Privacy Policy

Last updated: May 6, 2026

This Privacy Policy describes how steep ("we", "us", "our") collects, uses, shares, and protects information about you when you visit or make a purchase from https://steep.shashankthattai.dev. We follow the principles of GDPR, CCPA, and similar privacy regimes regardless of where you live.

What we collect

• Account data — name, email, billing/shipping address you provide at signup or checkout.
• Order data — products purchased, transaction amounts, fulfillment status, support correspondence.
• Device data — IP address, user agent, pages viewed (used for security and aggregate analytics).
• Cookies & similar technologies — see the Cookies section below.

How we use your data

• Fulfillment + service: process orders, deliver digital files, ship physical goods, and provide customer support.
• Transactional email: receipts, shipping notifications, refund confirmations. These are sent regardless of marketing preferences as they are necessary to perform the contract.
• Marketing email: only when you explicitly opt in (double opt-in confirmation). You can unsubscribe at any time using the link in every marketing email.
• Analytics: aggregate, never sold. See "Service providers" below for the named processors.

Service providers we share with

We share the minimum data needed with:

• Stripe, Inc. — payment processing. Card numbers never touch our servers. Stripe privacy policy.
• Resend — transactional email + newsletter delivery. Resend privacy policy.
• Shippo — shipping label generation for physical orders. Shippo privacy policy.
• Supabase — database + authentication hosting. Supabase privacy policy.
• Google Analytics — aggregate analytics (only if you accept analytics cookies).
• Meta — advertising attribution (only if you accept marketing cookies).

We never sell your personal information.

Cookies & tracking

We set the following cookies:

• Strictly necessary: session, CSRF, and cart cookies — required for the site to work. Cannot be disabled.
• Analytics (optional): Google Analytics 4 with IP anonymization. You can decline these in our cookie banner.
• Marketing (optional): Meta Pixel for advertising attribution. You can decline these in our cookie banner.

Until you accept analytics or marketing cookies, only strictly-necessary cookies are set. Your choice is remembered for 12 months.

Your rights

Depending on your region, you may have the right to:

• Access your data (GDPR Art. 15) — email shashankthattai@gmail.com and we will respond within 30 days.
• Correct inaccurate data (GDPR Art. 16) — manage from /account or email us.
• Delete your account + data (GDPR Art. 17 / CCPA) — use "Delete account" in /account/security or email us.
• Portability — request a JSON export of your account, orders, reviews (GDPR Art. 20). Email us.
• Object to marketing — unsubscribe from any marketing email or email us.

California residents additionally have CCPA rights — see /privacy/do-not-sell.

Data retention

• Order records: retained for 7 years after the order date for tax/accounting purposes (US IRS / state requirements).
• Account profiles: retained while your account is active. Deleted within 30 days of an account-deletion request, except where law requires longer retention (e.g. tax records linked to an order).
• Marketing email subscriptions: retained until you unsubscribe; the unsubscribe record is kept indefinitely so we don't accidentally re-add you.
• Analytics: anonymized to 14 months in GA4 default config.

Security

We use industry-standard practices: HTTPS everywhere, encrypted database at rest, scoped service-role access, signed webhooks, rate-limited public APIs, RLS on every table.

International transfers

Data is processed in the United States. By using the site you consent to this transfer. Stripe, Resend, Supabase all offer EU data-residency contracts; contact us if you need one.

DPO contact

For data-protection inquiries, contact shashankthattai@gmail.com. (Replace with your DPO name if you appoint one.)

Changes to this policy

We'll post the updated date above and notify newsletter subscribers of material changes.

Contact

Questions? Email shashankthattai@gmail.com.