OpenCrustOpenCrustAI doing one useful thing.

// Privacy

Privacy Policy

OpenCrust collects the minimum data needed to get pizza to the right place, handle payment safely, and support the order. We do not sell your data, target ads at you, or pass it along to anyone who does not need it to make your pizza land.

Pre-launch draft / updated May 2026

Our promise

OpenCrust is promise-focused, not profit-focused. We collect the minimum data needed to get pizza to the right place, handle payment safely, and support the order. We do not sell your data. We do not use it to target ads. We do not share it with anyone who does not need it to make your order land.

Information we collect

Account information you give us: name, email, phone number, and beta invite code.

Order information: delivery address, delivery coordinates after you tap to share them, order contents, order status, time stamps, restaurant confirmation, and any notes you add for the kitchen.

Payment references: tokenized identifiers issued by Stripe, our payment processor (customer id, payment method id, payment intent id). We do not collect or store raw card numbers, CVC values, or full payment credentials.

Device and usage information: basic device type, app version, and operational logs that help us diagnose problems. We do not fingerprint your device for advertising.

Support communications: messages you send us through the support form, attachments, and operator notes related to your case.

Site analytics: aggregate page views, waitlist submission outcomes, and request-access button clicks, collected by Vercel Analytics in a cookieless way on the public site. We do not log full email addresses, phone numbers, addresses, payment details, auth tokens, or free-form support messages in analytics.

How we use your information

To create and manage your account and beta access.

To process payments, place orders with restaurants, and coordinate delivery.

To send order status updates and respond to support requests.

To prevent duplicate orders, fraud, and abuse, and to keep audit evidence for disputes.

To improve the app: diagnose crashes, measure feature use, and find friction in the order flow. This is done with the minimum data needed.

To meet legal obligations including tax, accounting, and lawful requests from authorities.

Who we share information with

Restaurants: when you place an order, we share the information needed to fulfill it (your first name, delivery address, order contents, contact phone). We share what the kitchen and driver need, and nothing more.

Payment processor: Stripe handles card entry and money movement. Stripe receives what it needs to process the transaction. We receive only tokenized references back. OpenCrust does not see your raw card details. Stripe is independently certified PCI DSS Level 1 and is governed by its own privacy policy.

Hosting and infrastructure providers: services that run the website, app backend, and database under standard data-processing agreements.

Support and operations tooling: providers we use to respond to your messages and manage cases, under standard data-processing agreements.

Analytics: Vercel Analytics, in a cookieless aggregated form on the public site only.

Legal and safety: if required by law, subpoena, or to protect the safety of users, restaurants, or our team, we may share information with authorities.

We do not sell your personal information. We do not share it with data brokers. We do not let third-party advertisers track you through our app or site.

Location

OpenCrust requests foreground location only after you tap to share it, and only to estimate delivery availability and send pizza to the right place.

OpenCrust does not request background location. We do not track you when the app is closed.

Your rights

You can access, correct, or delete your information by writing to privacy@opencrust.app. We may need to verify your identity and order ownership before disclosing or changing anything.

If you live in California, you have rights under the CCPA/CPRA including the right to know what we collect, the right to delete, the right to correct, and the right to opt out of any sale or sharing of personal information. We do not sell or share your information for cross-context behavioral advertising.

If you live in the EU, UK, or other jurisdictions with similar laws, you have analogous rights of access, correction, erasure, restriction, portability, and objection. We will respond to verified requests within the time frames required by applicable law.

You can opt out of marketing emails at any time using the unsubscribe link. Transactional and order-related messages are required to operate the service and cannot be opted out of while you have an active account.

Retention

We keep order, payment-reference, delivery, and support records for as long as needed to fulfill orders, process refunds, defend against disputes, prevent fraud, meet accounting and tax requirements, and provide customer support.

When data is no longer needed for those purposes, we delete it or anonymize it. Specific retention periods may vary by data type and will be finalized through legal and operations review before public launch.

Security

We use reasonable administrative, technical, and physical safeguards to protect your information. Payment data is handled by a PCI-compliant processor. Account passwords (if used) are stored only as hashes.

No service can promise perfect security. If we learn of a security incident that affects your information, we will notify affected users and authorities as required by applicable law.

Children's privacy

OpenCrust is not intended for children. During the beta program, the service is limited to users 18 and older. At public launch, the minimum age may be reduced subject to applicable law, and we will update this policy accordingly.

If you believe a child under 13 has provided us with information, write to privacy@opencrust.app and we will delete it.

International users

OpenCrust is operated from the United States. If you access OpenCrust from outside the US, your information will be transferred to and processed in the US, which may have data-protection laws different from those of your country.

By using the service from outside the US, you consent to that transfer and processing.

Changes to this policy

We may update this policy as the product, legal landscape, or business changes. When we do, we will update the date at the top of this page and, for material changes, notify users by email or in-app notice.

Your continued use of the service after a change takes effect means you accept the updated policy.

Contact us

Privacy questions, data requests, or concerns: privacy@opencrust.app.

General support: support@opencrust.app.

Legal entity: OpenCrust LLC, a California limited liability company. Mailing address available on written request.

This policy may be updated as the product, legal landscape, or business changes.