Get started
Legal

Privacy Policy

What we collect, why we collect it, and what we never do with it. Last updated May 5, 2026.

Effective: May 5, 2026

On this page

  1. 1. Quick summary
  2. 2. Who we are
  3. 3. What we collect
  4. 4. Why we collect it
  5. 5. How we share information
  6. 6. How long we keep it
  7. 7. Your privacy rights
  8. 8. California-specific rights
  9. 9. Cookies and tracking
  10. 10. How we protect your data
  11. 11. Children's privacy
  12. 12. Changes to this policy
  13. 13. Contact us

1. Quick summary

The short version: We collect the minimum information needed to build websites for our clients, take payment, and reply to your messages. We don't sell your data. We don't run targeted ad networks. We use Stripe for payments, Resend for email, and Google Analytics 4 (with IP anonymization) to understand site usage in aggregate.

If you're a California resident, you have specific rights under CCPA/CPRA — see Section 8.

2. Who we are

This Privacy Policy describes how Plaza ("we," "us," "our") collects, uses, and discloses personal information when you visit plazasites.com or engage us as a client. Plaza is a sole-proprietor design studio operating in California, USA. The data controller for the purposes of this policy is Plaza, contactable at privacy@plazasites.com.

3. What we collect

Information you give us directly

  • Contact form / start form: name, business name, email, phone (optional), location(s), and any details you write in the comments or questionnaire fields.
  • Kickoff content: any logos, photos, brand assets, copy, and business information you send us to build your site.
  • Payment information: handled by Stripe. Plaza does not receive or store your full card number. We do receive limited transactional data from Stripe — your name, email, billing zip code, last 4 digits of the card, and amount.
  • Email correspondence: messages you send to support@plazasites.com or privacy@plazasites.com.

Information collected automatically

  • Server logs: IP address, browser user-agent, referring URL, requested URL, and timestamp. Retained for up to 30 days for debugging and abuse prevention.
  • Analytics: Google Analytics 4 with IP anonymization enabled. GA4 tracks page views, session duration, approximate location (city level), device type, and traffic source. We do not enable GA4's advertising features or audience signals.
  • Cookies: see Section 9.

4. Why we collect it

  • To respond to inquiries and schedule consultation calls.
  • To build, deliver, and maintain the website you hired us for.
  • To process payments and manage subscriptions.
  • To send transactional emails (booking confirmations, payment receipts, project updates, support replies).
  • To improve our website using aggregate analytics.
  • To prevent fraud and abuse (spam filtering on forms, anomaly detection on payments).
  • To comply with legal obligations (tax records, lawful requests from authorities).

5. How we share information

We don't sell your personal information. We share limited information with the following categories of service providers ("processors") that help us run Plaza:

  • Stripe — payment processing. Stripe's privacy policy.
  • Resend — transactional and marketing email delivery. Resend's privacy policy.
  • Render / Cloudflare — server hosting and DNS for plazasites.com. Standard server logs are processed by these providers as a technical necessity.
  • Google Analytics — aggregate site usage analytics. Google's privacy policy.

We may also disclose information if required by valid legal process (subpoena, court order), to protect our or others' rights, or in connection with a sale or transfer of the business — in which case the acquirer would be bound by this policy or notify you of changes.

6. How long we keep it

  • Server logs: up to 30 days.
  • Contact form submissions: up to 24 months from submission, then deleted unless you become a client.
  • Client records: for the duration of our engagement, plus 7 years after the last invoice (for tax and legal compliance).
  • Email correspondence: up to 7 years.
  • Analytics data: per Google Analytics defaults (currently 14 months at user-level granularity).

You can request earlier deletion of your data at any time — see Section 7.

7. Your privacy rights

Regardless of where you live, you can email privacy@plazasites.com to:

  • Ask what personal information we have about you.
  • Request a correction to information we hold.
  • Request deletion of your information (subject to legal retention requirements — e.g. we must keep tax records for 7 years).
  • Opt out of marketing emails (every marketing email also has an unsubscribe link).
  • Object to certain processing.

We aim to respond within 30 days. We may need to verify your identity before fulfilling requests, especially deletion requests.

8. California-specific rights (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:

  • Right to know what categories of personal information we collect, the sources, the purposes, and the categories of recipients.
  • Right to access the specific personal information we have about you.
  • Right to delete personal information we hold about you (subject to exceptions).
  • Right to correct inaccurate information.
  • Right to opt out of "sale" or "sharing" of personal information. Plaza does not sell personal information as defined under CCPA, and does not share personal information for cross-context behavioral advertising.
  • Right to limit use of sensitive personal information. We do not collect sensitive personal information beyond what's needed to deliver our services.
  • Right to non-discrimination — we won't refuse service or charge you more for exercising these rights.

To exercise any of these rights, email privacy@plazasites.com with the subject line "California Privacy Request" and a description of your request. You may also designate an authorized agent to make a request on your behalf — we'll need written proof of authorization.

9. Cookies and tracking

Plaza uses a small number of cookies:

  • Essential cookies — required for the site and admin dashboard to function (e.g. session cookies). These are exempt from consent requirements.
  • Analytics cookies — set by Google Analytics 4 to measure aggregate usage. We have IP anonymization enabled and do not enable advertising features.

You can disable cookies in your browser settings. The site will still function, though some features may degrade. If you'd like to opt out of GA4 specifically, you can install the Google Analytics Opt-out Browser Add-on.

10. How we protect your data

We use industry-standard practices to protect your information:

  • HTTPS encryption on all pages.
  • Encrypted database storage at rest (provided by our hosting infrastructure).
  • Password-gated admin areas.
  • Limited internal access — only authorized personnel can view client data.
  • Regular review of third-party processors' security practices.

No system is 100% secure. If we become aware of a breach affecting your personal information, we'll notify you and any required regulators in accordance with applicable law.

11. Children's privacy

Plaza's services are intended for businesses and adults. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child, please email privacy@plazasites.com and we'll delete it.

12. Changes to this policy

We may update this Privacy Policy occasionally. The "Effective" date at the top reflects the most recent revision. For material changes, we'll notify clients by email at least 14 days before the new terms take effect.

13. Contact us

Privacy questions or requests: privacy@plazasites.com
General support: support@plazasites.com
Or use our contact form.