Privacy Policy for EmailBits

Last Updated: March 18, 2026

1. Introduction

EmailBits, operated by Ignite Bright, LLC ("we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information when you use https://emailbits.co.

By using the Service, you agree to the practices described in this policy.

2. Information We Collect

2.1 Account Information
When you create an account (via magic link or Google OAuth), we collect:
- Your email address
- Your name (if provided by Google OAuth)

2.2 Payment Information
When you make a purchase, payment is processed by Stripe. We do not store your full card number or CVV. We store only Stripe-assigned identifiers (customer ID, subscription/price ID) and your subscription status to manage your access to the Service.

2.3 Brand Kit Data
If you use the Brand Kit feature, we store your brand settings (logo URL, brand colors, fonts) in our database to personalize your editing experience.

2.4 Custom Tokens
If you create custom tokens in the editor, those token names and values are stored in your account.

2.5 User-Created Content
Templates and components you create, fork, or save in the Service are stored in our database and associated with your account.

2.6 Usage and Analytics
We use PostHog to collect behavioral data including page views, button clicks, feature usage (e.g. checkout started, upgrade CTA clicked), and navigation patterns. If you are signed in, this data is linked to your account (user ID and email) so we can understand how real users move through the product. If you are not signed in, data is collected anonymously. This data is used solely to improve the Service.

2.7 Cookies and Session Data
We use cookies and browser storage to maintain your authenticated session (via Supabase Auth). We also use cookies for analytics and to remember your preferences.

3. How We Use Your Information

- Authenticate your account and maintain your session
- Deliver the features you have purchased (template access, editor, AI generation)
- Process and manage payments and subscriptions via Stripe
- Send transactional emails (magic link sign-in, purchase confirmations)
- Store and retrieve your Brand Kit, custom tokens, and user-created content
- Analyze aggregate usage to improve the Service
- Comply with legal obligations

We do not send marketing emails without your consent.

4. Third-Party Services

The Service relies on the following third-party providers, each with their own privacy practices:

- Supabase — authentication and database hosting (supabase.com/privacy)
- Stripe — payment processing (stripe.com/privacy)
- PostHog — product analytics; if signed in, your user ID and email are linked to behavioral events (posthog.com/privacy)
- Amazon Web Services (AWS) — CDN and asset storage for template preview images
- Anthropic — AI template generation (anthropic.com/privacy); prompts and outputs may be processed by Anthropic per their usage policies
- Google — OAuth sign-in (policies.google.com/privacy)
- Crisp — in-app customer support chat (crisp.chat/privacy)

We do not sell your personal information to any third party.

5. Data Storage and Security

Your data is stored in Supabase (PostgreSQL) with row-level security policies. We implement industry-standard security measures. However, no method of internet transmission or electronic storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your account data for as long as your account is active. If you request deletion of your account, we will delete your personal information within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records).

7. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

8. Your Rights

You may at any time:
- Access or correct your personal information via your account dashboard
- Request deletion of your account and associated data by emailing support@emailbits.co
- Opt out of any marketing communications using the unsubscribe link in any email we send

If you are located in the EEA or UK, you may have additional rights under GDPR, including the right to data portability and the right to lodge a complaint with a supervisory authority.

9. Changes to This Privacy Policy

We will post updates to this page and refresh the "Last Updated" date at the top. For significant changes, we will notify you by email. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

10. Contact Us

For privacy-related questions or requests, contact us at: support@emailbits.co