Last updated November 25, 2026 Effective immediately
Cranky Digital SRL · RD privacy@cranky.do →
Cranky / Privacy Policy
Legal · Privacy

Privacy Policy.

This policy explains what data we collect, how we use it, who we share it with, and the rights you have over it — across every brand we operate. Plain English wherever the law lets us.

Last updated · November 25, 2026 Version · 3.2 Jurisdiction · Dominican Republic Applies to · cranky.do + all brands

01Introduction

Cranky Digital SRL ("Cranky", "we", "us") is a software company headquartered in Santo Domingo, Dominican Republic. We operate a portfolio of digital brands — CrankyUP, CrankyHost, RIEMSA, steal.lat and CrankyCards — plus internal tools and discontinued legacy services.

This Privacy Policy applies to all visitors and customers of cranky.do and any of the brand websites listed above, unless a specific brand publishes its own policy that takes precedence on its own domain.

TL;DR. We collect what we need to deliver the services you ask for. We don't sell your data. We honour deletion requests. If anything in here worries you, write to privacy@cranky.do.

02Who we are

Cranky Digital SRL · Registered in the Dominican Republic. Headquartered in Santo Domingo. Established 2016. We are the data controller for personal information processed through cranky.do and each Cranky-operated brand.

Legal entityCranky Digital SRL
AddressSanto Domingo · Distrito Nacional · Rep. Dom.
Emailprivacy@cranky.do
Data Protection OfficerReachable at the email above

03Data we collect

We collect different categories of data depending on how you interact with us.

Information you give us directly

  • Account information — email, username, hashed password, profile name and preferences.
  • Billing information — name, address, payment method details (handled by our payment processors), invoice history.
  • Support correspondence — emails, chat messages and ticket attachments you send us.
  • Order details — the products, services, links or quantities you request on any Cranky brand.

Information we collect automatically

  • Technical data — IP address, device type, operating system, browser, referrer URL, language.
  • Usage data — pages visited, features used, time spent, error logs.
  • Cookies and similar technologies — see section 06 for details.

Information from third parties

  • Payment confirmations from Mercado Pago, OXXO, Stripe-style processors, crypto gateways and bank rails.
  • Authentication data if you sign in through Google or Supabase Auth (on steal.lat).
  • Anti-fraud signals from our fraud-prevention partners (no biometric data).

04How we use your data

We use your information for the following purposes — each tied to a lawful basis:

PurposeExamplesLawful basis
Service deliveryProcess orders, send confirmations, deliver productsContract
Account managementAuthenticate logins, manage settings, reset passwordsContract
Customer supportRespond to your questions and ticketsContract / legitimate interest
Billing & accountingCharge, refund, generate invoices, comply with tax lawContract / legal obligation
Service improvementDiagnose bugs, monitor performance, analyticsLegitimate interest
Fraud preventionDetect chargebacks, abuse, automated scriptsLegitimate interest / legal obligation
MarketingProduct updates, occasional promotions to existing customersConsent / legitimate interest

05Who we share data with

We do not sell your personal data. We share it only with the categories of recipients listed below, and only when necessary.

  • Service providers — hosting, email delivery, payments, analytics, customer support tooling. Bound by contract to use your data only on our instructions.
  • Payment processors — Mercado Pago, OXXO, Payeer, Cryptomus, USDT/TRC20 networks. They process payment data directly under their own privacy policies.
  • Between Cranky brands — if you have accounts on multiple Cranky brands, we may share account-level signals (e.g. an abuse flag) to keep all of them safe.
  • Legal authorities — when required by Dominican law or a valid order from a competent jurisdiction.
  • Successors — in the unlikely event of a merger or acquisition, your data may transfer to the new owner with notice to you in advance.

06Cookies & similar tech

We use cookies and similar technologies to make our products work, to remember your preferences, and to understand aggregate usage.

  • Strictly necessary — login session, security tokens, language and region preferences. Cannot be disabled.
  • Functional — remember what you put in your cart, your theme preference, etc.
  • Analytics — privacy-respecting analytics (self-hosted Plausible-style). We do not use cross-site advertising trackers.

You can clear cookies from your browser at any time. Disabling strictly-necessary cookies will break parts of the service.

07Third-party services we use

Each of the following processors may receive a limited slice of your data to perform its job. We've chosen vendors that meet our security and privacy standards.

ServicePurposeData
CloudflareDDoS protection, CDNIP, headers, request metadata
SupabaseAuth & DB (steal.lat)Email, hashed password, app data
Mercado PagoPayments (LATAM)Name, payment instrument
OXXO PayCash payments (México)Order ref, amount
Cryptomus / USDTCrypto paymentsWallet address, tx hash
Postmark / ResendTransactional emailEmail address, send logs

08Your rights

Wherever you live, you have the following rights with respect to your personal data. We honour them whether or not local law forces us to.

  • Access — request a copy of the data we hold about you.
  • Rectification — ask us to correct anything inaccurate.
  • Erasure — ask us to delete your data (limits apply for ongoing services or legal obligations).
  • Portability — ask for your data in a machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — opt out of marketing emails or any consent-based processing at any time.

To exercise any of these, write to privacy@cranky.do from the email associated with your account. We respond within 15 business days.

09Data retention

We keep your data only as long as we need it for the purpose we collected it.

  • Active accounts — for as long as your account exists.
  • Closed accounts — anonymised within 90 days unless legal hold applies.
  • Billing records — kept up to 10 years for tax compliance (Rep. Dom. requirement).
  • Support tickets — kept up to 24 months for service-quality review, then deleted.
  • Server logs — rotated and deleted within 30 days unless flagged for security review.

10Security

We take security seriously — it's the difference between staying in business and shutting down. Among other things:

  • Encryption in transit for everything (TLS 1.2+).
  • Encryption at rest for sensitive data and backups.
  • Strict access control — only the people who need data have access to it, audited monthly.
  • Independent infrastructure — our products run on infrastructure we own and operate at CrankyHost.
  • Vulnerability disclosure — write to security@cranky.do. We don't sue researchers acting in good faith.
No system is perfect. If we ever suffer a breach affecting your data, we will notify you within 72 hours of becoming aware of it, in line with international best practice.

11Minors

Our services are not directed to children under 13 (or under the age of digital consent in your country, where higher). We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact privacy@cranky.do and we will delete it promptly.

12Changes to this policy

We may update this policy from time to time. Material changes will be announced on cranky.do and, for active customers, via email at least 14 days before they take effect. The "Last updated" date at the top of this page always reflects the latest revision.

13Contact us

If you have any question about this policy or how we treat your data, reach out — we read everything.