Privacy Policy

Last updated: 2026-04-19

We split this policy into two halves so you can tell what we do today apart from what we plan to do when our subscription billing goes live. Only Section A applies right now. Section B describes what will apply after Phase 4.

Section A — Data we collect today (waitlist only)

What we store

Where it's stored

Waitlist entries are stored on our servers in a Supabase Postgres database hosted in the EU (Ireland) region. Access to this database is limited to the founder using service-role credentials managed via GitHub Actions secrets; the public anon key cannot read the leads table.

Retention: we keep waitlist entries until launch; after launch they are kept for 6 months unless you request deletion.

Your rights (GDPR / CCPA): you can request access, correction, or deletion of your data at any time by emailing privacy@iconicvoices.io. We respond within 30 days.

Why

We use your email to notify you when new titles launch and when the beta opens to paying customers. We do not sell your data.

Third parties (Section A)

Today, the waitlist path has NO third-party tracking. No Meta, TikTok, or Google analytics scripts fire unless you explicitly grant consent via our cookie banner. No social login, no session tracking, no ad-retargeting cookies.

Your rights (Section A)

Section B — Data we'll collect when billing launches (Phase 4 plan)

This section describes the data processing we intend to add once subscription billing goes live (planned Phase 4 of the roadmap). None of this is active today. We document it here so you know what's coming; we will email waitlist members for re-consent before any of this is activated.

Account data

Subscription data

Usage data

Third-party processors (Section B — planned)

Cross-border transfers

For EU/UK users, data transfers to US-based processors (Stripe, possibly Supabase US region) will rely on the EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses where the processor participates. Privacy Shield is deprecated; we do not rely on it.

Cross-references

Standards we follow

We aim to comply with:

Changes to this policy

If we make material changes, we will notify waitlist subscribers by email at least 14 days in advance and update "Last updated" above. If we activate Section B (billing launch), we will require explicit opt-in.

Contact

Privacy questions or data requests: legal@iconicvoices.example. We respond within 72 hours (GDPR timeline).