Privacy Policy
Last updated: June 27, 2026
This Privacy Policy explains how HyperFixation Labs (“Crates,” “we,” “us,” or “our”) collects, uses, and shares information when you use the Crates website at crate.ing, the Crates iOS app, our browser extension, and related services (together, the “Service”). Crates lets you save links and files, then transcribes, summarizes, tags, and organizes them so you can search, ask about, and share what you collect.
By using the Service you agree to this Policy. If you do not agree, please do not use the Service.
1. Information we collect
Account information
When you create an account we collect your email address (used for magic-link sign-in), and any profile details you choose to add, such as a display name, nickname, and profile picture. We use Supabase for authentication and database storage.
Content you add
The Service is built around content you choose to save. This includes:
- Links and URLs you paste, share, or save through the app, extension, or iOS share sheet.
- Files you upload, such as images, PDFs, audio, and video.
- Notes, tags, crate names, and other text you create to organize your saves.
- Data we derive from your saved content, including transcripts, summaries, extracted text, tags, and vector embeddings used for search.
To process a saved link, we fetch and render the linked page or media on your behalf (using headless-browser and media-extraction providers). Content behind logins or paywalls is only accessed when you explicitly provide it.
Usage and personalization data
We collect how you interact with the Service — searches you run, questions you ask, items you save or open, and similar engagement signals. We use these signals to build a personalized “taste graph” that tailors search results, recommendations, and reflections to your interests.
Device and technical data
- Device push tokens, so we can send you notifications on iOS (via Apple Push Notification service). You control whether push is enabled.
- Standard log and technical data such as IP address, browser or device type, and timestamps, collected by our hosting providers and our error monitoring.
- Aggregate, privacy-friendly web analytics about page performance and visits.
Cookies and local storage
We use cookies and browser local storage that are necessary to keep you signed in and to remember preferences such as your theme. We do not use third-party advertising cookies to track you across other sites unless a specific, separately disclosed feature is enabled.
2. How we use information
We use the information described above to:
- Provide the core Service — transcribe, summarize, tag, organize, search, and answer questions about your saved content.
- Personalize your experience, including taste-based search, discovery, and reflections.
- Send you transactional and lifecycle email (for example, sign-in links and digests you have opted into) and push notifications you have enabled.
- Maintain security, prevent abuse, debug, and improve the Service.
- Comply with legal obligations.
3. AI processing of your content
Crates uses third-party AI providers — currently Anthropic (Claude) and OpenAI — to transcribe, summarize, tag, embed, and answer questions about your content. To do this, the relevant content (or text derived from it) is sent to these providers’ APIs for processing and returned to us.
4. Service providers we share with
We do not sell your personal information. We share information only with vendors that process it on our behalf to operate the Service, under contractual confidentiality and security obligations. These include:
- Supabase — authentication, database, and file storage.
- Anthropic and OpenAI — AI transcription, summarization, embeddings, vision, and chat.
- Exa — web search and discovery.
- Resend — transactional and digest email.
- Apple Push Notification service — iOS push notifications.
- Browserless and Cobalt — rendering and extracting content from links you save.
- Sentry — error monitoring and reliability.
- Railway and Vercel — application hosting and infrastructure.
We may also disclose information if required by law, to enforce our terms, to protect the rights, safety, and security of our users or the public, or in connection with a merger, acquisition, or sale of assets (in which case we will notify you of any change in how your information is handled).
5. Sharing between users
Some features let you share with others — for example, sharing a crate or sending a connection request. Content is shared only when you take an explicit action to share it. Connection requests are email-gated and designed to avoid revealing one user’s identity to another without consent. Your private saves remain private to you.
6. Data retention and deletion
We keep your information for as long as your account is active or as needed to provide the Service. You can delete individual saves and crates at any time within the app.
7. Your rights and choices
Depending on where you live, you may have rights to access, correct, delete, or export your personal information, and to object to or restrict certain processing. To exercise any of these, contact us at hello@crate.ing. You can opt out of digest and marketing email at any time using the unsubscribe link or your in-app preferences, and you can disable push notifications in your device settings.
California residents (CCPA/CPRA)
We do not sell or “share” personal information as those terms are defined under California law. California residents may exercise their rights to know, delete, and correct by contacting us at the address above. We will not discriminate against you for exercising these rights.
EU/UK residents (GDPR)
If you are in the European Economic Area or the United Kingdom, our legal bases for processing are: performance of our contract with you (to provide the Service), your consent (for optional communications), and our legitimate interests (to secure and improve the Service). You may lodge a complaint with your local supervisory authority.
International transfers
We operate in the United States, and our service providers may process data in the United States and other countries. Where required, we rely on appropriate safeguards for international transfers.
8. Children’s privacy
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us personal information, contact us at hello@crate.ing and we will delete it.
9. Security
We use reasonable technical and organizational measures to protect your information, including encryption in transit and row-level access controls that scope your data to your account. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
10. Changes to this Policy
We may update this Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you in the app or by email. Your continued use of the Service after changes take effect means you accept the updated Policy.
11. Contact us
HyperFixation Labs, the company behind Crates. Questions or requests about this Policy or your data: email hello@crate.ing.