Legal
Privacy Policy
Last Updated: October 19, 2025
TL;DR (Quick Summary)
GANJ follows a simple principle: collect as little personal data as possible.
What GANJ Collects
- Email address (stored by Clerk)
- Pseudonymous handle (e.g., "DailyValley19")
- Your contributions (menu uploads)
What GANJ Doesn't Collect
- Real names
- Phone numbers
- IP addresses
- Tracking cookies
- Behavioral data
Your Rights
1. Information We Collect
1.1 Account Information (Stored by Clerk.com)
GANJ uses Clerk (Clerk Inc., USA) to manage user registration, authentication, and session management. Clerk stores:
- Email address (required for account login)
- Session tokens (temporary, used to keep you logged in)
- Login timestamps (when you sign in/out)
- IP addresses (for security and fraud detection)
1.2 Pseudonymous Profile Data (Stored by GANJ)
In GANJ's database (hosted in the EU), the following is stored:
- Pseudonymous handle (auto-generated like "DailyValley19")
- Clerk user ID (random identifier)
- Total points (gamification score)
- App preferences (settings)
- Timestamps (account creation, last activity)
1.3 User Contributions (Public Data)
When you upload menu photos or contribute data:
- Menu items you've submitted
- Shop information
- Upload timestamps
- Attribution (your pseudonymous handle)
2. How GANJ Uses Your Information
GANJ uses your data only for these purposes:
- Authentication - Log you in securely
- Attribution - Show your handle on contributions
- Gamification - Track your points and contributions
- Debugging - Diagnose upload failures (logs retained 30 days)
- Quality Control - Prevent spam and fraudulent uploads
- Marketing or promotional emails
- Selling your data to third parties
- Behavioral advertising
3. How GANJ Protects Your Information
GANJ implements industry-standard protection measures to secure your data. All data is encrypted both at rest and in transit using secure connections. Access to your information is controlled through database-level security policies and authenticated access requirements. GANJ follows data minimization principles by using pseudonymous identifiers, separating personal information from app data, and keeping minimal logs. All third-party service providers are certified and GDPR-compliant with appropriate data protection frameworks in place.
4. Your Rights (GDPR & Privacy)
Right to Access
See what data GANJ has about you. Visit your profile page or email privacy@getganj.com
Right to Erasure
Delete all your personal data. Click "Delete Account" in your profile settings or email privacy@getganj.com
Data Portability
Export your data in JSON format. Visit /api/user/export or email privacy@getganj.com
Right to Rectification
Correct inaccurate data. Note: Handles are immutable by design for privacy reasons.
5. Third-Party Services
GANJ does not sell your data. The following service providers are used:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Clerk.com | Authentication | Email, IP, sessions | USA |
| Supabase | Database | Pseudonymous data | EU (Germany) |
| Railway.app | Hosting | Server logs (no PII) | USA (AWS) |
| Cloudflare | CDN, CAPTCHA | IP (hashed after 24h) | Global |
5.5 Analytics (Cookieless)
To understand which content is read and where visitors come from, GANJ measures aggregate, anonymous visitor statistics with its own first-party system. No cookies, no persistent identifiers, and no personal data are used — so you will never see a cookie banner for analytics.
For each page view we record the page visited, the referring website, and your country (derived from Cloudflare). These are tied to a daily-rotating one-way hash that cannot identify you and is not linkable across days. Your raw IP address and browser User-Agent are never stored.
Your choices & our basis
We honor Do‑Not‑Track and Global Privacy Control — if your browser sends either signal, nothing is collected. Lawful basis: legitimate interest (Art. 6(1)(f) GDPR); exempt from consent under Art. 11.7a of the Dutch Telecommunicatiewet. Raw events are deleted after 24 months; only anonymous daily totals are kept beyond that.
6. Contact Us
Questions? Concerns? Requests?
Email: privacy@getganj.com
Response time: Within 30 days (usually faster)
Our Commitment to Privacy
Thank you for trusting us with your data. We don't take it lightly.
For the complete detailed privacy policy, see our full documentation