Privacy Policy

1. Information we collect

1.1 Information you provide directly:

• Email address — when you subscribe to schema drift alerts or contact us. Used only to send the service you signed up for and to communicate about that service.
• GitHub handle — when you submit a contribution to the open-source repository. Shown publicly as a contributor.
• Payment information — when you subscribe to Pro. We use Stripe, Inc. to process payments. We do not receive, store, or process your credit card number; payment data is handled entirely by Stripe under their privacy policy.

1.2 Information collected automatically:

• Analytics data — if you have consented, we use PostHog to collect anonymised usage data (pages visited, features used, browser type, approximate geographic region). No personally identifiable information is included in analytics without consent.
• Log data — our hosting provider (Cloudflare) may collect standard server log data (IP addresses, request timestamps, URLs) as part of normal CDN operation. This is governed by Cloudflare's privacy policy.
• Cookies — see Section 4.

1.3 Information we do not collect:

• We do not collect API keys, store credentials, or receive any data from third-party platforms (Shopify, Stripe, ShipStation, etc.) that you configure using our integration code. Integration code runs entirely in your own environment.

2. How we use your information

We use the information we collect to:

• Provide, operate, and improve the Services;
• Send you schema drift alerts and service-related communications you have requested;
• Process Pro subscription billing through Stripe;
• Respond to your enquiries and support requests;
• Detect and prevent fraud, abuse, and security incidents;
• Comply with legal obligations;
• Conduct anonymised analytics to understand how the Site is used (subject to your consent).

We do not sell your personal information. We do not use your information for advertising.

3. How we share your information

3.1 Service providers. We share information with third-party vendors who assist in operating the Services, including:

• Stripe — payment processing for Pro subscriptions. Governed by Stripe's privacy policy.
• Resend — transactional email delivery for schema drift alerts and service notifications.
• PostHog — product analytics (anonymised, consent-gated).
• Cloudflare — website hosting and CDN.

These providers are authorised to use your information only as necessary to provide services to us.

3.2 Open-source contributions. GitHub handles and contribution content submitted to our public repository are visible publicly on GitHub and on the Site as attribution.

3.3 Legal requirements. We may disclose your information if required by law, court order, or government authority, or to protect our rights, safety, or the safety of others.

3.4 Business transfers. If we are acquired by or merged with another entity, your information may be transferred as part of that transaction. We will notify you in advance of any such transfer.

We do not share your personal information with third parties for their own marketing purposes.

4. Cookies

Essential cookies (no consent required): We use session and security cookies necessary for the Site to function. These cannot be disabled without breaking the Service.

Analytics cookies (consent required): If you consent via our cookie banner, PostHog sets analytics cookies to track anonymised usage patterns. You may withdraw consent at any time via the cookie settings link in the Site footer.

We do not use advertising, tracking, or third-party marketing cookies.

5. Data retention

6. Your rights

Depending on your location, you may have the following rights regarding your personal information:

For all users:

• Access — request a copy of personal information we hold about you.
• Correction — request correction of inaccurate information.
• Deletion — request deletion of your information, subject to legal retention obligations.
• Objection / opt-out — opt out of analytics by declining cookies or withdrawing consent at any time.

EEA, UK, and Switzerland (GDPR): You additionally have the right to data portability, to restrict processing, and to lodge a complaint with your supervisory authority. Our lawful bases for processing are: contract performance (Pro subscriptions), legitimate interests (security, fraud prevention), legal obligation (tax records), and consent (analytics, marketing emails).

California residents (CCPA/CPRA): You have the right to know what personal information we collect and how it is used, to delete your information, to opt out of its sale (we do not sell personal information), and to non-discrimination for exercising these rights.

To exercise any of these rights, contact us at privacy@dahlia47.com. We will respond within 30 days (or within the timeframe required by applicable law).

7. International data transfers

The Site is operated from Colorado, United States. If you access the Site from outside the United States, your information may be transferred to and processed in the United States and other countries where our service providers operate. We take reasonable steps to ensure that such transfers comply with applicable data protection law.

8. Children

The Services are not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at privacy@dahlia47.com and we will delete it promptly.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will indicate the revised date at the top and, for material changes, provide notice via the Site or by email to affected users.

10. Contact

For privacy enquiries or to exercise your rights: privacy@dahlia47.com. Dahlia47 LLC, 1500 N Grant St Ste N, Denver, CO 80203, US.