vault subscription is active. Deleted accounts are removed within 7 days.

Cookies & analytics

Essential cookies keep you signed in, remember your light/dark theme, and store your analytics choice. These are always on; the app can't work without them.

Optional analytics cookies power PostHog, which we use to understand how features are used through aggregate funnels of named events and pageviews. We do not record or replay your sessions and we do not use heatmaps. PostHog only loads after you accept. You can decline or change your mind any time via .

Separately, we keep a first-party log of product events (for example, "connected Apple Music" or "started a scan") tied to your account, to measure how Cradt is used and improve it. No third-party ad use, included in your data export, and deleted with your account.

So you know exactly what is in that log, those product events are:

  • Account and subscription: signing up, connecting Discogs or Apple Music, and starting or changing a plan.
  • Collection actions: syncing from Discogs and adding or scanning records, as counts and outcomes, never the records themselves.
  • Feature use: generating a report, a Collection DNA, or a Curator's Read, and opening the installed app.

We never log the contents of your collection, your notes, or anything you type into search. Each event is a name plus a few numbers (a count, a tier, a type), tied to your account and deleted with it.

Contact

Questions, requests, or a friendly hello: privacy@cradt.com.

Privacy · Cradt · Cradt