Legal

Privacy Policy

How we collect, use, and protect your personal information.

Privacy Policy

Privacy Policy

Effective date: 9 February 2026

Last updated: 9 February 2026

CraftItPro ("we", "us", "our") operates the website craftitpro.com (the "Site"). This Privacy Policy explains what personal information we collect, how we use it, to whom we disclose it, how we disclose it, and what security measures we have in place to protect it.

1. Information We Collect

We collect the following categories of personal information:

  • Account information: email address and password (encrypted) when you create an account via Firebase Authentication.
  • Contact information: full name, phone number, and email address when you submit a service request, call request, or enquiry form.
  • Service request details: preferred service type, preferred time slot, specialist preference, and project notes you provide.
  • Payment information: payment transaction identifiers, amounts, and payment status. Your card number, expiry date, and CVC are collected and processed exclusively by Stripe and are never stored on or transmitted through our servers.
  • Technical information: IP address, browser type, device type, and pages visited, collected automatically through standard web server logs.

2. How We Use Your Information

We use the collected information for the following purposes:

  • Service delivery: to process and manage your service requests, schedule appointments, and coordinate projects.
  • Communication: to send confirmation emails, project updates, payment receipts, and respond to your enquiries.
  • Payments: to facilitate deposit and final payments through Stripe Hosted Checkout.
  • Account management: to authenticate your identity, manage your account, and provide access to your project dashboard.
  • Service improvement: to understand how our Site is used and improve our services.

3. How We Share Your Information

We share personal information only in the following circumstances and with the following parties:

  • Firebase (Google Cloud): we use Firebase for authentication, database (Firestore), and cloud functions. Your account data and service requests are stored in Firebase infrastructure located in the EU (europe-west1). Firebase processes data in accordance with Google Cloud's data processing terms.
  • Stripe: we use Stripe to process payments. When you make a payment, you are redirected to Stripe's hosted checkout page. Stripe collects and processes your payment card details directly. We receive only transaction identifiers and payment status. See Stripe's privacy policy.
  • Email provider (SMTP): we use a third-party email service to send transactional emails (confirmations, updates). Only your email address and name are shared for this purpose.
  • Legal requirements: we may disclose your information if required by law, court order, or governmental authority.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Method of Disclosure

All data sharing with third-party processors occurs through encrypted channels:

  • Firebase: data is transmitted via HTTPS/TLS-encrypted API calls to Google Cloud servers in the EU.
  • Stripe: payment data is transmitted via HTTPS redirect to Stripe's PCI DSS Level 1 certified checkout page.
  • Email: transactional emails are sent via TLS-encrypted SMTP connections.

We do not share data through any unencrypted or public channels.

5. Data Storage and Security

We implement the following security measures to safeguard your information:

  • Encryption in transit: all data transmitted between your browser and our Site is encrypted using HTTPS (TLS 1.2+).
  • Encryption at rest: data stored in Firebase Firestore is encrypted at rest using Google Cloud's default encryption.
  • Authentication security: passwords are hashed by Firebase Authentication and are never stored in plain text. We encourage users to use strong, unique passwords.
  • Payment security: we do not store, process, or have access to your payment card details. All payment processing is handled by Stripe, a PCI DSS Level 1 certified service provider.
  • Access control: access to customer data is restricted to authorised staff through role-based access controls enforced by Firebase security rules.
  • Server security: our hosting infrastructure uses SSH key-based authentication and is regularly updated.

6. Data Retention

  • Account data is retained for as long as your account is active.
  • Service request and project data is retained for up to 7 years for tax and legal compliance purposes.
  • You may request deletion of your account and personal data at any time by contacting us.

7. Your Rights

Under the General Data Protection Regulation (GDPR) and Irish data protection law, you have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your personal data ("right to be forgotten").
  • Restriction: request that we limit how we process your data.
  • Portability: request your data in a structured, machine-readable format.
  • Objection: object to the processing of your data for certain purposes.

To exercise any of these rights, contact us at spiatkowski@craftitpro.cloud.

8. Cookies & Analytics

Our Site uses the following cookies:

Essential cookies: Firebase Authentication session management cookies, required for login functionality.

Analytics cookies: We use Google Analytics 4 (measurement ID: G-R2K86BQY3Q) to understand how visitors use our Site. Google Analytics sets cookies (including _ga and _ga_*) to distinguish unique users and track session information. This data is processed by Google and helps us improve our services. You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on.

We do not use advertising cookies or third-party tracking cookies beyond Google Analytics.

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

11. Contact

If you have questions about this Privacy Policy or our data practices, please contact:

CraftItPro
Email: spiatkowski@craftitpro.cloud
Ireland

Terms of Service Customer Support