1. Who we are
Button Design Studio ("we", "us", "our") operates the website and web application at buttondesignstudio.com, based in Glendale, Arizona, United States. This policy explains what we collect, why, and the choices you have. You can reach us at info@buttondesignstudio.com.
2. Information we collect
We intentionally collect as little as possible. To run the service, we process:
- Email address — used to identify your account and to send transactional email (verification, password resets, receipts, renewal reminders) and occasional service announcements.
- Password — never stored in plain text. Passwords are stored as salted one-way hashes.
- Stripe customer ID and subscription status — so we know which features your plan includes and can show your billing history.
- IP address — processed transiently for security, rate limiting and abuse prevention. It is not retained in a user profile.
- Button designs you create — stored against your account so you can return to them later.
We never see or store your payment card details. Card numbers, CVCs and expiration dates are submitted directly from your browser to Stripe, a PCI-DSS Level 1 certified payment processor. Stripe returns only a customer reference to us.
We do not use analytics cookies, advertising cookies, remarketing pixels, cross-site tracking, device fingerprinting, or behavioral profiling.
3. Cookies
We use only strictly-necessary cookies required to keep you signed in and to deliver the service you requested. They are set with the HttpOnly, Secure and SameSite flags. We do not show a cookie banner because we set no tracking or advertising cookies.
4. Third-party service providers
We share the minimum data necessary with the following providers, all of which are bound by their own privacy commitments:
- Stripe, Inc. — payment and subscription processing. Receives: email address, Stripe customer ID, and payment/subscription metadata. privacy.stripe.com.
- Resend — transactional email delivery. Receives: email address and the contents of the email we send you. resend.com/legal/privacy-policy.
- Cloudflare, Inc. — hosting, DDoS protection, edge delivery, and database. Receives the data you submit to the Service while delivering it. cloudflare.com/privacypolicy.
We do not sell, rent, trade, or "share" your personal information, and we do not share it with advertisers or data brokers.
5. How we use your information
- To create and operate your account and provide the Service you requested.
- To process payments and manage your subscription through Stripe.
- To send transactional email (verification, password reset, receipts, renewal reminders, important service notices).
- To keep the Service secure, prevent fraud and abuse, and improve reliability.
- To comply with US federal and Arizona state legal obligations, including tax and accounting recordkeeping.
6. Data retention
We retain account data for as long as your account is active. Account data is deleted within 30 days after you close your account. Billing records linked to your Stripe customer ID are retained for up to 7 years to meet US tax and accounting requirements. Stripe retains billing records independently under its own schedule.
7. Your choices
You can:
- Access or correct your account information from the /account page.
- Delete your account at any time using the Delete Account button on the /account page. This immediately cancels any active subscription and removes your personal data within 30 days.
- Opt out of non-essential email. Transactional email (security, billing, receipts) cannot be turned off while your account is active, because it is required to deliver the Service.
For any other request, email info@buttondesignstudio.com from the address registered to your account. We respond to verified requests within 30 days.
8. California residents (CCPA / CPRA)
Button Design Studio is a small business and does not meet the revenue or consumer-volume thresholds that make the CCPA/CPRA applicable. Even so, we do not sell or share personal information as those terms are defined under California law, and California residents may exercise the access, deletion, and correction requests described in section 7 on the same terms as any other user.
9. Security
We use industry-standard measures to protect your data, including TLS for all traffic, salted one-way password hashing, access controls, rate limiting on authentication endpoints, and verified Stripe webhooks. No system is perfectly secure, but we take reasonable and appropriate technical and organizational measures to safeguard your information.
10. Children's privacy
Button Design Studio is not directed at children under 13, and we do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA). If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
11. Changes to this policy
We may update this policy from time to time. If the changes are material, we will notify active account holders by email. The "Last updated" date at the top of this page always reflects the most recent revision.