PODProfit

Privacy Policy

Last updated: 2026-05-03 · Version: 1.0

PODProfit is built on a "collect the minimum" principle. This page explains what we collect, why, and how we share it.

1. What we collect

  • Account info (Pro/Lifetime only): email address, optional display name, country / preferred currency.
  • Calculation inputs: only when you choose to save or share a calculation (Pro feature for saving; share-link is opt-in by clicking the share button).
  • Payment info: handled by Stripe. We never see or store your card details. We only see the metadata Stripe shares (last 4 digits, brand, billing country, Stripe customer ID).
  • Web analytics: anonymous, cookieless analytics via Cloudflare Web Analytics and PostHog (no individual identification).
  • Email subscribers (Lead Magnet sign-ups): email address only, processed by Buttondown.
  • Server logs: standard request logs (IP, user-agent, path) retained 14 days for security and debugging.

2. What we DO NOT collect

  • Tracking cookies (no marketing cookies, no third-party trackers)
  • Advertising IDs
  • Your vendor or marketplace credentials (we never ask)
  • Your bank or sales data from Etsy/Shopify/Printful/Printify

3. Why we collect each item

  • Account info: to authenticate you and bill correctly
  • Calculations: to provide the save / share features you opted into
  • Payment info: to process payments and prevent fraud (legal obligation)
  • Analytics: to improve the product (no individual identification)
  • Email subscribers: to send you content you opted in to

4. Sub-processors

The third-party services that process data on our behalf:

  • Vercel (US): hosting
  • Supabase (US): database and authentication
  • Stripe (US): payment processing
  • Cloudflare (Global): DNS, CDN, web analytics, email routing
  • Buttondown (US): email newsletter (opt-in only)
  • PostHog Cloud (US): product analytics

5. International transfers

Most sub-processors are US-based. For EU data subjects, we rely on Standard Contractual Clauses (SCCs) and the relevant Data Privacy Framework adequacy decisions where applicable. For Japanese data subjects, transfers comply with APPI Article 28.

6. Your rights

You have the right to:

  • Access: request a copy of your data (GDPR Art. 15, CCPA, APPI)
  • Delete: request deletion of your account and data
  • Export: receive your data in a portable format
  • Object: opt out of analytics or marketing

Email privacy@getpodprofit.com for any of the above. We respond within 30 days.

7. Data retention

  • Account: until you delete it, plus 90 days for backup recovery
  • Calculations: until you delete them
  • Payment records: 7 years (legal requirement under Japanese tax law)
  • Server logs: 14 days
  • Email subscribers: until you unsubscribe

8. Cookies

We use only essential cookies (session management for logged-in users). We do not use tracking, advertising, or third-party cookies. Because we have no non-essential cookies, no consent banner is required under GDPR / e-Privacy / APPI.

9. Security

All traffic is HTTPS-only. Passwords are hashed (bcrypt via Supabase). Database access is restricted by Row-Level Security. Payment data is fully isolated at Stripe (PCI-DSS Level 1).

10. Children

The service is not directed at children under 13. We do not knowingly collect data from anyone under 13.

11. Breach notification

In the event of a data breach involving personal information, we will notify affected users within 72 hours of becoming aware, in line with GDPR Art. 33 and APPI requirements.

12. Contact

Privacy inquiries: privacy@getpodprofit.com