Privacy Policy

1. Who We Are (Controller)

This Privacy Policy explains how CRETAN (represented by Stephan Christopher Kuehn, 71500 Achlada, Heraklion (Crete), GREECE) collects and uses your personal data when you interact with the Kri-Kri Movement via our website or app. For any privacy concerns, contact us at yassou@cretan.com.

2. The Basics: How This Works

We do not ask you to create a password-protected account. Instead, we link your participation to your email address and the specific unique identifier code of the Kri-Kri stone you have found. We collect data only when you actively interact with us (e.g., registering a find, logging a mission, or releasing a stone).

3. Data We Collect

We collect only the data necessary to make the Kri-Kri app and community experience work. When you interact with a Kri-Kri stone, we may collect the following:

• Identity Data: Your Name or Nickname (Publicly visible) and Email Address (Private).
• Stone Data: The unique identifier code of the stone you found.
• Location Data: The geographic coordinates where you found or released a stone. You provide this either by granting one-time access to your device's GPS or by manually pinning the location on our map.
• Visual Data: Photos you upload of the stone or its location.
• Mission Data: Your responses to the specific missions associated with the stone (e.g., "Mission Complete").

4. How We Use Your Data (Purpose & Legal Basis)

We process your data for the following specific purposes under GDPR:

• To Become a Guardian (Performance of Contract): We use your email when you register a stone to send you the specific mission attached to your stone, to notify you when the stone needs to be released, and to notify you when the stone you released is found by someone else.
• To Map the "Herd" (Consent): We use the location data and photos you provide to update the global map of Kri-Kri stones. This allows us to visualize the movement of the stones across the world.
• To Build the Community (Legitimate Interest): We display your Nickname or Name and the location of your find/release on our public Map.
• To Contact You (Consent): If you opt-in, we may use your email to send you updates about the CRETAN movement and future travel experiences. You can unsubscribe from these at any time via the link in the footer.

5. Public vs. Private Data

To protect your privacy, we distinguish between what is shown to the world and what stays with us:

• PUBLIC (Visible on the Map): Your Nickname or Name, your Photo of the stone, the Date of the find, and the Location of the stone.
• PRIVATE (Hidden): Your Email address.

You grant us the right to display your Photo of the stone on the App, Website, and our Social Media channels to promote the movement. Please avoid uploading photos that reveal sensitive private information (e.g., house numbers, license plates, or faces of non-consenting individuals).

6. Data Retention

Since there are no accounts to delete, we retain your email and interaction history associated with the specific stone ID.

• We keep this data for as long as the Kri-Kri project is active to maintain the integrity of the Map.
• If you wish to be removed, simply email us at yassou@cretan.com, and we will anonymize your entry (replacing your name with "Anonymous Guardian" and deleting your email from our database).

7. Third Parties

We do not sell your data. We share it only with trusted service providers necessary to run the App:

• Mapping Services: (e.g., Google Maps/MapTiler) to display the locations.
• Email Services: (e.g., Mailchimp, Resend) To send notifications and updates.
• Hosting Providers: (e.g., Google Cloud) To store the database securely.

All providers are vetted for GDPR compliance.

8. Your Rights

Under the GDPR, you have the right to:

• Access the personal data we hold about you.
• Correct any inaccurate data.
• Delete your data ("Right to be Forgotten").
• Withdraw Consent for marketing or location processing at any time.

To exercise any of these rights, please contact us at yassou@cretan.com.