Privacy
Philosophy

Information about a person is an extension of that person. To collect it without necessity is not a neutral act — it is an appropriation. To retain it beyond purpose is not caution — it is possession without right. What a person generates about themselves originates with them, belongs to them, and does not become someone else's asset simply by passing through their systems. Ownership does not transfer on contact. Custody is not title.

Most of the digital economy is built on the opposite premise — that data flows freely until someone objects, shifting the entire burden of protection onto the person least positioned to carry it. We reject that entirely. The burden is on us to justify every piece of information we touch, and when we cannot justify it, we don't touch it. Occasionally, a specific and necessary function requires passing limited information to another custodian for a bounded purpose. When that happens, we name it, we limit it, and it goes no further.

We handle what belongs to others the way we would handle anything that was never ours to keep — carefully, minimally, and with a clear understanding that it goes back. We are custodians at best, and only briefly. Privacy is not a feature we offer. It is a condition we refuse to violate.

We respect you enough not to want your information. Not what you browse, not what you buy, not what you do when you're not talking to us. None of it. We know what we need to do the job — your name, your contact, your engagement context — and that's the boundary. Anything beyond that isn't our business, literally.

Before a contract is executed, anything you've shared with us is yours to delete entirely. Once an agreement is signed and an engagement begins, the information you voluntarily provided becomes part of a mutual business record. At that point it is no longer personal data held on your behalf — it is evidence of a commercial transaction between two parties.

We retain exactly three categories — executed agreements, delivery confirmations, and payment records — for six years from the close of an engagement. That window exists to protect the integrity of completed work on both sides. When it closes, those records are deleted permanently and without recovery.

Your data is encrypted in your browser before it ever touches a server. By the time it moves, neither we nor any platform we use can read it in transit. It arrives encrypted and it stays that way.

Our site is served through Netlify. Data is stored in Supabase. Both platforms handle encrypted data only — they are infrastructure, not data processors in any meaningful sense, because what passes through them is unreadable to them by design. Netlify's privacy policy is available at netlify.com/privacy. Supabase's privacy policy is available at supabase.com/privacy.

Email notifications are delivered through Resend. Resend is used exclusively to notify you when something in your portal requires attention — a new message, document, or invoice. The notification contains nothing beyond your name, your email address, and the fact that an update exists. The content of that update never leaves your encrypted portal. Resend's privacy policy is available at resend.com/legal/privacy-policy.

Payment processing is handled by Stripe. When you transact with us, Stripe receives what is necessary to complete that transaction — nothing sourced from us beyond what the transaction itself requires. We do not pass behavioral data, engagement history, or anything beyond the transactional minimum. Stripe's privacy policy is available at stripe.com/privacy.

We are candid about something: these platforms operate under their own privacy policies, which we do not control and which may not reflect the same standards as our own. By engaging with our services, you extend a degree of trust to each of them. We have chosen each platform deliberately and with care, but we will not pretend their commitments are identical to ours. We encourage you to review their policies directly.

Regulators are welcome to review our practices. They'll find compliance — a byproduct, not a goal. We didn't build this around legal minimums. We built it around actually giving a damn, which turns out to be a considerably higher bar than the law has ever managed to set. If the rules happen to agree with us, that's the law's good fortune, not our achievement.