Privacy Policy
Effective: May 14, 2026. Last reviewed: May 14, 2026.
This Privacy Policy explains how Jared Howard, a sole proprietor based in the Commonwealth of Virginia ("we", "our", "us"), collects, uses, discloses, and protects personal information ("PI") about visitors to this website and customers of our software products and development services (collectively, the "services"). It also describes the rights US residents have over their personal information and how to exercise them.
If you do not agree with this policy, please do not use the services.
1. About this policy
We are a US-based sole proprietorship. Our customers are primarily US consumers and US small businesses. We do not direct the services to residents of the European Economic Area, the United Kingdom, or other non-US jurisdictions; if you are located outside the United States, by using the services you understand that your personal information will be processed in the United States.
Our Terms of Service require users to be at least 18 years old. We do not knowingly collect personal information from anyone under 18, and we do not direct the services to minors. If you believe someone under 18 has provided us with personal information — including a child under 13, which carries additional protections under the federal Children's Online Privacy Protection Act — contact us at the address in Section 11 and we will delete the information and close the account. For California residents aged 13–17, the California "Eraser Law" (Bus. & Prof. Code §22581) gives you the right to request removal of content you have posted; that right is described in Section 5.
2. Personal information we collect
We organize personal information by the categories used in the California Consumer Privacy Act (CCPA) so the disclosures below carry over to the similar privacy laws of Virginia, Colorado, Connecticut, Utah, and other US states.
| Category | Examples | Sources | Purposes | Disclosed to (categories) | Retention |
|---|---|---|---|---|---|
| A. Identifiers | Name, email address, account identifier, IP address | Directly from you; server logs | Account creation and login; service delivery; customer support; security and abuse prevention; legal compliance | Payment processor (for billing); hosting and infrastructure providers (to operate the service) | While the account is active + up to 90 days after deletion request; server logs up to 90 days |
| B. Customer records / commercial information | Billing address, billing country, last-four of payment card, subscription state, order history | Stripe; directly from you when you place an order or sign an SOW | Process and confirm payments; manage subscriptions and renewals; tax and accounting compliance | Payment processor; tax and accounting service providers, if any | Up to 7 years after the relevant transaction to meet US tax record-keeping standards |
| C. Internet or network activity | Pages visited, request timestamps, user-agent string, referring URL, basic device type | Automatically when you use the services | Operate and secure the services; debug; detect abuse | Hosting and infrastructure providers | Up to 90 days, except entries we preserve in connection with a specific incident |
| D. Geolocation (approximate only) | Country and approximate region inferred from IP address | Automatically when you use the services | Fraud prevention; geographic reporting; legal compliance | Hosting and infrastructure providers | Up to 90 days |
| E. Professional or employment-related information (custom-development engagements only) | Job title, organization, project description | Directly from you during a custom-development engagement | Scope and deliver the engagement; manage the customer relationship | Hosting and infrastructure providers; sub-contractors if any (only with your prior knowledge) | While the engagement is active + 7 years for record-keeping |
| F. Communications | Emails to and from us, support tickets | Directly from you | Respond to inquiries; document support and contract history | None outside our email provider | While the matter is active + reasonable archive for records |
Sensitive personal information. We do not collect Social Security numbers, driver's licence numbers, precise geolocation, racial or ethnic origin, religious beliefs, biometric information, health information, sexual-orientation information, or contents of mail, email, or text messages other than communications you send to us directly. If our practices change, this section will be updated and active customers will be notified before the change takes effect.
Payment-card data. We do not collect, store, or transmit full payment-card numbers, CVC codes, or expiration dates on our systems. Payment-card data is handled directly by Stripe, which states that its infrastructure is PCI-DSS compliant. We receive from Stripe only the limited billing-related fields described above in Category B; the "last-four of payment card" we receive is the last four digits of the card number for your reference, which is not considered cardholder data within the PCI-DSS scope and which we cannot use to charge or reconstruct the original card number.
3. Sale or sharing of personal information
The CCPA and similar state laws define "sale" and "sharing" as distinct concepts. "Sale" means disclosing personal information to a third party for monetary or other valuable consideration. "Sharing" means disclosing personal information to a third party for cross-context behavioral advertising, whether or not money changes hands.
We do not sell personal information. We do not share personal information for cross-context behavioral advertising. As of the Effective date of this policy, we have not done either, and we have no plans to do so. We review this statement annually. If our practices change, this Section 3 will be updated before any change takes effect. We do not knowingly sell or share the personal information of consumers under the age of 16.
Because we do not sell or share, the rights to opt out of sale or sharing described in Section 5 are not applicable — but if you believe we have mischaracterized our practices, contact us at the address in Section 11 and we will respond.
4. Service providers and other recipients
We use a small set of third-party service providers to operate the business. Each receives only the personal information they need to perform the service, and each is bound by contract or by the terms of their service offering to use that information solely on our instructions and for no other purpose.
- Payment processor. Stripe, Inc. — processes payments and manages subscriptions on our behalf.
- Static-site hosting. GitHub Pages, operated by GitHub, Inc. (a subsidiary of Microsoft Corporation) — hosts the marketing site you are reading now.
- Email and support. Google LLC (via Gmail) — receives and stores emails to and from our published contact address.
Each of these providers publishes its own privacy policy on its corporate website; you can locate it by searching for the company name plus "privacy policy". Because their privacy policies change over time and the URLs do not always remain stable, we no longer link to specific URLs from this page.
Additional service providers will be added when subscription products launch (for example, an application-hosting platform, a transactional-email service, or an error-monitoring service). This Section 4 will be updated before any new category of provider receives personal information.
We may also disclose personal information when legally required — for example, in response to a subpoena, court order, or other valid legal process, or to protect the rights, safety, or property of any person.
5. Your privacy rights
Depending on the US state you reside in, you may have some or all of the following rights:
- Right to know. Request confirmation of whether we process personal information about you, and request access to specific pieces and categories of that information.
- Right to correct. Request correction of inaccurate personal information we hold about you.
- Right to delete. Request deletion of personal information we hold about you, subject to limited exceptions (for example, information we must retain to meet tax obligations or to defend legal claims).
- Right to data portability. Receive a copy of personal information you have provided to us, in a portable and (where feasible) machine-readable format.
- Right to opt out of sale or sharing. Direct us not to sell or share your personal information. As noted in Section 3, we do not engage in either; this right is therefore not relevant to our practices but is available on request.
- Right to limit use of sensitive personal information. As noted in Section 2, we do not collect sensitive personal information; this right is therefore not relevant to our practices.
- Right to non-discrimination. We will not deny you the services, charge you a different price, or provide a different level of service because you exercised a privacy right.
- Right to appeal (Virginia, Colorado, Connecticut). If we deny a request, you may appeal that decision; see Section 7 for the appeal process.
These rights are not absolute. We may decline a request to the extent applicable law permits — for example, where we cannot verify your identity, where the request is manifestly unfounded or excessive, or where complying would require us to violate another legal obligation. If we decline, we will tell you why.
6. How to exercise your rights
Send a request by email to:
Use the subject line "Privacy request". In the body, please tell us:
- The right you wish to exercise (know, correct, delete, portability, opt-out of sale/sharing, or appeal).
- The email address associated with your account or with the personal information you are asking about.
- Enough detail about the request that we can respond meaningfully.
Verification. To protect you, we will not act on a privacy request until we have reasonably verified that the request is yours. For account-holders, we will verify by confirming the request from the email address on the account and by asking one or two additional questions about the account. For non-account-holders, we will use the information available to us to make a reasonable verification; if we cannot verify, we will say so and explain what additional information might help.
Authorized agents. You may designate an authorized agent to make a request on your behalf. We will require written proof of the authorization and verification of your identity before acting.
Response time. We will acknowledge and respond to verifiable privacy requests within the timeframes required by the law of your state of residence (for example, the deadlines set by the CCPA/CPRA for California residents and by the VCDPA for Virginia residents — both generally 45 days, with a single permitted extension of up to an additional 45 days for good cause). For residents of US states without a comprehensive privacy statute, we apply a baseline of 45 days from a verifiable request, with one extension of up to an additional 45 days for good cause where needed. If we need an extension permitted by law, we will notify you within the original response period, explain the reason, and extend the deadline only by the period the relevant statute (or, for non-statute states, this policy) allows.
7. How to appeal a denied request (Virginia and similar states)
If we deny a request in whole or in part, residents of Virginia, Colorado, Connecticut, and other states that grant an appeal right may appeal that decision within 60 days of our response by emailing us at the address in Section 6 with the subject line "Privacy request — appeal" and the reasons you believe the original decision was wrong.
We will respond to the appeal within 60 days of receipt with a written explanation of our final decision. If your appeal is denied, you may contact your state's Attorney General with a complaint about our handling of the request. For Virginia residents, that is the Virginia Attorney General (https://www.oag.state.va.us/).
8. Cookies, tracking, and analytics
As of the Effective date of this policy, this website does not use third-party analytics, advertising cookies, advertising pixels, or cross-site tracking technologies. All client-side JavaScript on the marketing site is first-party code we wrote ourselves; there are no embedded third-party scripts and no remote-loaded tracking tags as of that date.
Subscription products may use a limited set of first-party functional cookies or local-storage entries (for example, to keep you signed in or to remember UI preferences). Where they do, those cookies are strictly necessary for the product to function and will be described in the product's own help or privacy documentation.
If we ever add third-party analytics, behavioral-advertising, session-replay, or similar tracking technologies, this Section 8 will be updated before any such tool is enabled, and (where required by law) we will obtain consent or provide opt-out controls at that point.
9. Security
We take reasonable administrative, technical, and physical safeguards to protect personal information against accidental or unlawful loss, access, disclosure, alteration, or destruction. These include HTTPS in transit, reliance on Stripe (which states that its infrastructure is PCI-DSS compliant) for all payment-card handling, access controls on accounts and systems, and routine review of our service providers. No system is perfectly secure, however, and we cannot guarantee absolute security.
In the event of a security incident affecting your personal information, we will notify you (and any regulator we are legally required to notify) in accordance with applicable law.
10. Changes to this policy
We may update this Privacy Policy from time to time. The "Effective" date at the top reflects the current version. We will notify you of material changes by (a) updating the Effective date, (b) emailing active subscription customers at least 15 days before the change takes effect, and (c) posting a short summary of the change at the top of this page for a reasonable period after the change. Continued use of the services after the new Effective date constitutes acceptance of the updated policy.
11. Contact
For privacy questions, to exercise a right, or to file a complaint about our handling of personal information:
Jared Howard jaredhoward0912@gmail.com Subject line: "Privacy request" (or "Privacy question" for general inquiries).