Privacy Policy

Last Updated: October 19, 2025

TL;DR (Quick Summary)

GANJ follows a simple principle: collect as little personal data as possible.

What GANJ Collects

  • ✅ Email address (stored by Clerk, a secure authentication provider - not by GANJ)
  • ✅ Pseudonymous handle (e.g., "DailyValley19")
  • ✅ Your contributions (menu uploads)

What GANJ Doesn't Collect

  • ❌ Real names
  • ❌ Phone numbers
  • ❌ IP addresses
  • ❌ Tracking cookies
  • ❌ Behavioral data

Your Rights

✅ Delete your account anytime | ✅ Export your data | ✅ See what GANJ stores

1. Information We Collect

1.1 Account Information (Stored by Clerk.com)

GANJ uses Clerk (Clerk Inc., USA) to manage user registration, authentication, and session management. Clerk processes your email address and authentication data on behalf of GANJ for the purpose of enabling secure login and account functionality. Clerk stores:

  • Email address (required for account login)
  • Session tokens (temporary, used to keep you logged in)
  • Login timestamps (when you sign in/out)
  • IP addresses (for security and fraud detection)
Important: This data is stored by Clerk.com (based in the United States), NOT by GANJ. GANJ never sees or stores your email address.
EU–U.S. Data Privacy Framework: Clerk Inc. is certified under the EU–U.S. Data Privacy Framework, approved by the European Commission on July 10, 2023. This means that the transfer of personal data to Clerk in the United States is considered to provide an adequate level of protection under EU data protection law. For more information, see Clerk's privacy policy and Data Privacy Framework certification.

1.2 Pseudonymous Profile Data (Stored by GANJ)

In GANJ's database (hosted in the EU), the following is stored:

  • Pseudonymous handle (auto-generated username like "DailyValley19")
  • Clerk user ID (random identifier)
  • Total points (gamification score)
  • App preferences (settings)
  • Timestamps (account creation, last activity)

1.3 User Contributions (Public Data)

When you upload menu photos or contribute data:

  • Menu items you've submitted
  • Shop information
  • Upload timestamps
  • Attribution (your pseudonymous handle)
Important: Contributions are public and community-owned. When you delete your account, your contributions remain but are anonymized.

2. How GANJ Uses Your Information

GANJ uses your data only for these purposes:

  • Authentication - Log you in securely
  • Attribution - Show your handle on contributions
  • Gamification - Track your points and contributions
  • Debugging - Diagnose upload failures (logs retained 30 days)
  • Quality Control - Prevent spam and fraudulent uploads

GANJ does NOT use your email for:

  • ❌ Marketing or promotional emails
  • ❌ Selling your data to third parties
  • ❌ Behavioral advertising

3. How GANJ Protects Your Information

GANJ implements industry-standard protection measures to secure your data. All data is encrypted both at rest and in transit using secure connections. Access to your information is controlled through database-level security policies and authenticated access requirements. GANJ follows data minimization principles by using pseudonymous identifiers, separating personal information from app data, and keeping minimal logs. All third-party service providers are certified and GDPR-compliant with appropriate data protection frameworks in place.

4. Your Rights (GDPR & Privacy)

✅ Right to Access

See what data GANJ has about you. Visit your profile page or email privacy@getganj.com

🗑️ Right to Erasure ("Right to be Forgotten")

Delete all your personal data. Click "Delete Account" in your profile settings or email privacy@getganj.com

📦 Right to Data Portability

Export your data in JSON format. Visit /api/user/export or email privacy@getganj.com

✏️ Right to Rectification

Correct inaccurate data. Note: Handles are immutable by design for privacy reasons.

5. Third-Party Services

GANJ does not sell your data. The following service providers are used:

Clerk.com

Purpose: Authentication

Data Shared: Email, IP, sessions

Location: USA

Supabase

Purpose: Database

Data Shared: Pseudonymous data

Location: EU (Germany)

Railway.app

Purpose: Hosting

Data Shared: Server logs (no PII)

Location: USA (AWS)

Cloudflare

Purpose: CDN, CAPTCHA

Data Shared: IP (hashed after 24h)

Location: Global

6. Contact Us

Questions? Concerns? Requests?

Email: privacy@getganj.com

Response time: Within 30 days (usually faster)

Our Commitment to Privacy

✅ Data minimization
✅ Pseudonymization
✅ Transparency
✅ User control
✅ Security first
✅ No dark patterns
Thank you for trusting us with your data. We don't take it lightly.

For the complete detailed privacy policy, see our full documentation