Privacy Policy

Last updated: 2026-05-15.

This Privacy Policy explains what personal information chadlewine.com (the “Site,” operated by Chad Lewine, an individual sole proprietor based in the Commonwealth of Pennsylvania, United States) collects, why we collect it, how we use and share it, and the choices you have. Capitalized terms not defined here have the meaning given in our Terms of Service.

1. Information We Collect

Account and contact information. When you create an account, subscribe to email updates, or place an order, we collect your email address and (optionally) your display name, first and last name, and mailing address (street, city, state, postal code, country).

Order and transaction information. When you make a purchase, we receive a record of what you bought, the amount, the time of purchase, your Stripe customer identifier, and (for physical goods) your shipping address. We do not store your full payment card number; payment details are handled directly by Stripe.

Marketing-consent and unsubscribe data. We record the time and source of any marketing consent you give (account signup, subscribe form, or checkout opt-in) and any subsequent unsubscribe or preference change, including the unsubscribe token and request method.

Email engagement data.We track aggregate email delivery, open, and click activity for both transactional and marketing email using Resend. This helps us improve our communications and detect deliverability issues. We also derive an internal engagement score and tags (for example, “customer,” “buyer:digital,” “subscriber:active”) used to segment campaigns.

Audit events. We log a structured event record for material account interactions (subscribe, purchase, email-sent, email-opened, email-clicked, account-deleted, and similar) for fraud prevention, debugging, and accounting.

Device and log data. Our infrastructure providers (Vercel, Supabase, Cloudflare, Bunny.net) automatically receive standard server-log information when you access the Site, including IP address, user agent, request path, response status, and timestamp. We use this only for operating, securing, and debugging the Site.

Cookies and similar technologies. The Site sets authentication cookies (managed by Supabase, named sb-access-token and sb-refresh-token) when you sign in, so that subsequent requests can be identified as yours. Cloudflare Turnstile may set its own short-lived tokens to verify that form submissions are from a human. We do not use third-party advertising cookies, cross-site tracking pixels, or analytics platforms such as Google Analytics, Meta Pixel, Mixpanel, or Segment.

2. How We Use Information

We use the information described above to:

(a) Process and fulfill your orders, including sending order confirmations and download links;
(b) Authenticate you, maintain your account, and provide order history and download recovery;
(c) Send transactional email (order confirmations, password resets, email-change confirmations, download recovery);
(d) Send marketing email to people who have opted in, and segment those campaigns based on engagement and purchase history;
(e) Operate, secure, debug, and improve the Site;
(f) Comply with legal obligations, including tax, accounting, and recordkeeping requirements;
(g) Prevent fraud and abuse.

3. How We Share Information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share information only with the service providers that help us operate the Site:

Stripe, Inc.— payment processing, customer billing, fraud detection, and the customer billing portal. Stripe receives your email, billing address, and payment details directly. Its terms apply to that processing.

Resend— email delivery for both transactional and marketing email. Resend receives your email address, message contents, and delivery/open/click events.

Printify, Inc.— on-demand fulfillment of physical merchandise. Printify receives your name, shipping address, and the line items needed to produce and ship your order.

Supabase— database, authentication, and file storage. Supabase hosts the authentication records and application data that make the Site work.

Bunny.net— content delivery and media hosting for images, audio, and video.

Cloudflare— bot protection through Cloudflare Turnstile on forms.

Vercel— web hosting and application runtime.

We may also share information when required by law (for example, in response to a subpoena, court order, or other legal process), to protect our rights or the safety of others, or in connection with a sale, merger, or transfer of all or part of the business (in which case any successor must honor commitments materially consistent with this Policy).

4. Email Marketing and Unsubscribe

Marketing email is sent only to people who opt in by creating an account, subscribing through a form, or checking the marketing box at checkout. We record the time and source of each opt-in. Every marketing email includes a one-click unsubscribe link tied to a unique token; clicking it removes you immediately. You may also update marketing preferences from your account page or request manual removal at portal@chadlewine.com. Transactional email is sent regardless of marketing preferences because it relates to your account or a specific transaction.

5. Data Retention

We retain account and order records for as long as needed to provide the service and to satisfy our legal obligations (typically at least seven years for financial records under U.S. tax law). When you request deletion of your account, we remove your authentication record and revoke active sessions, and we stop marketing to you. Order, financial, and audit records associated with completed purchases are retained as required by law and accounting practice but are no longer used for marketing.

6. Your Choices and Rights

Access and update. While logged in, you can view and update your display name, first/last name, mailing address, marketing preferences, and email address from your account. You can also view your order and download history there.

Unsubscribe. Use the link in any marketing email, your account settings, or email portal@chadlewine.com.

Deletion. Email portal@chadlewine.com to request account deletion. We will remove your authentication record and stop marketing to you. Order, financial, and audit data are retained as described in section 5.

California residents (CCPA/CPRA). If you are a California resident, you have the right to know what personal information we collect, to request a copy of that information, to request deletion (subject to the retention exceptions above), and to opt out of any sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising. To exercise these rights, email portal@chadlewine.com from the address associated with your account; we may need to verify your identity before responding. We will not discriminate against you for exercising these rights.

Residents of the United Kingdom, European Economic Area, and other jurisdictions with comprehensive privacy laws. You may have rights to access, correct, delete, restrict, or object to certain processing of your personal information, and the right to data portability. Our lawful bases for processing are: (i) performance of a contract (orders, account services); (ii) consent (marketing email); (iii) legitimate interests (security, fraud prevention, service improvement); and (iv) legal obligation (tax, accounting). To exercise rights or withdraw consent, email portal@chadlewine.com. You also have the right to lodge a complaint with your local supervisory authority.

7. International Data Transfers

Chad Lewine is based in the United States, and our service providers operate primarily in the United States. If you access the Site from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States and other countries where our providers operate, which may have data-protection laws different from those of your country.

8. Security

We use standard industry safeguards to protect personal information: HTTPS in transit, encrypted storage at rest with our infrastructure providers, scoped API keys, principle-of-least-privilege database policies (row-level security), CAPTCHA on authentication forms, rate-limiting on sign-in and password-reset flows, and a secure password-reset flow that does not reveal whether an email is registered. No system is perfectly secure; if you have reason to believe your account has been compromised, contact us at portal@chadlewine.com.

9. Children

The Site is not directed to children under 13 and we do not knowingly collect personal information from anyone under 13. If you are a parent or guardian and believe your child has provided us with personal information, contact us at portal@chadlewine.com and we will delete it.

10. Do Not Track

The Site does not respond to browser Do Not Track signals because there is no industry-standard interpretation. We do not use cross-site tracking and do not sell or share personal information for behavioral advertising, regardless of any DNT setting.

11. Changes to This Policy

We may update this Policy from time to time. Material changes will be announced via email to active subscribers and noted at the top of this page with a revised “Last updated” date. Your continued use of the Site after changes take effect constitutes acceptance of the revised Policy.

12. Contact

Questions, requests, or complaints about this Policy or about our handling of your personal information? Email portal@chadlewine.com.

Sponsor Chad Lewine

Make a one time patronage payment

$