Privacy Policy

Last updated: March 29, 2026

1. Information We Collect

When you use our website or services, we may collect the following information:

  • Contact info submitted in Form 1 and Form 2.
  • Website URL and basic business details.
  • Uploaded brand assets or links you provide.
  • Purchase and billing records from the payment provider.
  • Analytics events on the marketing site (page views, form submissions, call clicks), where enabled.
  • Tracking on client sites: For sites we build, we install and test tracking at launch (e.g. call clicks, form submissions) as described in our offer. Form submissions are delivered as stated in the Order Form; when routing to our systems is stated in the Order Form, we process such data in line with this policy and our Terms.
  • Payment is processed through Stripe; we do not store full credit card details.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process your requests and transactions
  • Communicate with you about your projects and our services
  • Send you updates, newsletters, and marketing communications (you can opt out at any time)
  • Respond to your inquiries and provide customer support
  • Detect, prevent, and address technical issues and security threats

3. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Service Providers: We may share information with trusted third-party service providers who assist us in operating our website and conducting our business (e.g., Stripe for payment processing, Supabase for data storage)
  • Legal Requirements: We may disclose information if required by law or in response to valid legal requests
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred

4. Data Security

We implement industry-standard technical and organizational security measures to protect your personal information. While no method of transmission over the Internet or electronic storage is 100% secure, we take reasonable steps to safeguard your data.

Encryption

  • HTTPS/SSL: All website and form traffic is encrypted using HTTPS with SSL/TLS encryption to protect data in transit between your browser and our servers.
  • Encryption in Transit: All data transmitted between our services and third-party providers (Supabase, Stripe) is encrypted using industry-standard protocols.
  • Encryption at Rest: Personal information stored in our database is encrypted at rest by our data storage provider (Supabase) using industry-standard encryption methods.

Payment Security

We do not store, process, or transmit credit card information on our servers. All payment processing is handled by Stripe, a PCI DSS Level 1 compliant payment processor. Stripe is certified to handle card data securely and meets the highest industry standards for payment security. When you make a payment, your payment information is transmitted directly to Stripe and never touches our servers.

Access Controls

  • Authentication: We use secure authentication systems (Supabase Auth) with passwordless magic link authentication to protect account access.
  • Row-Level Security: Our database implements row-level security policies to ensure users can only access their own data.
  • Admin Access: Administrative access is restricted to authorized personnel only and requires server-side authentication.
  • Session Management: User sessions are managed securely using encrypted cookies and session tokens.

Infrastructure Security

  • Hosting: Our website is hosted on Vercel's Edge Network, which provides automatic security updates, DDoS protection, and infrastructure security.
  • Data Storage: Personal information is stored in Supabase, which implements security measures including encryption, access controls, and regular security audits.
  • Regular Updates: We keep our software dependencies and infrastructure components up to date with security patches.

Security Limitations

While we implement reasonable security measures to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data using industry-standard practices. If you have concerns about the security of your information, please contact us immediately.

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention periods are based on the type of data, the purpose for which it was collected, and legal requirements.

Retention Periods by Data Type

  • Form Submissions: We retain form submissions (Form 1 and Form 2) for the project duration plus up to 90 days after completion or termination.
  • Payment and Billing Records: We retain payment and billing information for 7 years from the date of transaction to comply with tax and accounting requirements.
  • Account Information: We retain account information while your account is active. After account closure or 3 years of inactivity, we retain account data for up to 3 additional years for legal and business purposes.
  • Analytics Data: We retain website analytics data for up to 26 months. This data may be anonymized or aggregated after this period.
  • Marketing Communications: We retain your contact information for marketing purposes until you opt out or request deletion, or until 2 years of inactivity.

Early Deletion: You may request deletion of your personal information at any time by contacting us. We will honor your request unless we are required to retain the information for legal, tax, or accounting purposes, or to resolve disputes. When we delete personal information, we will securely delete or anonymize it so it can no longer be associated with you.

Extended Retention: In some cases, we may retain certain information for longer periods when required by law (such as tax regulations), to resolve disputes, enforce our agreements, or for legitimate business purposes. When information is retained for these reasons, we will limit access and use it only for the specific purpose for which it was retained.

6. Your Rights

Depending on your location, you may have certain rights regarding your personal information. We are committed to honoring these rights and will respond to your requests in accordance with applicable law.

Your Rights Include:

  • Right to Access: You have the right to request access to and receive a copy of the personal information we hold about you, including what data we collect, how we use it, and who we share it with.
  • Right to Rectification (Correction): You have the right to request correction of inaccurate or incomplete personal information. We will update your information promptly upon verification.
  • Right to Erasure (Deletion): You have the right to request deletion of your personal information. We will honor your request unless we are required to retain the information for legal, tax, or accounting purposes, or to resolve disputes.
  • Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to transmit that data to another service provider where technically feasible.
  • Right to Restrict Processing: You have the right to request that we limit how we use your personal information in certain circumstances.
  • Right to Object: You have the right to object to processing of your personal information for certain purposes, including direct marketing. You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or contacting us.
  • Right to Withdraw Consent: Where we rely on your consent to process personal information, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to Opt-Out of Sale/Sharing: We do not sell your personal information. If you are a California resident, you have the right to opt-out of the sale or sharing of your personal information (we do not engage in these practices).
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights. We will not deny you services, charge you different prices, or provide you with a different level of service quality for exercising your rights.

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@rocket-refresh.com with:

  • Your full name and email address associated with your account
  • A clear description of the right you wish to exercise
  • Any additional information that may help us verify your identity and process your request

Response Timeframes

We will respond to your request within the timeframes required by applicable law:

  • GDPR (EU/UK residents): We will respond within 30 days, which may be extended by an additional 60 days for complex requests. We will inform you if an extension is needed.
  • CCPA/CPRA (California residents): We will respond within 45 days, which may be extended by an additional 45 days if reasonably necessary. We will inform you if an extension is needed.
  • Other jurisdictions: We will respond as promptly as possible, typically within 30-45 days.

Verification: For security purposes, we may need to verify your identity before processing certain requests. We will only request information necessary to verify your identity and will not use this information for any other purpose.

Appeals: If you are a Colorado, Connecticut, or Virginia resident and we deny your request, you have the right to appeal our decision. Please contact us for information about how to file an appeal.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your preferences and how you use our website. Cookies are small text files that are placed on your device when you visit our website.

Types of Cookies We Use

Essential Cookies (Required)

These cookies are necessary for the website to function properly. They enable core functionality such as authentication and security. We use Supabase to manage user authentication, which sets cookies to maintain your login session. These cookies cannot be disabled as they are essential for the website to work.

Analytics Cookies (Optional)

We use Google Analytics 4 (via Google Tag Manager) to understand how visitors interact with our website. These cookies collect information about your use of our site, including pages visited, time spent on pages, and how you arrived at our website. This helps us improve our website and user experience. Google Analytics sets cookies on our behalf. You can learn more about how Google uses data at Google's Privacy Policy and opt out of Google Analytics tracking using the Google Analytics Opt-out Browser Add-on.

Payment Processing Cookies

When you make a payment, Stripe processes your payment information. Stripe may set cookies on their own domain (stripe.com) to facilitate secure payment processing. These cookies are governed by Stripe's Privacy Policy.

How to Control Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse or accept cookies, and to delete cookies that have already been set. However, disabling essential cookies may limit your ability to use certain features of our website, such as logging into your account.

For more information about managing cookies in your browser, please visit:

8. Third-Party Services

Our website uses third-party services that may collect information about you:

Client sites we build: Tracking tools (e.g. for call clicks and form submissions) may be installed on client sites at launch. Where we process end-user data from client sites as part of retainer or delivery services, we do so in accordance with this policy. A data processing agreement (DPA) is available on request for applicable engagements.

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on this page and updating the "Last updated" date. You are advised to review this privacy policy periodically for any changes.

11. Governing Law

This Privacy Policy is governed by the laws of the State of Texas, United States. If you are located outside the United States, please note that information we collect may be transferred to and processed in the United States.

12. Contact Us

If you have any questions about this privacy policy or wish to exercise your rights, please contact us:

Rocket Refresh
Email: privacy@rocket-refresh.com
Contact: contact@rocket-refresh.com
Website: Start intake

Return to Home