Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

• Account Information: Name, email address, password (hashed), and profile details when you register for an account
• Payment Information: Billing address, payment card details, and transaction history processed through Stripe (we do not store full card numbers on our servers)
• User Content: Landing page content, images, text, and configuration settings you create through the Service
• Communications: Messages you send to us via email or support channels

1.2 Information Collected Automatically

• Device and Usage Data: IP address, browser type and version, operating system, device identifiers, referring URLs, pages visited, time spent on pages, and clickstream data
• Cookies and Similar Technologies: We use essential cookies for authentication and session management, and analytics cookies to understand how the Service is used. See Section 7 (Cookies) below for details
• Log Data: Server logs recording requests made to the Service, including timestamps, IP addresses, and request parameters

1.3 Information from Third Parties

• OAuth Providers: If you sign in via Google or GitHub, we receive your name, email address, and profile picture from those services
• Payment Processor: Stripe may provide us with transaction confirmations, payment status, and limited billing information

1.4 Subscriber Data

When individuals sign up for your landing pages (your “Subscribers”), we collect their email address, name (if provided), IP address, referral source, and timestamp on your behalf. You are the data controller for Subscriber Data; we process it as your data processor solely to provide the Service. You are responsible for providing appropriate privacy notices to your Subscribers and obtaining any required consents.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, maintain, and improve the Service
• To process transactions, manage subscriptions, and send billing-related communications
• To authenticate your identity and maintain account security
• To send transactional emails (verification, password reset, welcome, and referral notifications)
• To provide customer support and respond to inquiries
• To generate aggregated, anonymized analytics about Service usage
• To detect and prevent fraud, abuse, and security threats
• To enforce our Terms of Service and Acceptable Use Policy
• To comply with legal obligations and respond to lawful requests
• To send service-related announcements (e.g., planned maintenance, policy changes, new features)

We do not sell your personal information. We do not use your personal information for automated decision-making or profiling that produces legal or similarly significant effects.

3. Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we process your personal data under the following legal bases:

• Contract Performance: Processing necessary to fulfill our contractual obligations to you (e.g., providing the Service, processing payments)
• Legitimate Interests: Processing necessary for our legitimate interests (e.g., fraud prevention, service improvement, security) where those interests are not overridden by your rights
• Consent: Where you have given explicit consent (e.g., optional analytics cookies). You may withdraw consent at any time
• Legal Obligation: Processing necessary to comply with applicable law

4. Sharing and Disclosure of Information

We may share your information in the following circumstances:

• Service Providers: We share data with third-party service providers who assist us in operating the Service, including:
  • Stripe (payment processing)
  • Amazon Web Services (hosting, email delivery via SES, file storage via S3)
  • Vercel (web hosting and CDN)
  • Neon (database hosting)
  These providers are contractually obligated to use your data only to provide services to us and in accordance with applicable law.
• Integrations You Enable: If you connect third-party integrations (e.g., Kit/ConvertKit, Mailchimp, Zapier), Subscriber Data may be transmitted to those services as you direct. Such transfers are governed by those services’ own terms and privacy policies
• Legal Compliance: We may disclose information if required by law, regulation, legal process, or governmental request, or to protect our rights, property, or safety or that of others
• Business Transfers: In connection with a merger, acquisition, bankruptcy, dissolution, or similar transaction, your data may be transferred as a business asset
• Aggregated/Anonymized Data: We may share aggregated or de-identified data that cannot reasonably be used to identify you

5. International Data Transfers

The Service is operated from the United States. If you are located outside the United States, your personal data will be transferred to and processed in the United States and potentially other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

For transfers of personal data from the EEA, UK, or Switzerland, we rely on applicable transfer mechanisms including Standard Contractual Clauses (SCCs) as adopted by the European Commission, or other lawful transfer mechanisms. By using the Service, you acknowledge and consent to the transfer and processing of your data in the United States.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. After account deletion, we may retain certain data for up to 30 days in backups and for a longer period where required by law (e.g., tax records, fraud prevention). Anonymized or aggregated data that cannot identify you may be retained indefinitely for analytics and business purposes.

Subscriber Data is retained as long as your account is active. Upon account termination, Subscriber Data is typically deleted within 30 days, subject to legal retention requirements.

7. Cookies and Tracking Technologies

We use the following categories of cookies:

• Essential Cookies: Required for the Service to function (authentication, session management, security). These cannot be disabled
• Analytics Cookies: Help us understand how visitors interact with the Service. These are only set with your consent
• Preference Cookies: Remember your cookie consent choice and display preferences

You can manage your cookie preferences through the cookie banner displayed on your first visit, or through your browser settings. Note that disabling essential cookies may impair Service functionality.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including encryption in transit (TLS/HTTPS), hashed passwords, access controls, and regular security reviews. However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data, and you acknowledge that you provide personal information at your own risk.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data, subject to legal retention requirements
• Restriction: Request that we restrict processing of your data in certain circumstances
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing

GDPR (EEA/UK): You have the above rights under the General Data Protection Regulation. You also have the right to lodge a complaint with your local supervisory authority.

CCPA/CPRA (California): California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at contact@earlyaccesspage.com.

To exercise any of these rights, please contact us at contact@earlyaccesspage.com. We will respond within the timeframes required by applicable law (typically 30 days for GDPR, 45 days for CCPA). We may request identity verification before processing your request.

10. Children’s Privacy

The Service is not intended for individuals under the age of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at contact@earlyaccesspage.com.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by posting the revised policy on the Service with an updated “Last updated” date. For paid subscribers, material changes will also be communicated via email. Your continued use of the Service after any changes constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

• Privacy inquiries: contact@earlyaccesspage.com
• General support: contact@earlyaccesspage.com

We aim to respond to all privacy-related inquiries within 30 days.