Privacy Policy

Last updated: April 5, 2025

Introduction

Welcome to SystemSculpt ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal information in compliance with applicable US data privacy laws. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (systemsculpt.com) or use our services.

Please read this Privacy Policy carefully. By accessing our site or using our services, you acknowledge you have read and understood this policy. If you do not agree with the terms, please do not access the site or use our services.

Information We Collect

We collect information about you in various ways when you use our services:

• Account Information: When you create an account using our authentication provider, Clerk, we collect your name, email address, and a unique Clerk User ID. We store this information in our database along with your preferred timezone (if provided), your admin status within our system, and account metadata (such as account creation and last update timestamps).
• Transaction & Usage Information: When you purchase digital products or session credits, our payment processor, Stripe, handles the transaction. We store details about your purchase history (products, dates, amounts, currency), session usage, payment events (including status and provider information), and subscription details (if applicable) in our database. This includes associated Stripe identifiers (like Customer ID or Subscription ID) but we do not store your full credit card number on our servers. We also track which resources you have access to, including access expiration dates and viewing history.
• Session and Consultation Data: When you book consultation sessions, we collect session scheduling information (dates, times, availability slots), session notes (if you provide them), session status (scheduled, completed, cancelled), and user timezone at the time of booking for accurate scheduling.
• Resource Access Tracking: We maintain detailed logs of your access to digital resources, including download timestamps, viewing history, last accessed dates, notification preferences, and access expiration dates. This helps us provide better service and ensure you have access to purchased content.
• Newsletter Subscription Information: If you subscribe to our newsletter, we collect your email address and optionally your name. We also store the source of your subscription (e.g., footer form, banner), subscription/unsubscription timestamps, associated UTM parameters (source, medium, campaign, term, content) if you clicked a tracked link, and your indicated content preferences. This information is stored in our database.
• Cart Information: If you add items to your shopping cart while logged in, we store the items added, quantities, timestamps, and link them to your user ID in our database to maintain cart persistence and potentially remind you of abandoned carts.
• API Usage and Credits: For users with API access or lifetime licenses, we track API credit balances, credit transactions, usage patterns, and credit expiration dates to manage your API access and ensure fair usage.
• License Information: For software licenses, we may collect license keys, activation status, device information (for device-limited licenses), and license metadata to prevent unauthorized use and provide support.
• Rate Limiting Data: To prevent abuse and ensure service quality, we track request rates using identifiers (such as IP addresses or API keys) with points and expiration timestamps. This data is temporary and automatically deleted after expiration.
• Idempotency Keys: For payment processing reliability, we store idempotency keys with associated request data to prevent duplicate charges. These are retained for a limited time period.
• Website Usage Data: We use Vercel Analytics and Vercel Speed Insights to automatically collect information about how you interact with our website. This may include your IP address, browser type, device type, operating system, pages visited, time spent on pages, links clicked, and other interaction data. This data is typically aggregated and pseudonymized.
• Communications: If you contact us directly via email (e.g., at mike@systemsculpt.com), we will have a record of that correspondence, including your email address and the content of your message.
• Performance Metrics: We collect anonymized cache performance metrics (hit/miss rates) to optimize our service delivery. This data does not contain personally identifiable information.
• Soft Deletion Records: When data is deleted from our system, we may retain deletion timestamps for audit purposes and to comply with legal obligations. Soft-deleted data is not accessible through normal operations but may be retained for the periods described in our data retention policy.

How We Use Your Information

We use the information we collect for legitimate business purposes, including to:

• Provide, operate, maintain, and improve our website and services.
• Process your transactions, manage your subscriptions, and send related information like confirmations and invoices.
• Manage your account and provide customer support.
• Respond to your comments, questions, and requests.
• Send you technical notices, updates, security alerts, and administrative messages.
• Communicate with you about products, services, offers, promotions, and events offered by SystemSculpt (you can opt-out of marketing communications).
• Monitor and analyze trends, usage, and activities to understand how our services are used and to improve them.
• Detect, investigate, and prevent fraudulent transactions, security incidents, and other illegal activities.
• Personalize your experience on our website.
• Comply with legal obligations.

Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following limited circumstances:

• Service Providers: We share information with third-party vendors and service providers who need access to your information to perform services on our behalf. These include:
  • Clerk: For user authentication, account management, and session management.
  • Stripe: For secure payment processing.
  • Vercel: For website hosting, deployment, analytics, and speed insights.
  • Mailgun: For sending transactional emails (like password resets, purchase confirmations) and newsletters.
  • Other providers for database hosting, infrastructure, and IT services.
  These providers are contractually obligated to protect your information and use it only for the services we request.
• Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency), such as to meet national security or law enforcement requirements.
• Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company. We will notify you of such an event.
• With Your Consent: We may share your information for other purposes if we have obtained your explicit consent to do so.

Data Security

We implement appropriate technical and organizational security measures designed to protect the security of your personal information from unauthorized access, use, or disclosure. However, please remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods may vary depending on the type of information and the reason for its collection. For example:

• Account information is generally kept as long as your account exists.
• Transaction data may be kept longer to comply with financial regulations.
• Newsletter subscription data is kept until you unsubscribe.

You can request the deletion of your data as described in the "Your Rights" section. Some data may be retained in anonymized or aggregated form or in backups according to our data retention policies and legal requirements.

Your Rights (US Residents)

Depending on your location (particularly if you are a resident of states like California), you may have certain rights regarding your personal information under laws like the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA). These may include:

• Right to Know/Access: The right to request information about the categories and specific pieces of personal information we have collected about you, the sources of the information, the purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Correct: The right to request correction of inaccurate personal information we hold about you.
• Right to Delete: The right to request the deletion of your personal information, subject to certain exceptions (e.g., completing a transaction, detecting security incidents, complying with legal obligations).
• Right to Opt-Out of Sale/Sharing: We do not "sell" personal information in the traditional sense. We also do not "share" personal information for cross-context behavioral advertising. Therefore, there is no need to opt-out of sale/sharing.
• Right to Non-Discrimination: The right not to be discriminated against for exercising your privacy rights.
• Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information beyond what is necessary for account creation and payment processing, and we do not use it for purposes requiring a right to limit under CCPA/CPRA.

To exercise these rights, please contact us using the information provided in the "Contact Us" section below. We will need to verify your identity before processing your request.

Cookies and Tracking Technologies

We use cookies and similar technologies (like `localStorage`) to operate and improve our website and services. Cookies are small text files stored on your device. Here's how we use them:

• Essential Cookies: These are necessary for the website to function correctly. They include cookies used for user authentication and session management (via Clerk), security (e.g., CSRF protection), and enabling core site features like payment processing (via Stripe). These cannot be disabled through our systems.
• Analytics Cookies: We use cookies provided by Vercel Analytics and Vercel Speed Insights to collect aggregated data about website traffic and user interaction patterns. This helps us understand how our site is used and improve its performance and content.
• Functional Technologies: We may use technologies like `localStorage` to remember your preferences or choices, such as whether you have dismissed the newsletter signup banner.

We do not use third-party cookies for targeted advertising across different websites.

You can typically control cookies through your browser settings. Most browsers allow you to view, manage, delete, and block cookies for a website. Please note that if you disable essential cookies, some parts of our website may not function properly.

Third-Party Websites

Our website may contain links to other websites not operated by us. If you click on a third-party link, you will be directed to that third party's site. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We strongly advise you to review the Privacy Policy of every site you visit.

Children's Privacy

Our services are not intended for individuals under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you believe that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to remove that information from our servers.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top. You are advised to review this Privacy Policy periodically for any changes. Changes are effective when they are posted on this page.

International Data Transfers

Your information may be transferred to and maintained on servers and databases located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us, please be aware that we transfer personal information to the United States and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law. We will provide notification via email to the email address associated with your account, or by prominent notice on our website, as soon as reasonably practicable and as permitted by law enforcement and any measures necessary to determine the scope of the breach and restore the integrity of our systems.

Automated Decision Making

We do not use your personal information for automated decision-making that produces legal effects or similarly significantly affects you. All significant decisions that affect your access to or use of our Services involve human review.

Marketing Communications

With your consent, we may send you marketing communications about our products, services, and promotions. You can opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your communication preferences in your account settings
• Contacting us at mike@systemsculpt.com

Please note that even if you opt out of marketing communications, we may still send you transactional or administrative messages related to your account or purchases.

Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the information concerned and the context in which we collect it:

• Contract: Processing necessary to perform our contract with you (e.g., providing Services you purchased)
• Legitimate Interests: Processing necessary for our legitimate interests (e.g., fraud prevention, network security)
• Consent: Where you have given consent for processing (e.g., marketing communications)
• Legal Obligation: Processing necessary to comply with legal requirements

Your Privacy Rights by State

Depending on your state of residence, you may have additional privacy rights:

• California (CCPA/CPRA): Rights to know, delete, correct, opt-out of sale/sharing, and non-discrimination
• Virginia (VCDPA): Rights to access, correct, delete, data portability, and opt-out of targeted advertising
• Colorado (CPA): Rights to access, correction, deletion, data portability, and opt-out of targeted advertising
• Connecticut (CTDPA): Similar rights to Virginia and Colorado
• Utah (UCPA): Rights to access, deletion, portability, and opt-out of targeted advertising

Special Information for Nevada Residents

Nevada residents have the right to opt-out of the sale of certain personal information to third parties. We do not currently sell personal information as defined under Nevada law. However, if you are a Nevada resident and would like to submit a request regarding the sale of your personal information, please contact us at mike@systemsculpt.com.

Verification of Identity

When you exercise your privacy rights, we may need to verify your identity before processing your request. Verification methods may include:

• Matching information you provide with information we have on file
• Requiring you to log into your account
• Asking you to provide additional information to confirm your identity

We will only use information provided for verification to verify your identity or authority to make the request.

Authorized Agents

You may designate an authorized agent to make privacy rights requests on your behalf. To do so, you must:

• Provide the agent with written permission to act on your behalf
• Verify your identity directly with us
• Provide us with proof of the agent's permission to submit requests on your behalf

Shine the Light Law

California's "Shine the Light" law (Civil Code Section 1798.83) permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

Updates to Contact Information

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us. You can update your information through your account settings or by contacting us.

Links to Other Policies

This Privacy Policy should be read in conjunction with our other policies:

• Terms of Service
• Cookie Policy
• Acceptable Use Policy
• DMCA Policy

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at:

Email: mike@systemsculpt.com
Website: systemsculpt.com
For privacy-specific inquiries: privacy@systemsculpt.com