Legal
Privacy Policy
Last updated: January 1, 2026
Schramm Sites ("we," "our," "us") is committed to protecting your privacy. This policy explains what information we collect when you use our website and client portal, how we use it, and your rights regarding your data.
1. Information We Collect
Account information
When you create an account on the Schramm Sites client portal, we collect your name, email address, and phone number. This information is used to identify you, send project-related communications, and issue invoices.
Business information (onboarding questionnaire)
Through our client onboarding process, we collect detailed information about your business: business name, type, description, location, size, age, website goals, target audience, brand colors, and competitor references. This information is used exclusively to design and build your website.
Order and project information
We collect details about the services you order, including your selected plan, add-ons, and page selections. We track project progress through our portal.
Uploaded files and assets
You may upload logos, images, documents, and other files as part of your project. These are stored securely and used solely in the design and delivery of your website.
Communications
We retain email communications and support requests you send us to manage your project and improve our service.
2. What We Do Not Collect
- Payment card information - all payment processing is handled entirely by Stripe. We never see or store your card numbers, bank details, or billing information.
- Tracking or advertising cookies - we do not use cookies for advertising, tracking across third-party websites, or behavioral profiling.
- Sensitive personal data - we do not collect Social Security numbers, government IDs, health information, or financial account data.
3. How We Use Your Information
- Deliver and manage the web design services you ordered
- Communicate with you about your project, milestones, and deliveries
- Send invoices, receipts, and payment reminders through Stripe
- Provide post-launch support and follow-up training
- Improve our onboarding process and service quality
- Comply with legal obligations
We do not sell, rent, or share your personal information with third parties for their marketing purposes.
4. Third-Party Services
We use the following trusted third-party services to operate our platform. Each has its own privacy policy and security practices:
Supabase
Our database and authentication provider. All user accounts, order data, and uploaded files are stored in Supabase, hosted on AWS infrastructure. Data is protected by Row Level Security (RLS), ensuring each user can only access their own data.
Stripe
All payment processing is handled by Stripe. When you pay a Schramm Sites invoice, you interact with Stripe's secure platform directly. We receive confirmation of payment but never handle your card details. Stripe is PCI DSS Level 1 certified.
Vercel
Our website and client portal are hosted on Vercel's infrastructure. Vercel may process IP addresses and request metadata as part of normal web hosting operations.
Resend
Transactional emails (order confirmations, project updates, support messages) are delivered through Resend. We share your email address and the content of these communications with Resend for delivery purposes only.
5. Data Storage & Security
Your data is stored in Supabase's secure cloud database, hosted on AWS. We implement the following security measures:
- Row Level Security (RLS) policies ensure you can only access your own data
- All data transmitted between your browser and our servers is encrypted via HTTPS/TLS
- Authentication is handled by Supabase Auth with secure session management
- Uploaded files are stored in private storage buckets accessible only to you and the designer
No system is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at schramm.sites@gmail.com.
6. Data Retention
We retain your account and project data for as long as your account is active or as needed to provide services. After project completion, we retain records for a minimum of 3 years for accounting and legal compliance purposes. You may request deletion of your account and associated data at any time (see Your Rights below).
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access - request a copy of the data we hold about you
- Correction - request correction of inaccurate information (you can also update most details directly in your portal settings)
- Deletion - request deletion of your account and personal data
- Portability - request your data in a portable format
- Opt-out of marketing - unsubscribe from any non-transactional emails at any time
To exercise any of these rights, email us at schramm.sites@gmail.com. We will respond within 30 days. Note that deleting your account while an active project is in progress may affect our ability to deliver services.
8. California Residents (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights. We do not sell personal information. You have the right to know what personal information we collect and how it is used, the right to delete your personal information, and the right to non-discrimination for exercising your privacy rights. To submit a CCPA request, contact us at schramm.sites@gmail.com.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For active clients, we will send an email notification when significant changes are made. Continued use of our services after changes are posted constitutes acceptance of the updated policy.
10. Contact
Questions or concerns about this Privacy Policy? We're happy to help.