Privacy Policy

Last updated: June 12, 2026

The short version

We collect the minimum needed to run a paid service: your email address and your subscription status. There are no advertising trackers, no third-party analytics cookies, and no sale or sharing of personal data for marketing. The only cookie we set is the one that keeps you signed in.

1. Who is responsible

The data controller is Jeremy Ryan, doing business as xin.bz, New York, United States. Contact: jeremy.ryan@codepause.com.

2. What we collect, and why

• Account data: your email address, sign-in timestamps, and subscription status. Used to authenticate you and operate your subscription (performance of contract).
• Payment data: handled entirely by Paddle, our Merchant of Record. We never see or store card numbers. We receive from Paddle only what's needed to know your subscription state (e.g. "active", "cancelled") and your country for tax purposes. Paddle's processing is described in the Paddle privacy policy.
• Technical logs: our infrastructure provider (Cloudflare) processes IP addresses and request metadata to serve the site, prevent abuse, and maintain security (legitimate interest). Short-retention operational logs only; we run no fingerprinting or behavioral tracking.

3. Cookies

One essential, first-party session cookie (HttpOnly, Secure) keeps you signed in. We use no analytics, advertising, or cross-site cookies — which is why you don't see a cookie banner.

4. Who we share data with

Only the processors required to operate the service:

• Paddle — payments, tax, invoicing (Merchant of Record);
• Cloudflare — hosting, content delivery, security, and data storage;
• an email delivery provider — to send sign-in links and billing notices.

We do not sell personal data and never have. We disclose data only if legally compelled.

5. International transfers

We are US-based; our processors operate global infrastructure. Where data of EU/UK residents is transferred internationally, our processors rely on recognized safeguards such as Standard Contractual Clauses.

6. Retention

Account data is kept while your account exists and deleted within 30 days of account deletion, except records we must keep for tax and accounting law (kept by Paddle as Merchant of Record). Operational logs rotate on short cycles.

7. Your rights

Depending on where you live (GDPR, UK GDPR, CCPA/CPRA, and similar laws), you may have rights to access, correct, delete, export, or restrict processing of your personal data, and to object to processing. Email jeremy.ryan@codepause.com and we will respond within 30 days. You may also lodge a complaint with your local supervisory authority. We do not discriminate against you for exercising these rights.

8. Children

The service is for business use and not directed at children under 16; we do not knowingly collect their data.

9. Changes

We will announce material changes to this policy by email or in the dashboard before they take effect. The "last updated" date above always reflects the current version.