Privacy Policy

1. Introduction

SignUpBreeze ("we," "us," or "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, who we share it with, and the choices you have.

The Service is operated by Mikhail Kozlov, doing business as 315Design.com.

This Policy applies to all users of the SignUpBreeze platform — including Organizers (users who create and manage events) and Attendees (individuals who register for shifts), whether or not they hold a SignUpBreeze account.

Geographic scope: The Service is available to users in the United States only. It is not directed at residents of the European Union, European Economic Area, United Kingdom, or any jurisdiction subject to the GDPR or UK GDPR. If you are accessing the Service from one of these regions, please do not use it. See our Terms of Service, Section 2, for the full list of excluded jurisdictions.

2. Information We Collect

2.1 Information You Provide Directly

Account holders (Organizers):

• Name and email address
• Password (stored in hashed form — never in plain text)
• Profile information you choose to add
• Organization name and related details
• Two-factor authentication credentials (if enabled)
• Payment information (processed directly by Stripe, Inc. — we do not store card numbers or bank details)

Attendees registering via magic link (guest checkout):

• Name and email address
• Any additional fields defined by the Organizer for a specific event (e.g., phone number, role preference)

All users:

• Content you create or submit, including event descriptions, shift details, and messages

2.2 Information Collected Automatically

When you use the Service, we automatically collect:

• Usage data: Pages visited, features used, actions taken, and timestamps
• Device and browser information: Browser type and version, operating system, screen resolution
• IP address and approximate location (derived from IP; used in part to enforce geographic restrictions)
• Session and authentication tokens
• Referral URLs and traffic sources

We use cookies and similar technologies as described in Section 8 below.

2.3 Information from Third Parties

We may receive limited information from third-party services we integrate with, such as:

• Stripe: Transaction status confirmations and fraud signals
• Cloudflare: Security event data and bot detection signals

3. How We Use Your Information

We use collected information to:

• Provide the Service: Create and manage accounts, events, shifts, and registrations; deliver magic link emails; send confirmation and transactional notifications.
• Authenticate and secure: Verify identity, enforce two-factor authentication, detect and prevent fraud and abuse.
• Enforce geographic restrictions: Use IP address and other signals to identify and block access from excluded jurisdictions as described in our Terms of Service.
• Communicate with you: Send service-related emails (account verification, password resets, event reminders) and, where permitted, product updates or announcements. You may opt out of non-essential communications at any time.
• Improve the Service: Analyze usage patterns, troubleshoot bugs, and develop new features.
• Fulfill legal obligations: Comply with applicable US laws, respond to lawful requests, and enforce our Terms of Service.
• Billing and support: Process payments via Stripe and handle support requests.

We do not sell your personal data to third parties for advertising or marketing purposes.

4. Organizer Responsibilities for Attendee Data

When you use SignUpBreeze as an Organizer, you collect personal data from your Attendees. You are responsible for:

• Having a lawful basis to collect Attendee data.
• Maintaining your own privacy notice for your Attendees if required by applicable law.
• Using Attendee data only for legitimate event coordination purposes.
• Ensuring the Attendees you invite are located in the United States and are not residents of any jurisdiction excluded under the Terms of Service.

5. How We Share Your Information

We do not sell personal data. We share information only in the following circumstances:

5.1 Service Providers

We share data with trusted third-party vendors who process data on our behalf, including:

• Cloud infrastructure and hosting: Laravel Cloud (US-based database and compute)
• CDN and security: Cloudflare, Inc. — Privacy Policy
• Payment processing: Stripe, Inc. — Privacy Policy

All service providers are engaged under contractual terms that restrict their use of your data to providing the relevant service.

5.2 Within Your Organization

If you belong to a SignUpBreeze Organization, other members of that Organization with appropriate permissions may view data associated with shared events.

5.3 Legal Requirements

We may disclose information if required by US law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, the safety of any person, or to investigate fraud.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a materially different privacy policy.

6. Data Storage and Location

All personal data collected through the Service is stored and processed in the United States. We do not transfer personal data outside the United States. We use US-based infrastructure providers (Laravel Cloud, Cloudflare US data centers) and maintain data residency in the US as a core operating principle.

7. Data Retention

We retain data for as long as necessary to provide the Service and comply with legal obligations:

• Active accounts: Data is retained for the duration of the account.
• Deleted accounts: Personal data is deleted or anonymized within 90 days of account deletion, unless we are required to retain it longer by law.
• Guest (magic link) Attendees: Registration data is retained for 6 months after the event date, after which it is deleted or anonymized. Organizers are encouraged to export any records they need to keep before this window closes.
• Billing records: Retained for 7 years as required by US tax and accounting law.
• Anonymized analytics: May be retained indefinitely.

8. Cookies and Similar Technologies

We use cookies and similar technologies to:

• Maintain session state and authentication
• Prevent cross-site request forgery (CSRF)
• Analyze usage and performance (first-party analytics only)
• Store user preferences (e.g., appearance/theme settings)

We do not use third-party advertising cookies or behavioral tracking cookies. Cloudflare may set security and performance cookies as part of its CDN and bot-protection functions; see Cloudflare's Cookie Policy for details.

You can control cookies through your browser settings, though disabling certain cookies may affect Service functionality (particularly authentication and session management).

9. Security

We implement appropriate technical and organizational safeguards to protect your personal data, including:

• Passwords stored using a modern, salted cryptographic hash (never in plain text)
• HTTPS/TLS encryption for all data in transit
• Access controls limiting data access to authorized personnel only
• Two-factor authentication available for all accounts
• Regular security reviews and dependency updates
• Cloudflare-based DDoS protection and bot mitigation

No system is perfectly secure. If you believe your account has been compromised, contact us immediately at [email protected].

In the event of a data breach that poses a risk to users, we will notify affected users promptly and comply with applicable US notification laws.

10. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with their data, please contact us and we will promptly delete it.

11. Your Rights and Choices

You have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Portability: Request your data in a machine-readable format.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

California residents, please see Section 12.

12. California Residents (CCPA / CPRA)

California residents have the right to:

• Know what personal information we collect, use, and disclose.
• Delete personal information we have collected (with exceptions).
• Correct inaccurate personal information.
• Opt out of the sale or sharing of personal information. We do not sell or share personal information.
• Non-discrimination for exercising these rights.

To submit a California privacy request, contact us at [email protected]. We will respond within 45 days as required by law.

13. Communication Preferences

We send the following types of emails:

• Transactional (required): Account verification, password resets, magic link delivery, event confirmation, and critical service notices. These cannot be opted out of.
• Product updates and announcements (optional): Feature releases, tips, and occasional news. You can unsubscribe at any time via the unsubscribe link in each email or through account settings.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice in the Service at least 14 days before changes take effect. The "Last updated" date at the top of this page always reflects the current version.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us:

Operator: Mikhail Kozlov d/b/a 315Design.com
Email: [email protected]