LEGAL
Privacy Policy
Last updated: June 4, 2026
1. Information We Collect
When you place an order, we collect your name, email address, shipping address, and payment information. Payment information is processed securely by Stripe and is never stored on our servers.
We also collect standard web analytics data including IP address, browser type, pages visited, and referring URLs to improve our website experience.
2. How We Use Your Information
- To process and fulfill your orders
- To send order confirmations and shipping updates
- To respond to customer service requests
- To improve our website and product offerings
- To comply with legal obligations
3. Information Sharing — Data Processors
We do not sell, trade, or rent your personal information to third parties. We share information only with the service providers below — each contractually bound to handle data in line with applicable law and only for the purposes listed — and as required by law.
- Stripe (payment processing, subscription billing, tax calculation) — receives name, billing/shipping address, email, and card data. Card data never touches our servers.
- Supliful (order fulfillment, drop-shipping) — receives name, shipping address, and order line items to ship your products.
- Resend (transactional + marketing email delivery) — receives email address, name, and message content to send order confirmations, shipping notifications, and marketing emails.
- Supabase (database hosting, user authentication, order records) — stores account credentials (passwords are hashed), order history, and rewards data.
- Vercel (web hosting, edge functions, web analytics) — receives standard server-log data (IP address, user agent, requested URL) for site delivery and traffic analysis.
- Sentry (error monitoring) — receives anonymized error telemetry from the website to help us catch and fix bugs. Personal data is scrubbed from error reports where possible.
- Printful (branded merchandise fulfillment, only when you order Scythene gear like hats/tees) — receives name, shipping address, and order details.
- Google Analytics 4 (aggregated traffic analysis) — receives anonymized, aggregated visit data; we do not feed it identifiable customer data.
4. Payment Security
All payment transactions are processed through Stripe, a PCI Level 1 certified payment processor. Your credit card information is encrypted and never touches our servers.
5. Cookies
We use localStorage to maintain your shopping cart. We may use cookies for analytics purposes. You can disable cookies in your browser settings, though this may affect site functionality.
6. Email Communications
When you sign up for our newsletter, founders list, or provide your email for product notifications, we may send you marketing emails. These emails may include tracking technologies (such as open and click tracking) to help us understand engagement and improve our communications.
Every marketing email includes an unsubscribe link. You can opt out at any time by clicking the unsubscribe link in any email, and we will stop sending you marketing communications. Transactional emails (order confirmations, shipping updates, payment notifications) are not affected by unsubscribe requests, as they are necessary to fulfill your orders.
We use Resend as our email service provider to deliver and manage email communications.
7. Your Rights (US — CCPA)
You may request access to, correction of, or deletion of your personal data at any time by contacting us. California residents have additional rights under the CCPA, including the right to know what personal information we collect, the right to delete personal information we hold about you, and the right to opt out of any sale of personal information (we do not sell personal information).
7a. EU / UK Residents (GDPR)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent national laws apply to our processing of your personal data.
Lawful bases. We process personal data on the following GDPR-recognized bases: (a) contractual necessity — to fulfill orders you place, (b) legitimate interests — to operate, secure, and improve our site, prevent fraud, and communicate with you about your orders, and (c) consent — for marketing emails and non-essential cookies.
Your rights. You have the right to access, rectify, erase, restrict processing, port, and object to processing of your personal data. You can withdraw consent for marketing communications at any time via the unsubscribe link or by contacting privacy@scythene.com. You also have the right to lodge a complaint with your national supervisory authority.
International data transfers. Most of our service providers (Stripe, Supliful, Resend, Supabase, Vercel, Sentry, Google) are US-based. Personal data may be transferred to and processed in the United States. Where data is transferred outside the EEA/UK, we rely on the EU Standard Contractual Clauses (SCCs) and equivalent UK IDTA addenda with our processors, supplemented by technical and organizational safeguards.
Data retention. Order and customer-account records are retained for the period necessary to fulfill orders, comply with tax and accounting laws (typically 7 years), and defend legal claims. Marketing email subscriptions are retained until you unsubscribe. You may request deletion at any time subject to those retention obligations.
8. Contact
For privacy-related inquiries, contact us at privacy@scythene.com.
9. Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated effective date.
