Privacy Policy.

What I collect, what I do with it, and what I will never do with it. Plain English. No legalese filler.

Who runs this site

This site, rivetzco.com, is operated by Jace Alfeche-Dungca ("I," "me," "Rivetz"). Contact: hello@rivetzco.com.

What I collect from visitors

When you visit the site without buying anything or emailing me, I collect very little:

• Standard server logs (IP address, browser type, referring page, pages visited) collected by Vercel, my hosting provider. This is used to monitor site health and aggregate traffic. I do not personally inspect this data.
• Aggregate page-view analytics via Vercel Web Analytics. This counts visits per page but is cookie-free and does not track individuals across sessions or sites. IP addresses are hashed and not stored in raw form.
• I do not use Google Analytics, Facebook Pixel, or any third-party advertising trackers on this site. I do not set any tracking cookies.

What I collect when you email me

When you email hello@rivetzco.com, I collect your email address and the contents of the message. Email is delivered through ImprovMX (which forwards to my Gmail). Stored in my email account until you ask me to delete it.

What I collect when you buy a service

Payment is processed by Stripe via Stripe Checkout. When you complete a purchase:

• Stripe collects: your name, billing email, billing address, and payment method. Stripe processes your card. I never see your card number.
• I receive: your name, email, the product purchased, the amount, and the answers you gave to my custom checkout fields (typically your app URL or repo link).
• Stripe also collects technical data (IP, device info) for fraud prevention. See Stripe's privacy policy.

What I collect during an engagement

If you engage Rivetz for an audit, cleanup, or Guardian retainer, you will give me access to materials needed for the work. Typically:

• Access to your code repository (read-only for audits, write access for cleanup and Guardian engagements as agreed)
• Intake form answers describing your app, business context, and known issues
• Any screenshots, recordings, or documents you choose to share
• Messages exchanged during the engagement

I treat all of this as confidential. See the "What I will not do" section below.

What I do with the data

• Deliver the services you bought
• Email you about your engagement: status updates, deliverables, follow-ups, invoices
• Send the original buyer occasional emails relevant to their account (e.g., scheduled deliverable, renewal reminder)
• Take internal notes after engagements to improve my methodology. These notes are anonymized if I ever share them publicly (no names, no company details, no identifiable code).

What I will NOT do

• Sell, rent, or share your data with third parties for marketing
• Send unsolicited marketing emails. No newsletter unless you opt in.
• Disclose your code, business strategy, or any confidential information to anyone outside the engagement
• Use third-party advertising trackers, analytics pixels, or behavioral targeting
• Make decisions about you using automated profiling

Third-party services I use to run the business

Each of these processes some of your data and has its own privacy policy:

• Vercel (website hosting and server logs): vercel.com/legal/privacy-policy
• Stripe (payment processing): stripe.com/privacy
• ImprovMX (email forwarding): improvmx.com/privacy
• Google Workspace / Gmail (my email): policies.google.com/privacy
• GoDaddy (domain registrar): godaddy.com/legal/agreements/privacy-policy

If you have a paid engagement with me, I may also use the following tools to deliver the work, subject to your access and approval:

• GitHub (where most code lives): github.com/site-policy
• Loom (for recorded walkthroughs I send you): loom.com/privacy
• Slack or Discord (async messaging, if you choose that channel)

How long I keep your data

• Visitor server logs: 30 days, then aggregated or deleted by Vercel
• Inquiry emails: kept in my inbox until you ask me to delete them
• Engagement records and internal notes: kept for 2 years after the engagement ends, then deleted unless you ask sooner
• Stripe transaction records: I retain my own copies for 7 years to satisfy tax and accounting requirements. Stripe's own retention is governed by its policy.
• Code I receive from you: deleted from my local machine within 30 days of engagement end, unless you ask me to retain it for ongoing Guardian work

Your rights

Regardless of where you live, you can ask me to:

• Confirm what data I hold about you
• Provide a copy of that data in a portable format
• Correct anything inaccurate
• Delete it (subject to legal retention requirements like tax records for past purchases)
• Stop processing it for any purpose other than legal obligation

Email hello@rivetzco.com and I will respond within 14 days. If you are in the EU, UK, or California, you may have additional rights under GDPR, UK GDPR, or CCPA. I extend the same rights to all users regardless of jurisdiction.

Children

Rivetz is a B2B service for adult founders. The services are not directed at anyone under 18. I do not knowingly collect data from minors. If you are under 18, please do not submit information through this site.

Security

I take reasonable security measures: hosting on Vercel (HTTPS by default), strong unique passwords, two-factor authentication on all business accounts, and encrypted storage on my local machine. No system is perfectly secure. If a breach occurs that affects your data, I will notify you by email within 72 hours of discovering it.

Changes to this policy

If I update this policy, I will update the "Last updated" date at the top. Material changes (for example, adding analytics, a newsletter, or new third-party processors) will be announced via email to active clients before they take effect.

Contact

Questions, requests, complaints: hello@rivetzco.com.

Operator: Jace Alfeche-Dungca, Rivetz. Based in Virginia, United States.