Privacy Policy

1. Introduction

Alyssa Howard Enterprises, LLC ("we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, subscribe to our services, or interact with our content.

By using our platform, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

• Account Information: Email address, full name, password (encrypted), profile photo, bio, and website URL when you create an account
• Newsletter Subscriptions: Email address, first name, and last name when you subscribe to our newsletter
• Payment Information: Billing details processed securely through Stripe (we do not store full credit card numbers)
• Communications: Messages you send us via contact forms, email, or support requests
• User-Generated Content: Comments, posts, and other content you submit to our platform

2.2 Information Collected Automatically

When you access our platform, we automatically collect certain technical information:

• Device and Browser Information: IP address, browser type, operating system, device identifiers, and user agent
• Usage Data: Pages viewed, time spent on pages, click patterns, referring URLs, and search queries
• Cookies and Tracking Technologies: Session cookies, authentication tokens, and analytics cookies (see our Cookie Policy for details)

2.3 Information from Third Parties

We may receive information about you from third-party services you use to access our platform:

• Authentication Providers: If you sign in using a third-party service (Google, etc.), we receive your email address and basic profile information
• Payment Processors: Stripe provides transaction details and payment status
• Analytics Services: Google Analytics provides aggregated usage statistics

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: Provide access to content, process subscriptions, and deliver newsletters
• Account Management: Create and manage your account, authenticate your identity, and provide customer support
• Payment Processing: Process subscription payments and manage billing through our payment processor, Stripe
• Personalization: Customize content recommendations based on your tier level and viewing history
• Communications: Send transactional emails (receipts, account updates), marketing emails (with your consent), and respond to inquiries
• Analytics and Improvement: Analyze usage patterns, measure content performance, and improve our platform
• Security: Detect and prevent fraud, abuse, and security incidents
• Legal Compliance: Comply with legal obligations, enforce our Terms of Service, and protect our rights

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our platform:

• Supabase Inc. (United States) - Database, Authentication, File Storage (DPA in place)
• Stripe, Inc. (United States) - Payment Processing (DPA in place)
• Resend, Inc. (United States) - Email Delivery
• Upstash, Inc. (United States) - Caching & Rate Limiting
• Sentry (United States) - Error Monitoring (DPA in place)
• Google LLC (United States) - Analytics (GA4), reCAPTCHA (DPA in place)
• YouTube (Google LLC) (United States) - Video Hosting & Metadata (DPA in place)
• Printful, Inc. (United States) - Print-on-Demand Fulfillment

These service providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your information is transferred.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety, or that of our users or the public.

4.4 Aggregate Data

We may share aggregated, de-identified data (e.g., "50% of VIP subscribers watch video content weekly") with potential advertisers or partners. This data cannot be used to identify you personally.

5. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Active Accounts: Retained until you request deletion
• Deleted Accounts: Permanently deleted within 30 days of your deletion request
• Newsletter Unsubscribes: Email removed within 30 days (suppression list maintained to prevent re-subscription)
• Activity Logs: Retained for 365 days for analytics and security
• Subscription Records: Retained indefinitely for tax, accounting, and legal compliance

6. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

6.1 GDPR Rights (EU Residents)

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

6.2 CCPA/CPRA Rights (California Residents)

• Right to Know: Request disclosure of personal information collected, used, and shared
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the "sale" or "sharing" of personal information (see Do Not Sell My Info)
• Right to Non-Discrimination: Exercise your rights without discriminatory treatment
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit: Limit the use and disclosure of sensitive personal information

6.3 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: privacy@alyssaahoward.com
• Account Settings: Manage preferences directly in your account dashboard
• Unsubscribe Links: All marketing emails include an unsubscribe option

We will respond to verified requests within 30 days (GDPR) or 45 days (CCPA/CPRA).

7. Cookies and Tracking

We use cookies and similar tracking technologies to provide and improve our services. For detailed information, please see our Cookie Policy.

You can manage cookie preferences through:

• Browser Settings: Most browsers allow you to block or delete cookies
• Analytics Opt-Out: Disable Google Analytics tracking here
• GDPR Consent: We default to "denied" consent for analytics and require explicit opt-in for EU visitors

8. International Data Transfers

Our platform is operated from the United States. If you access our services from outside the US, your information will be transferred to and processed in the United States.

For EU/EEA users, we have implemented appropriate safeguards:

• Standard Contractual Clauses (SCCs): We have executed SCCs with Supabase for EU-US data transfers
• Data Processing Addendum: Signed with Supabase Inc. on 2025-11-11
• GDPR Compliance: All data processors are GDPR-compliant and subject to appropriate security measures

9. Children's Privacy

Our platform is intended for users age 13 and older. We comply with the Children's Online Privacy Protection Act (COPPA) and do not knowingly collect personal information from children under 13.

During registration, we require users to confirm they are at least 13 years old. If we discover we have collected information from a child under 13, we will delete it immediately.

If you believe we have inadvertently collected information from a child under 13, please contact us at privacy@alyssaahoward.com.

10. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data transmitted via HTTPS/TLS encryption; passwords stored using bcrypt hashing
• Access Controls: Role-based access controls (customer, editor, admin) limit data access
• Infrastructure Security: Supabase provides SOC 2 Type II certified infrastructure
• Monitoring: Automated error monitoring via Sentry detects security incidents
• Payment Security: Stripe PCI-DSS Level 1 certified payment processing (we never store full card numbers)

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. For more details, see our Security Policy.

11. Third-Party Links and Services

Our platform may contain links to third-party websites, services, or social media platforms (YouTube, Instagram, TikTok, Pinterest, Apple Podcasts). We are not responsible for the privacy practices of these third parties.

We encourage you to review the privacy policies of any third-party services you access through our platform.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

If we make material changes, we will notify you via:

• Email Notification: Sent to your registered email address
• Platform Notice: Prominent banner on our website for 30 days
• Updated "Last Updated" Date: Displayed at the top of this policy

Your continued use of our services after the effective date constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: