Skip to content
Craft·Cert

Privacy Policy

Last updated: 11 March 2026

1. Who we are

CraftCert is a product of Crocker Digital Ltd, registered in England and Wales (Company No. 17008789). Crocker Digital Ltd is the data controller for any personal data collected through this website.

Contact: support@craftcert.co.uk

2. What data we collect

  • Account data: your email address, name (if provided), and account preferences — collected when you create an account.
  • Product and formulation data: product names, ingredient lists, concentrations, hazard classifications, and generated labels that you enter into CraftCert.
  • Payment data: billing details are collected and processed by Stripe. We store your Stripe customer ID but never see or store your card details.
  • Analytics: we use GoatCounter, a privacy-focused analytics tool that does not use cookies and does not collect personal data. It provides aggregate page view data only.
  • Error tracking: we use Sentry to monitor application errors. Sentry may receive technical data such as browser type, error stack traces, and request metadata. It does not receive your formulation or ingredient data.

3. Why we collect it (lawful basis)

  • Contract performance: to provide the CraftCert service, including classification, label generation, and compliance evidence.
  • Legitimate interest: to send essential account notifications, improve the product, and monitor for errors.
  • Consent: for optional marketing emails. You can opt out at any time from your account settings or by contacting us.

4. How your data is stored and processed

Your data is processed by the following services (see our Subprocessors page for full details):

  • Supabase — authentication and database hosting. Stores your account data, product data, formulations, labels, and evidence records. Supabase sets session cookies (prefixed sb-) for authentication.
  • Stripe — payment processing. Processes billing data for paid subscriptions.
  • Resend — transactional email delivery. Receives your email address to send account notifications.
  • Netlify — website hosting and deployment.
  • GoatCounter — privacy-focused analytics (no cookies, no personal data).
  • Sentry — error monitoring and performance tracking.
  • Upstash — rate limiting to protect the service from abuse. Processes IP addresses and user IDs temporarily.

5. Sharing

We share personal data only with the subprocessors listed above, solely for the purposes described. We do not sell, rent, or trade your personal data. We do not share your formulation or product data with any third party.

6. Data retention

We retain your data while your account is active. If you delete your account, your data is soft-deleted and permanently removed after 90 days. See our Retention & Deletion policy for full details.

7. Your rights (UK GDPR)

Under the UK General Data Protection Regulation, you have the right to:

  • Access the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data (Article 17).
  • Portability — request a copy of your data in a portable format (available via Settings > Export).
  • Restriction — ask us to limit processing in certain circumstances.
  • Object — object to processing based on legitimate interest.

To exercise any of these rights, email support@craftcert.co.uk. We aim to respond within 30 days.

8. Cookies

CraftCert uses essential cookies only. See our Cookies Policy for full details. We do not use advertising or tracking cookies.

9. Changes to this policy

We may update this policy from time to time. We will notify account holders of material changes by email. The “last updated” date at the top of this page indicates the most recent revision.

10. Contact

If you have any questions about this privacy policy or how we handle your data, please contact us:

support@craftcert.co.uk
Crocker Digital Ltd, Company No. 17008789