Privacy Policy

Effective Date: 2026-04-29 · Version 1.0

The short version

CrewPoint is a collaborative app — unlike Sanctuary, we do collect data tied to your identity. This page tells you exactly what, why, and how long.

What we collect

  • Account: email address, display name, profile photo (if you add one), and the authentication provider you used (email, Google, or Apple).
  • Profile (optional): Venmo handle, CashApp handle. Used only to construct deep links into those apps when settling balances. We never call those services on your behalf.
  • Event content you create: events, tasks, expenses, expense splits, receipt images, chat messages.
  • Membership data: which events you belong to and your role in each (owner, admin, member).
  • Push tokens: Firebase Cloud Messaging tokens for opt-in urgent message notifications. Stored under your user document.

What we don't collect

  • Location data.
  • Browsing history outside CrewPoint.
  • Contacts list.
  • Payment card details — settlements happen inside Venmo / CashApp; CrewPoint only opens the deep link.

Where it lives

All data is stored in Google Firebase (Cloud Firestore for structured data, Cloud Storage for receipt images). Receipts are served only to authenticated members of the event the receipt belongs to. Server-side Firebase rules enforce access at the protocol layer; client-side gating is double-enforcement, not the sole defense.

Sharing

We do not sell your data. We do not run ads. We do not share your data with third parties except:

  • Google Firebase, our infrastructure provider, processes data on our behalf under their data-processing terms.
  • Apple, Google, or your email provider, when you sign in via that provider.
  • Venmo and CashApp, only the deep links you trigger by tapping "Settle"; we don't share data outside those URLs.

Retention and deletion

Account data persists until you request deletion. Profile → Delete account triggers a Cloud Function that:

  • Anonymizes your contributions to events that have other members (so the group's shared record stays intact but your name is replaced with "(no longer in event)").
  • Deletes events where you were the sole member.
  • Removes your receipt images from Cloud Storage.
  • Removes your Firestore user document and your Firebase Auth account.

Backups may persist for a short window beyond deletion as part of Firebase's standard backup cadence; we don't restore individual users from those backups.

Your rights

Whatever your jurisdiction grants you (GDPR, CCPA, etc.) applies here. You can request a data export or deletion at privacy@sookoon.space — we'll respond within the deadline required by your local law.

Changes

Material changes are flagged on the home screen on next sign-in. Minor edits update the Effective Date at the top of this page.

Questions? privacy@sookoon.space.

Last updated: 2026-04-29