Skip to content

Legal

Privacy Policy

Last Updated: October 19, 2025

TL;DR (Quick Summary)

GANJ follows a simple principle: collect as little personal data as possible.

What GANJ Collects

  • Email address (stored by Clerk)
  • Pseudonymous handle (e.g., "DailyValley19")
  • Your contributions (menu uploads)

What GANJ Doesn't Collect

  • Real names
  • Phone numbers
  • IP addresses
  • Tracking cookies
  • Behavioral data

Your Rights

Delete your account anytime Export your data See what GANJ stores
1. Information We Collect

1.1 Account Information (Stored by Clerk.com)

GANJ uses Clerk (Clerk Inc., USA) to manage user registration, authentication, and session management. Clerk stores:

  • Email address (required for account login)
  • Session tokens (temporary, used to keep you logged in)
  • Login timestamps (when you sign in/out)
  • IP addresses (for security and fraud detection)
Important: This data is stored by Clerk.com (United States), NOT by GANJ. GANJ never sees or stores your email address.
EU–U.S. Data Privacy Framework: Clerk Inc. is certified under the EU–U.S. Data Privacy Framework. See Clerk's privacy policy and certification.

1.2 Pseudonymous Profile Data (Stored by GANJ)

In GANJ's database (hosted in the EU), the following is stored:

  • Pseudonymous handle (auto-generated like "DailyValley19")
  • Clerk user ID (random identifier)
  • Total points (gamification score)
  • App preferences (settings)
  • Timestamps (account creation, last activity)

1.3 User Contributions (Public Data)

When you upload menu photos or contribute data:

  • Menu items you've submitted
  • Shop information
  • Upload timestamps
  • Attribution (your pseudonymous handle)
Important: Contributions are public and community-owned. When you delete your account, contributions remain but are anonymized.
2. How GANJ Uses Your Information

GANJ uses your data only for these purposes:

  • Authentication - Log you in securely
  • Attribution - Show your handle on contributions
  • Gamification - Track your points and contributions
  • Debugging - Diagnose upload failures (logs retained 30 days)
  • Quality Control - Prevent spam and fraudulent uploads
GANJ does NOT use your email for:
  • Marketing or promotional emails
  • Selling your data to third parties
  • Behavioral advertising
3. How GANJ Protects Your Information

GANJ implements industry-standard protection measures to secure your data. All data is encrypted both at rest and in transit using secure connections. Access to your information is controlled through database-level security policies and authenticated access requirements. GANJ follows data minimization principles by using pseudonymous identifiers, separating personal information from app data, and keeping minimal logs. All third-party service providers are certified and GDPR-compliant with appropriate data protection frameworks in place.

4. Your Rights (GDPR & Privacy)

Right to Access

See what data GANJ has about you. Visit your profile page or email privacy@getganj.com

Right to Erasure

Delete all your personal data. Click "Delete Account" in your profile settings or email privacy@getganj.com

Data Portability

Export your data in JSON format. Visit /api/user/export or email privacy@getganj.com

Right to Rectification

Correct inaccurate data. Note: Handles are immutable by design for privacy reasons.

5. Third-Party Services

GANJ does not sell your data. The following service providers are used:

Provider Purpose Data Shared Location
Clerk.com Authentication Email, IP, sessions USA
Supabase Database Pseudonymous data EU (Germany)
Railway.app Hosting Server logs (no PII) USA (AWS)
Cloudflare CDN, CAPTCHA IP (hashed after 24h) Global
5.5 Analytics (Cookieless)

To understand which content is read and where visitors come from, GANJ measures aggregate, anonymous visitor statistics with its own first-party system. No cookies, no persistent identifiers, and no personal data are used — so you will never see a cookie banner for analytics.

For each page view we record the page visited, the referring website, and your country (derived from Cloudflare). These are tied to a daily-rotating one-way hash that cannot identify you and is not linkable across days. Your raw IP address and browser User-Agent are never stored.

Your choices & our basis

We honor Do‑Not‑Track and Global Privacy Control — if your browser sends either signal, nothing is collected. Lawful basis: legitimate interest (Art. 6(1)(f) GDPR); exempt from consent under Art. 11.7a of the Dutch Telecommunicatiewet. Raw events are deleted after 24 months; only anonymous daily totals are kept beyond that.

6. Contact Us

Questions? Concerns? Requests?

Email: privacy@getganj.com

Response time: Within 30 days (usually faster)

Our Commitment to Privacy

Data minimization Pseudonymization Transparency User control Security first No dark patterns

Thank you for trusting us with your data. We don't take it lightly.

For the complete detailed privacy policy, see our full documentation