$ cat .env.local
Privacy Policy
Your data is like your environment variables - we keep it secure and never commit it to public repos.
We collect only what we need to ship your coffee and improve your experience:
**Account Information:**
- Email address (for order confirmations and shipping updates)
- Name and shipping address (kind of essential for delivery)
- Password (hashed with bcrypt, never stored in plain text)
**Order Information:**
- Purchase history
- Payment method (we do not store full card numbers - that is Stripe's job)
**Usage Data:**
- Pages visited (anonymized analytics)
- Device type and browser (for optimization)
- Coffee preferences (to recommend blends you will love)
Your data is used for:
- Processing and shipping orders
- Sending order confirmations and shipping updates
- Improving our products and website
- Personalizing your experience (optional)
We do NOT:
- Sell your data to third parties
- Use your email for spam
- Train AI models on your purchase history
- Share your address with anyone except shipping carriers
Security practices we follow:
- All data encrypted in transit (TLS 1.3)
- Sensitive data encrypted at rest
- Regular security audits
- Access controls and logging
- No plain-text passwords (ever)
// Our security philosophy
if (dataIsPersonal) {encrypt(data);
limitAccess(data);
logAccess(data);
}
We use trusted third parties for specific functions:
- **Stripe**: Payment processing (PCI-DSS compliant)
- **Vercel**: Hosting (SOC 2 compliant)
- **Analytics**: Anonymous usage tracking
Each service has their own privacy policy. We only share the minimum data required for them to function.
We use cookies for:
- Session management (keeping you logged in)
- Shopping cart persistence
- Analytics (anonymized)
You can disable cookies in your browser, but some features may not work properly.
We do not use cookies for advertising or tracking across sites.
You have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your account and data
- Export your data (JSON format, of course)
- Opt out of marketing emails
To exercise these rights, email privacy@segfaultcoffee.com or use your account settings.
We retain data for:
- Account data: Until you delete your account
- Order history: 7 years (for tax purposes)
- Analytics: 26 months (anonymized)
When you delete your account, we remove personal data within 30 days.
Some data may persist in backups but is not actively used.
Privacy concerns? We are all ears:
- Email: privacy@segfaultcoffee.com
- Response time: Within 72 hours
For EU residents: You may also contact your local data protection authority.