Privacy Policy

Effective 19 Apr 2026

This Privacy Policy explains what information Citraka, Inc. ("Citraka", "we") collects when you use SmasHaven, how we use it, who we share it with, and the controls you have. Citraka is the data controller. SmasHaven is a product of Citraka.

Contents
  1. Information we collect
  2. How we use information
  3. Who we share information with
  4. Analytics & feature flags
  5. How we protect information
  6. How long we keep information
  7. Your rights & choices
  8. Children
  9. Cookies
  10. International transfers
  11. Changes
  12. Contact

1. Information we collect

What you give us

What we collect automatically

What we do not collect

2. How we use information

We use the information we collect to:

3. Who we share information with

We share information only with:

We do not sell, rent, or trade your personal information to any third party for marketing, profiling, or advertising purposes.

4. Analytics & feature flags

SmasHaven uses first-party analytics — Citraka runs the event pipeline on its own servers. Events are named actions (search.open, place.rate) tied to your numeric user id. Event property bags are capped at 5 KB and are schema-enforced to reject PII-shaped keys (email, phone, address). We use these events to decide which features work and ramp the ones that do.

You can see the admin view of what's collected at yourhost/dashboard (admin users only).

Feature flags control which parts of the product are visible to which cohort. Flag status per user is derived from a keyed hash of your user id — the same user gets a stable experience day-to-day without us storing a per-user flag table.

5. How we protect information

No system is perfectly secure. We do our best; you should use a unique, strong password and keep your device locked.

6. How long we keep information

7. Your rights & choices

Regardless of where you live, you can:

If you're in the EU/EEA, UK, Brazil, or California you have additional rights under GDPR, UK-GDPR, LGPD, and CCPA — access, rectification, erasure, portability, restriction, and objection. Reach out to the same email and we'll honour the request within the applicable window (30 days under GDPR; 45 days under CCPA).

8. Children

SmasHaven is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have, email [email protected] and we'll delete the account.

9. Cookies

The mobile app uses no cookies. The web admin dashboard uses a single session cookie for authentication and a CSRF cookie on the refresh path. Both are strictly necessary and do not track you across sites.

10. International transfers

Citraka is based in the United States. If you use SmasHaven from outside the US, your information will be transferred to and processed in the US. Where required, we rely on standard contractual clauses to protect the transfer.

11. Changes

We may update this Privacy Policy. Material changes will be surfaced in-app. The "Effective" date at the top of this document always reflects the current version.

12. Contact

Privacy questions or requests: [email protected]