← Back to home

Privacy Policy

Last updated: May 3, 2026

This Privacy Policy explains how Gavin Shirley (“we,” “us,” “our”) collects, uses, and protects information when you visit gavinshirley.com, sign in to the Studio Portal at app.gavinshirley.com, or interact with websites we build and host on your behalf (collectively, the “Services”).

By using the Services, you agree to the practices described below. If you do not agree, please do not use the Services.

1. Information We Collect

Account information

When you sign in to the Studio Portal, we collect your name, email address, and profile photo. If you sign in with Google, this information is provided by Google through OAuth using the email, profile, and openid scopes. We do not receive your Google password and we do not request access to your Gmail, Google Drive, Google Calendar, or any other Google product data.

Project information

We collect information you provide so we can build and operate your website, including business details, brand assets, photography, copy, customer testimonials, and configuration choices for your Studio Portal subscription.

Payment information

Payments are processed by Stripe. We receive transaction metadata (amount, status, last four digits of the card, billing email) but we never see or store full card numbers. Stripe's privacy policy is available at stripe.com/privacy.

Usage information

We collect aggregate analytics about how the Studio Portal and the websites we host are used (page views, referrer, country, device class, uptime). This data is collected via a first-party analytics beacon and is not sold or shared with third-party ad networks.

Communications

When you message us through the Studio Portal or by email, we retain those messages so we can respond and keep a record of work performed.

2. How We Use Information

We use the information we collect to:

  • Authenticate you and keep your account secure.
  • Build, deliver, and maintain your website and Studio Portal subscription.
  • Process payments and send invoices, receipts, and renewal notices.
  • Respond to your messages and support requests.
  • Send transactional emails (delivery confirmations, monthly reports, change request updates) and, if you opt in, occasional product updates.
  • Detect and prevent abuse, fraud, and security incidents.
  • Comply with legal obligations.

We do not sell your personal information. We do not use your information to train third-party machine learning models.

3. Service Providers

We share information with a small number of vendors that help us operate the Services. Each vendor is contractually obligated to handle your data responsibly:

  • Clerk — user authentication and session management.
  • Convex — application database and real-time sync.
  • Vercel — hosting and content delivery.
  • Stripe — payment processing.
  • Resend — transactional email delivery.
  • Cloudinary — image storage and delivery.
  • Google — OAuth sign-in (only if you choose to sign in with Google).

4. Data Retention

We retain account and project information for as long as your account is active and for a reasonable period afterward to comply with legal, accounting, and reporting obligations. You may request deletion at any time by emailing gavin@gavinshirley.com.

5. Your Rights

Depending on where you live, you may have the right to access, correct, export, or delete the personal information we hold about you, and to object to or restrict certain processing. To exercise any of these rights, email gavin@gavinshirley.com. We will respond within a reasonable timeframe.

You can revoke our access to your Google account at any time by visiting myaccount.google.com/permissions.

6. Security

We use industry-standard safeguards including HTTPS in transit, encryption at rest for sensitive credentials, signed webhook verification, scoped API keys, and per-customer data isolation in our database. No system is perfect, but we work to keep your information safe.

7. Cookies

We use cookies and similar technologies that are strictly necessary to keep you signed in and to keep the Services functioning. We do not use advertising cookies and we do not track you across other websites.

8. Children

The Services are not directed to children under 13, and we do not knowingly collect personal information from children.

9. International Users

The Services are operated from the United States. If you are accessing them from outside the United States, you understand that your information may be transferred to and processed in the United States.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will post the new version at this URL and update the “Last updated” date above. Material changes will also be communicated by email to active account holders.

11. Contact

Questions or requests? Email us at:

gavin@gavinshirley.com

Terms of Service·Home