Privacy Policy
Effective: March 18, 2026 · Last updated: March 18, 2026
This Privacy Policy describes how Daniel A. Romitelli Jr., operating as Crafted By Daniel (“we,” “us,” or “our”), collects, uses, and protects your personal information when you visit craftedbydaniel.com (the “Site”) or purchase access to premium content.
1. Information We Collect
Information You Provide
- Email address — when you sign in via magic link (OTP) through Supabase Auth, purchase premium content, or use the contact form.
- Name and message content — when you submit the contact form.
- Communication preferences — your opt-in or opt-out choice for new blog post notifications.
Information Collected Automatically
- Authentication cookies — session cookies set by Supabase Auth to maintain your login state. These are strictly functional and are not used for tracking or advertising.
- Server logs — standard web server logs including IP address, browser type, and request timestamps, retained for security and rate-limiting purposes.
Payment Information
Payment processing is handled entirely by Stripe. We never receive, store, or have access to your credit card number, CVV, or full billing details. Stripe provides us only with a transaction confirmation, your email address, and a customer identifier. Stripe's privacy policy is available at stripe.com/privacy.
2. How We Use Your Information
- To authenticate your identity and provide access to premium content.
- To process your purchase through Stripe.
- To send you new blog post notifications, only if you opted in.
- To respond to your contact form inquiries via Resend (transactional email).
- To enforce rate limits and protect the Site from abuse.
We do not sell, rent, or share your personal information with third parties for marketing purposes. We do not run third-party advertising or tracking scripts. We do not use analytics cookies.
3. Third-Party Services
We use the following third-party services to operate the Site. Each processes data only as necessary to provide its function:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication, database | Email, user ID |
| Stripe | Payment processing | Email, payment details |
| Resend | Transactional email | Email, message content |
| Vercel | Hosting, edge functions | IP address, request logs |
4. Cookies
We use authentication cookies only. These are strictly necessary for the Site to function and cannot be disabled. They contain encrypted session tokens set by Supabase Auth and expire when your session ends or after a defined inactivity period. We do not use advertising, analytics, or social media cookies.
5. Email Communications
If you opt in to new blog post notifications during sign-up, we will send you an email when new articles are published. These emails are sent via Resend from support@craftedbydaniel.com. You may unsubscribe at any time by clicking the unsubscribe link in any notification email, or by contacting us at the address below. We honor all unsubscribe requests within 48 hours. We comply with the CAN-SPAM Act and do not send unsolicited commercial email.
6. Data Retention
- Account data (email, profile preferences) is retained for as long as your account exists.
- Payment records are retained by Stripe per their data retention policies and applicable tax/legal requirements.
- Server logs are retained for up to 30 days and then automatically deleted.
- Contact form messages are retained for as long as needed to respond to your inquiry.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access — request a copy of the personal data we hold about you.
- Correction — request that we correct inaccurate data.
- Deletion — request that we delete your personal data (subject to legal retention requirements).
- Opt-out — unsubscribe from marketing communications at any time.
- Data portability — request your data in a structured, machine-readable format.
To exercise any of these rights, contact us at support@craftedbydaniel.com. We will respond within 30 days.
8. California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA. We do not sell or share your personal information as defined by the CCPA. We do not use your data for cross-context behavioral advertising. You may exercise your rights by contacting us at the email above.
9. International Visitors
The Site is operated from the United States. If you access the Site from the European Economic Area (EEA), United Kingdom, or other regions with data protection laws, your information will be transferred to and processed in the United States. By using the Site, you consent to this transfer. We process your data based on contractual necessity (to fulfill your purchase) and legitimate interest (to operate and secure the Site).
10. Children's Privacy
The Site is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us and we will promptly delete it.
11. Security
We implement industry-standard security measures including encrypted connections (TLS), secure authentication (Supabase Auth with PKCE flow), server-side rate limiting, and Row Level Security (RLS) on our database. Payment processing occurs entirely on Stripe's PCI DSS-compliant infrastructure.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be noted by updating the “Last updated” date at the top of this page. Continued use of the Site after changes constitutes acceptance of the updated policy.
13. Contact
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: