This Privacy Policy describes how l33t LLC ("we", "us", or "our") collects, uses, and protects your personal information when you use ReadySetHalloween ("the Service").
1. Information We Collect
1.1 Information You Provide
- Email Address: Collected during checkout to send you receipts and download links
- Payment Information: Processed securely by Stripe. We do not store credit card details on our servers
- Photos: Images you upload to transform into Halloween styles
1.2 Automatically Collected Information
- Session IDs: Temporary identifiers for rate limiting and session management
- Usage Data: Information about how you interact with the Service
- Device Information: Browser type, IP address, and device identifiers
2. How We Use Your Information
We use your information to:
- Provide the Service: Process your photos and generate Halloween transformations
- Content Moderation: Automatically scan uploaded images to detect and block illegal, explicit, or harmful content using AWS Rekognition
- Process Payments: Complete transactions and send receipts via email
- Deliver Downloads: Send download links to your email address
- Rate Limiting: Prevent abuse by limiting generations to 10 per hour per session
- Improve the Service: Analyze usage patterns to enhance user experience
- Customer Support: Respond to inquiries sent to contact@readysethalloween.com
3. Data Retention
We automatically delete your data according to the following schedule:
- Uploaded Photos: Deleted after 1 hour (stored temporarily in AWS S3)
- Generated Previews: Deleted after 24 hours
- Purchased Downloads: Download links expire after 24 hours
- Order Records: Deleted after 7 days
- Email Addresses: Retained only for order fulfillment (7 days)
4. Third-Party Services
We use the following trusted third-party services to operate ReadySetHalloween:
Stripe (Payment Processing)
Handles all payment transactions securely. We never see or store your credit card information.
View Stripe Privacy Policy →Amazon Web Services (AWS)
S3 for temporary photo storage (with automatic expiration) and Rekognition for automated content moderation to detect illegal or harmful imagery.
View AWS Privacy Policy →fal.ai (AI Generation)
Processes your photos to create Halloween transformations using AI models.
View fal.ai Privacy Policy →Resend (Email Delivery)
Sends receipts and download links to your email address.
View Resend Privacy Policy →Vercel (Hosting & Analytics)
Hosts the ReadySetHalloween application and processes requests. Vercel Analytics provides privacy-first, cookieless analytics using anonymized data.
View Vercel Privacy Policy →5. Data Security
We implement industry-standard security measures to protect your data:
- HTTPS/TLS Encryption: All data transmitted between your browser and our servers is encrypted
- Secure Storage: Photos stored in AWS S3 with private access controls and signed URLs
- Content Moderation: Automated scanning of all uploaded images using AWS Rekognition to detect and block illegal, explicit, or harmful content before storage
- PCI Compliance: Payment data handled exclusively by Stripe (PCI DSS Level 1 certified)
- No Credit Card Storage: We never see or store your payment information
- Automatic Deletion: Data automatically expires and is deleted according to retention schedules
- Security Headers: Protection against clickjacking, XSS, and MIME sniffing attacks
6. Cookies and Tracking
We use the following tracking mechanisms:
- Session Cookies: Temporary cookies for rate limiting (10 generations per hour)
- Functional Cookies: Remember your preferences and uploaded files during your session
- Vercel Analytics (Cookieless): Privacy-first analytics using anonymized data without cookies. Tracks page views, referrers, and demographics using request hashing that resets daily.
You can disable cookies in your browser settings, but this may affect functionality of the Service. Vercel Analytics does not use cookies and cannot be disabled client-side, but collects only anonymized, non-personal data.
7. Your Rights (GDPR)
If you are located in the European Union, you have the following rights:
- Right to Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate personal data
- Right to Erasure: Request deletion of your personal data (note: most data auto-deletes after 7 days)
- Right to Restrict Processing: Request limitation on how we process your data
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Object to processing of your personal data
- Right to Withdraw Consent: Withdraw consent at any time (does not affect past processing)
To exercise any of these rights, contact us at contact@readysethalloween.com
8. Children's Privacy
ReadySetHalloween is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at contact@readysethalloween.com and we will delete it promptly.
9. International Data Transfers
Your data may be processed and stored in the United States and other countries where our service providers operate. By using ReadySetHalloween, you consent to the transfer of your data to these locations. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.
11. Contact Us
If you have questions about this Privacy Policy or how we handle your data, please contact us:
12. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Your California Rights
- Right to Know: Request disclosure of personal information we collect, use, and share
- Right to Delete: Request deletion of personal information (note: most data auto-deletes within 1-7 days)
- Right to Opt-Out: We do NOT sell or share your personal information for cross-context behavioral advertising
- Right to Correct: Request correction of inaccurate personal information
- Right to Limit Use: Limit use of sensitive personal information (we do not collect sensitive data beyond necessary processing)
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
Categories of Personal Information We Collect
- Identifiers: Email address, session ID, IP address
- Commercial Information: Purchase records, transaction history (retained 7 days)
- Internet Activity: Usage data, generation history, rate limiting data
- Visual Information: Photos you upload (deleted after 1 hour)
- Payment Information: Processed by Stripe (we never see or store card details)
We Do NOT Sell Your Personal Information
ReadySetHalloween does not sell your personal information to third parties for monetary or other valuable consideration. We do not share your personal information for cross-context behavioral advertising.
How to Exercise Your Rights
To exercise any of your California privacy rights, contact us at:
Email: contact@readysethalloween.com
Subject line: "California Privacy Rights Request"
We will verify your identity and respond within 45 days. For data deletion requests, please note that most data is automatically deleted within 1-7 days per our retention schedule.
13. Complaints
If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority (for EU residents) or the appropriate regulatory body in your jurisdiction.