Privacy Policy — Bedrock Digital

Effective Date: May 17, 2026 | Last Updated: May 17, 2026

    This Privacy Policy describes how Bedrock Digital ("Bedrock Digital," "we," "us," or "our") collects, uses, discloses, and protects personal information when you use our website builder platform, hosting services, and related services at bedrock-sites.com (collectively, the "Services"). By using our Services, you agree to the collection and use of information as described in this Policy.
  

1. Information We Collect

1.1 Information You Provide Directly

When you use our builder or create an account, we collect information you provide, including:

Category	Examples	Purpose
Identity	Full name, business name	Account creation, site content
Contact	Email address, phone number	Account management, communications
Business	Trade type, services, service areas, city, slogan, business story	Building your website content
Account credentials	Email address, password (hashed)	Client portal authentication
Payment	Billing information (processed by Stripe — we do not store card numbers)	Processing transactions
Content	Photos, logos, custom text you upload	Displaying on your website

1.2 Information Collected Automatically

When you visit our website or use our Services, we may automatically collect:

IP address and general geographic location (country/region)
Browser type and version, operating system
Pages visited, time spent on pages, links clicked
Referring URL (the page that linked you to our site)
Device type (desktop, mobile, tablet)

1.3 Information from Third Parties

We may receive information about you from third-party services you connect to our platform, such as payment confirmation data from Stripe following a successful transaction.

2. How We Use Your Information

We use the information we collect for the following purposes:

Providing the Services: Building, hosting, and managing your website; registering your domain; processing payments
Account management: Creating and maintaining your client account and portal access
Communications: Sending transactional emails (receipts, site launch confirmations, support responses); notifying you of account or service changes
Improving the Services: Analyzing usage patterns to improve our platform, features, and user experience
Legal compliance: Meeting our obligations under applicable law and responding to lawful requests from public authorities
Security: Detecting, preventing, and addressing fraud, abuse, and security incidents

We do not sell your personal information to third parties. We do not use your information to serve you advertisements on third-party platforms.

3. Legal Basis for Processing (applicable where required)

Where applicable law requires a legal basis for processing personal data, we process your information based on:

Contract performance: Processing necessary to provide the Services you purchased
Legitimate interests: Operating and improving our business, preventing fraud, communicating service updates
Consent: Where you have provided explicit consent (e.g., marketing emails, if applicable)
Legal obligation: Complying with applicable laws and regulations

4. How We Share Your Information

We share your information only in the following limited circumstances:

4.1 Service Providers

We share information with trusted third-party vendors who assist us in providing the Services. These vendors are contractually required to protect your information and use it only for the purposes we specify:

Provider	Purpose	Privacy Policy
Supabase	Database and authentication	supabase.com/privacy
Stripe	Payment processing	stripe.com/privacy
Cloudflare	Website hosting and CDN	cloudflare.com/privacypolicy
Name.com	Domain registration	name.com/about/privacy
Resend	Transactional email delivery	resend.com/legal/privacy-policy
Netlify	Serverless function hosting	netlify.com/privacy
Google (OAuth)	Only if you connect Gmail or Google Calendar — minimum scopes; never your Google password	policies.google.com/privacy
Intuit (QuickBooks Online)	Only if you connect QuickBooks — exchanges invoices, estimates, and expenses both ways	intuit.com/privacy

4.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Bedrock Digital, our users, or the public.

4.3 Business Transfers

If Bedrock Digital is involved in a merger, acquisition, asset sale, or similar transaction, your information may be transferred as part of that transaction. We will notify you via email before your information becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Services. After account cancellation, we retain your data for up to 90 days to allow for account reactivation or data export requests, after which it is deleted from our active systems. We may retain certain information longer as required by law or for legitimate business purposes (e.g., financial records for tax compliance).

6. Data Security

We implement industry-standard technical and organizational security measures to protect your information against unauthorized access, disclosure, alteration, or destruction. These measures include:

HTTPS encryption for all data in transit
Bcrypt password hashing (passwords are never stored in plain text)
Row-level security controls on our database
Access controls limiting employee access to personal data
Regular security reviews of our infrastructure

No method of electronic storage or transmission is 100% secure. While we use commercially reasonable security practices, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify you as required by applicable law.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your personal information, subject to certain exceptions
Portability: Receive your data in a structured, machine-readable format
Objection: Object to certain processing of your information based on legitimate interests
Withdrawal of consent: Where processing is based on consent, withdraw it at any time without affecting prior processing

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days. We may require you to verify your identity before processing your request.

7.1 Marketing Communications

If we send marketing emails (separate from transactional service emails), you may opt out at any time by clicking the "unsubscribe" link in any such email or by contacting us directly.

8. Cookies and Tracking Technologies

Our website uses minimal cookies and local storage. We use:

Essential cookies: Necessary for authentication and basic site functionality (e.g., keeping you logged in to the client portal)
Local storage: Saving your in-progress builder state so you don't lose work if you close the browser
Analytics: We may use Cloudflare Web Analytics, which is privacy-friendly and does not use cookies or track individual users across sites

We do not use advertising cookies, cross-site tracking cookies, or third-party behavioral advertising pixels.

9. Children's Privacy

Our Services are intended for adults operating businesses. We do not knowingly collect personal information from individuals under the age of 18. If we learn that we have collected information from a minor, we will delete it promptly. If you believe a minor has provided us with personal information, please contact us at [email protected].

10. Your Website Visitors

When your website (built by Bedrock Digital) is live and visited by your customers, those visitors' data is governed by your own privacy practices as the website owner. You are responsible for your own privacy policy and compliance with applicable laws regarding data you collect through your website (such as contact form submissions). We recommend consulting a legal professional about your obligations as a website operator.

11. International Data Transfers

Bedrock Digital is based in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. By using our Services, you consent to this transfer. We implement appropriate safeguards for international transfers as required by applicable law.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including the right to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell or share personal information as defined under the CCPA. To exercise your California rights, contact us at [email protected].

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and post the updated policy on our website with a new effective date. We encourage you to review this policy periodically. Your continued use of the Services after the effective date of the revised policy constitutes acceptance of the changes.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Bedrock Digital — Privacy Inquiries
Email: [email protected]
Website: bedrock-sites.com

We aim to respond to all privacy-related inquiries within 30 days.