Purple PotatoPurple Potato
Back

Privacy Policy

Last updated: May 14, 2026

This Privacy Policy explains how Purple Potato Studio LLC (“Purple Potato,” “we,” “us”) collects, uses, and shares personal data when you use our website design and hosting services (the “Services”).

We are the data controller for personal data described in this Policy. For privacy or data-protection inquiries — including access, correction, or deletion requests — contact us at hello@purplepotato.io.

1. What we collect

Account and billing data. When you sign up for the Services, we collect your name, business name, email address, postal address (if you provide it), and the phone number on your account. When you pay, our payment processor (Stripe) collects your card details — we never see or store full card numbers ourselves; we only receive the last four digits and the issuing brand.

Customer content. Any text, images, or other content you send us for use on your website. This may incidentally include personal data about your own customers (e.g., a testimonial including a name). For that content, you are the data controller and we act as your processor under Article 28 GDPR.

Communications. Emails you send us, and our replies, so we can support you and improve the Services.

Cookies. We use only essential cookies needed to keep you signed in (an authentication session cookie and a CSRF token). We do not run any third-party analytics, advertising, or tracking cookies.

Logs. Our hosting provider (Vercel) and database provider (Neon) automatically log technical metadata about requests: timestamps, IP addresses, user-agent strings, and error traces. We use these for security, debugging, and uptime monitoring.

2. Why we use it (legal bases under GDPR)

  • To provide the Services. Setting up your account, designing and hosting your site, sending change-request acknowledgments, and handling support. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
  • To process payments. Charging your subscription and handling refunds or disputes through Stripe. Legal basis: performance of a contract.
  • To comply with the law. Tax records, accounting, responding to lawful requests from authorities. Legal basis: legal obligation (Art. 6(1)(c)).
  • To secure and improve the Services. Detecting fraud, investigating abuse, improving reliability. Legal basis: our legitimate interest in running a secure, functional service (Art. 6(1)(f)), balanced against your rights.
  • To send transactional emails. Account, billing, and service-related notifications. Legal basis: performance of a contract.

We do not sell your personal data, and we do not use it for advertising or profiling.

3. Who we share it with

We use a small number of trusted service providers (“subprocessors”) to operate the Services. Each is bound by a Data Processing Agreement and applicable safeguards for international transfers:

We may also disclose personal data when we believe in good faith that the law requires it, to enforce our Terms, or to protect the rights, safety, or property of Purple Potato, our users, or the public. If we are involved in a merger, acquisition, or sale of assets, your data may transfer to the new owner subject to this Policy.

4. International transfers

Purple Potato is based in the United States, and our subprocessors operate in the United States and the European Economic Area. If you are in the EEA, the United Kingdom, or Switzerland, your personal data is transferred to the United States. We rely on the European Commission's Standard Contractual Clauses (and any successor mechanism approved by the European Commission) for these transfers, and our subprocessor agreements include those clauses.

5. How long we keep it

  • Account and billing records: for the life of your subscription, plus seven (7) years after cancellation to comply with tax and accounting requirements.
  • Customer content (your website): until your subscription is cancelled. After cancellation we retain a one-time export for thirty (30) days, then delete.
  • Support emails: up to three (3) years from the last message.
  • Server logs:typically up to ninety (90) days, subject to our subprocessors' retention windows.

6. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you and receive a copy.
  • Correct data that is inaccurate or incomplete.
  • Delete data we no longer need (subject to legal retention requirements).
  • Restrict or object to certain processing.
  • Port your data to another provider in a structured, machine-readable format.
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with your local data-protection authority. In the Netherlands this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

California residents have similar rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of any “sale” or “sharing” of personal information (we do not sell or share for cross-context behavioral advertising).

To exercise any of these rights, email hello@purplepotato.io from the address on your account. We will respond within thirty (30) days.

7. Security

We use industry-standard safeguards: TLS encryption in transit, encryption at rest at our hosting and database providers, hashed passwords with bcrypt, role-based access controls, and least-privilege operational practices. No system is perfectly secure; in the unlikely event of a breach affecting your personal data, we will notify affected users and applicable authorities as required by law.

8. Children

The Services are intended for businesses and adults. We do not knowingly collect personal data from anyone under sixteen (16). If you believe a child has provided us personal data, contact us and we will delete it.

9. Changes to this Policy

We may update this Policy from time to time. Material changes will be communicated by email and posted here with an updated “Last updated” date at least fourteen (14) days before they take effect.

10. Contact

Purple Potato Studio LLC
hello@purplepotato.io

Purple Potato Studio LLC — questions? hello@purplepotato.io