Last updated: March 5, 2026
This Privacy Policy describes how Cria.al ("Cria", "we", "us", "our") collects, uses, stores, and discloses personal information from users ("you", "your") of our car rental marketplace. This policy applies to all users, including clients (renters) and lessors (car rental businesses). By creating an account or using Cria.al, you consent to the data practices described in this policy.
1. Information We Collect
We collect different types of information depending on how you interact with our platform:
Personal Information (provided by you):
- Name (first and last name)
- Email address
- Phone number and country code
- Address, city, postal code, and country
- Profile photo (if uploaded or provided via Google/Facebook login)
Business Information (for lessors):
- Business name and service area locations
- Business hours and configuration settings
- Vehicle listings, pricing, and availability data
Technical and Usage Data (collected automatically):
- IP address, browser type and version, operating system, and device type
- Pages visited, actions taken on the platform, and referral sources
- Session data and cookies (see Section 3 for details)
- Request identifiers for technical support and security monitoring
2. How We Use Your Information
We use the information we collect for the following purposes:
- To create, manage, and secure your account
- To process reservations, payments, cancellations, and refunds
- To facilitate communication between clients and lessors, including in-app messaging
- To send transactional notifications about your reservations via email, WhatsApp, and web push notifications
- To operate the reservation recovery system when a lessor declines a booking, which may involve sharing your booking details with alternative lessors
- To provide customer support and respond to your inquiries
- To improve our platform, analyse usage patterns, and personalize your experience
- To comply with legal obligations and prevent fraud or misuse of the platform
3. Cookies and Tracking Technologies
Cria.al uses cookies and similar tracking technologies to operate the platform and improve your experience. By using our platform, you consent to the use of these technologies as described below:
Essential Cookies:
- Session cookies — required for authentication, form submissions, and maintaining your browsing session. These are strictly necessary and cannot be disabled.
- Security cookies — CSRF tokens and encrypted cookies used to protect against cross-site attacks.
Analytics and Performance:
- Google Analytics (GA4) — used to understand how visitors interact with our platform, including page views, traffic sources, and user behaviour. Data is processed by Google LLC.
- Google Tag Manager — used to manage and deploy tracking scripts on the platform.
- Trackdesk — used to track affiliate referrals and advertising conversions.
Marketing and Advertising:
- Google Ads — used to measure advertising conversions and optimize our marketing campaigns.
- Meta (Facebook) Pixel — used to measure advertising effectiveness and deliver targeted ads on Meta platforms.
Customer Support:
- Crisp — a live chat widget that allows you to communicate with our support team in real time. Crisp may store conversation data and use cookies to identify returning visitors.
4. Payment Processing
Cria.al does not store your credit card numbers or sensitive payment details. All payments are processed by our third-party payment providers: Stripe (primary) and PokPay (regional alternative). When you make a reservation, your payment information is transmitted directly to the payment provider using industry-standard encryption. We only store a reference identifier (transaction ID) and payment status for record-keeping. Stripe may store your payment method securely to enable faster future transactions and to support the reservation recovery feature. For more information, please refer to the privacy policies of Stripe (stripe.com/privacy) and PokPay.
5. Sharing of Information
We may share your personal information with third parties in the following circumstances:
- With lessors — when you make a reservation, the lessor receives your name, contact details, and booking information necessary to fulfill the rental. After the lessor accepts a reservation, both parties can communicate via our in-app messaging system.
- With payment processors — Stripe and PokPay process your payment information to authorize, capture, and refund transactions.
- With service providers — we use trusted third-party services for email delivery, WhatsApp messaging, web hosting, analytics, and customer support. These providers process data on our behalf and are contractually obligated to protect your information.
- For legal compliance — we may disclose information in response to lawful requests by public authorities, including to comply with court orders, subpoenas, or law enforcement requests.
- To protect rights and safety — we may share information if we believe it is necessary to protect the rights, property, or safety of Cria.al, our users, or the public.
6. Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted cookies, secure HTTPS connections, hashed passwords (bcrypt), CSRF protection, rate limiting on authentication endpoints, and automated sensitive data redaction in our logging systems. However, no method of electronic transmission or storage is completely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.
7. Data Retention
We retain your personal information for as long as your account is active or as needed to provide our services. Reservation and payment data is retained to fulfill legal, accounting, and audit obligations, and to resolve disputes. If you request account deletion, we will mark your account as deleted and disable login access. Some data (such as transaction records and reservation history) may be retained in anonymized or pseudonymized form for legal and business purposes even after account deletion. Password reset tokens expire after 60 minutes and are automatically cleaned up.
8. Your Rights
You have the following rights regarding your personal data:
- Right of access — you may request a copy of the personal data we hold about you.
- Right to rectification — you may update or correct your personal information through your account settings at any time.
- Right to deletion — you may request deletion of your personal data or delete your account directly from your account settings.
- Right to object — you may object to certain processing of your data, including marketing communications.
- Right to data portability — you may request your personal data in a structured, commonly used format.
To exercise any of these rights, please contact us at info@cria.al or visit our Contact page at https://cria.al/contact-us. We will verify your identity and process your request within 30 days. Some data may be retained where required by law or for legitimate business purposes.
9. Third-Party Links and Services
Our platform may contain links to third-party websites, services, or applications, including social login providers (Google, Facebook), payment processors (Stripe, PokPay), and advertising platforms. We are not responsible for the privacy practices, content, or security of these third-party services. We encourage you to review the privacy policies of any third-party service before providing your personal information.
10. Children's Privacy
Cria.al is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately so that we can take steps to delete such information.
11. International Data Transfers
Your information may be processed and stored on servers located outside of Albania, including in the European Union and the United States, where our service providers (such as Stripe, Google, and Meta) operate. When data is transferred internationally, we ensure that appropriate safeguards are in place to protect your personal information in accordance with applicable data protection laws.
12. Changes to This Policy
We reserve the right to update or modify this Privacy Policy at any time. Changes will be effective immediately upon posting on our platform. We will update the "Last updated" date at the top of this page when changes are made. Your continued use of Cria.al after any modifications constitutes your acceptance of the revised policy. For significant changes, we may notify registered users via email.
Contact Us
If you have any questions or concerns about this Privacy Policy, or if you would like to exercise your rights regarding your personal information, please contact us at info@cria.al .
