How we handle your data

What we collect, what we do with it, and what we don't do with it. Last updated May 15, 2026.

1. The short version

We collect only what we need to deliver the build, run your subscription, and make your site work.
We do not sell your data. Ever. To anyone.
We use Stripe for payments, Supabase for data storage, Resend for email, and Vercel for hosting. Each one is bound by its own privacy policies.
You can request a copy or deletion of your data at any time by emailing support@localcraftdigital.com.

2. Who we are

LocalCraft Digital is an Illinois sole proprietorship operated from Edwardsville, IL. We can be reached at support@localcraftdigital.com or (314) 246-9224.

3. Information we collect

3a. Information you give us directly

Contact information: name, business name, email, phone, best time to call.
Intake form responses: business details, services, hours, brand voice, photos, and other content you submit so we can build your site.
Payment information: Stripe handles your card data directly. We receive only a token, the last four digits, card brand, and billing zip from Stripe; we never see or store your full card number.
Account credentials: if you create a client dashboard account, your email and a hashed password (managed by Supabase Auth).
Communications: emails, texts, and call notes when you reach out to support.

3b. Information collected automatically when you visit localcraftdigital.com

Standard server logs via Vercel: IP address, browser type, pages visited, referrer, timestamps. Used for security and basic site analytics. Retained 30 days.
Affiliate referral cookie (lc_ref): if you arrive via a partner referral link, we set a 30-day cookie to attribute the referral.
Theme preference (lc-theme): a cookie that remembers your light/dark mode choice. No personal data.
Stripe may set its own cookies on the checkout pages for fraud detection. See Stripe's privacy policy.

3c. Information collected by the tracking pixel on YOUR site (if you are a Care or Growth Plan client)

If LocalCraft Digital built your website and you are a paying client, your site includes a lightweight tracking pixel (track.js) that records visitor activity so you can see leads, conversions, and traffic patterns in your dashboard. The pixel collects:

Page views (URL path, referrer, timestamp)
Click events on links and buttons
Phone-link taps, email-link taps, SMS-link taps, map-link taps
Form submissions (we capture the fact a form was submitted; form contents go to your inbox via your form provider, not to us)
Scroll depth on long pages
Visitor IP address and user agent for spam detection

The pixel respects the visitor's Do-Not-Track browser setting and the prefers-reduced-data media query. It does not use third-party cookies, fingerprinting, or any cross-site tracking. We do not sell, share, or use this data for advertising. It exists solely to populate your dashboard and is bound by the same retention and access rules as your other account data.

4. How we use the information

Build, deliver, and operate your website.
Run your subscription (recurring billing via Stripe, sending receipts, notifying you of failed payments).
Provide support, answer questions, troubleshoot issues.
Send transactional emails (order confirmations, password resets, magic links).
Improve our service, internal analytics, and the build process.
Detect and prevent fraud, spam, and abuse.
Comply with legal obligations.

We do not use your data to train third-party AI models, sell your contact list, or run targeted advertising.

5. Who we share information with

We share information only with vendors required to operate the service. Each is bound by data-processing terms with us. None resell your data:

Stripe — payment processing. stripe.com/privacy
Supabase — database and authentication. supabase.com/privacy
Resend — transactional email delivery. resend.com/legal/privacy-policy
Vercel — site hosting and DNS edge. vercel.com/legal/privacy-policy
Google Workspace — internal email at localcraftdigital.com addresses we operate from.

We may also disclose information when required by law, valid subpoena, court order, or to protect rights, property, or safety.

6. Cookies

localcraftdigital.com sets minimal first-party cookies for affiliate attribution (lc_ref, 30-day) and theme preference (lc-theme, persistent). Stripe sets its own cookies on payment screens for fraud prevention. We do not use third-party advertising cookies, retargeting pixels, or cross-site tracking.

7. Data retention

Active client data (account, subscriptions, intake submissions, tracking events): retained as long as your account is active.
After cancellation: account and tracking events retained for 90 days, then deleted unless you request earlier deletion.
Payment records: retained for 7 years for tax and audit purposes.
Server logs: 30 days.

8. Your rights

You have the right to:

Access your data — request a copy of everything we hold on you.
Correct inaccurate information.
Delete your data (subject to legal retention requirements like the 7-year payment record).
Export your data in a portable format.
Object to certain uses.
Withdraw consent at any time where processing relies on consent.

To exercise any of these, email support@localcraftdigital.com. We respond within 30 days.

9. California residents (CCPA/CPRA)

California residents have the same rights described in section 8, plus the right to opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising, so there is nothing to opt out of, but you can still contact us to confirm.

10. Children

Our services are not directed at children under 13. We do not knowingly collect data from children. If you believe we have collected information from a child, email us and we will delete it.

11. Security

We use industry-standard practices to protect your data: TLS encryption in transit, encrypted-at-rest storage at Supabase and Stripe, hashed passwords, row-level security policies enforcing tenant isolation. No system is perfectly secure; we cannot guarantee against every threat, but we work to address incidents promptly and notify affected users when required by law.

12. International users

We are based in the United States. If you visit the site from outside the US, your information is transferred to and stored in the US. By using the service, you consent to that transfer.

13. Changes to this policy

We may update this policy. If a change is material, we will notify you by email at least 30 days before it takes effect. The "Last updated" date at the top reflects the most recent version.

14. Contact

Questions or to exercise your rights:

LocalCraft Digital
Edwardsville, IL
support@localcraftdigital.com
(314) 246-9224

Effective May 15, 2026. See also our Terms of Service.