Privacy Policy

Cristioa is a business idea discovery platform operated from Norway. We are the data controller for personal data collected through this website.

Contact: gasingasin2@gmail.com

• Email address, when you create an account or sign in with a magic link.
• Usage data, pages visited, time on site, and interactions, collected anonymously via Google Analytics (see Cookies below).
• Payment information, processed entirely by Stripe. We never see or store your card number. Stripe provides us only with a customer ID and subscription status.
• Device-local data, bookmarks, theme preference, AI-generated ideas, and daily generation count are stored in your browser's localStorage. This data never leaves your device and is not transmitted to our servers.

• Account and authentication (legal basis: contract), to let you sign in, manage your subscription, and sync your Pro status.
• Payment processing (legal basis: contract), to charge for Pro subscriptions via Stripe.
• Analytics (legal basis: legitimate interest), to understand how the site is used and improve it. Data is anonymised and aggregated.
• AI idea generation (legal basis: contract / legitimate interest), when you use the AI generator, your prompt text is sent to Groq's API to generate an idea. No personal data is intentionally included in prompts.

• Supabase, stores your account email and subscription status. Data is hosted in the EU.
• Stripe, processes payments. Subject to Stripe's own privacy policy.
• Google Analytics, collects anonymised usage analytics via cookies.
• Groq, processes AI idea generation requests. Prompt text is sent to Groq's API servers.

We use two types of storage:

• Google Analytics cookies, used to measure site traffic anonymously. You can opt out via your browser settings or a GA opt-out extension.
• Browser localStorage, used for bookmarks, dark/light theme preference, and AI results. This is not a cookie and is not used for tracking.

As a resident of the EEA you have the right to:

• Access, request a copy of the personal data we hold about you.
• Rectification, ask us to correct inaccurate data.
• Erasure, ask us to delete your account and associated data.
• Portability, receive your data in a machine-readable format.
• Restriction / objection, ask us to stop processing your data in certain circumstances.

To exercise any right, email gasingasin2@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with Datatilsynet (the Norwegian Data Protection Authority).

• Account data (email) is retained until you request deletion.
• Payment records are retained as required by Stripe and applicable accounting laws.
• Analytics data is retained for 14 months per Google Analytics defaults.

This policy is governed by Norwegian law and the EU General Data Protection Regulation (GDPR) as implemented in Norway through the EEA Agreement.