The short version
We collect only what we need to build your website and process your payment. We don’t sell your data, we don’t run ad networks, and we don’t email you unless it’s about your site. If you ever want your data deleted, reply to any email from us and we’ll handle it.
What we collect
- Intake form. Business name, owner name, email, phone (optional), brand colors, business description, logo (if you upload one), and links you share. Collected when you fill out the Get Your Website form.
- Payment.Stripe processes every payment. We receive the amount, last 4 digits of the card, and a transaction ID — never the full card number. Stripe’s privacy policy is at stripe.com/privacy.
- Site edits.When you use your private manage link, we save the changes you make to your site. That’s it — no keystroke logging, no session replay.
- Server logs. Standard web server logs (IP address, request time, user agent) retained for 30 days for security and debugging.
What we don't collect
- We don’t run third-party advertising trackers.
- We don’t sell, rent, or share your data with data brokers — ever.
- We don’t email you marketing content unrelated to your site.
- We don’t use session replay or behavior recording tools.
How we use what we have
- To build and maintain your website.
- To send emails about your site: intake confirmation, site-ready notification, optional 30-day pay-it-forward reminder.
- To answer you when you reply or ask a question.
- To detect abuse and keep the service running (rate-limiting, spam protection).
Who we share it with
Three service providers — each one only gets what it needs to do its job:
- Stripe — processes payments. Gets your name, email, and the payment amount.
- Resend — delivers transactional email. Gets your email address and the message content.
- Anthropic (optional)— when AI copy enhancement is enabled, your intake information is sent to Anthropic’s Claude API to help write your site copy. Anthropic does not train on API inputs. Details at anthropic.com/legal/privacy.
We share data with law enforcement only when legally required.
How long we keep things
- Your site stays up as long as you want it up. You can delete it any time.
- Intake data is retained indefinitely unless you ask us to delete it.
- Server logs are rotated every 30 days.
- Payment records are retained by Stripe per their policies and, for tax purposes, for as long as applicable law requires.
Your rights
You can see everything we have, export it, correct it, or delete it. Email brandon@blessamission.comand we’ll respond within 7 days. If you’re in the EU or UK, these are your GDPR rights; if you’re in California, these are your CCPA rights. Same policy applies to everyone.
Cookies
We use a single first-party cookie for admin authentication (admin_token). We do not use third-party tracking cookies or advertising cookies. If you’re only visiting public pages, no cookies are set.
Children
BlessAMission is not intended for children under 13. We don’t knowingly collect data from children — if you believe we have, email us and we’ll delete it.
Changes
When we update this policy, we’ll change the date at the top of this page and — for material changes — email everyone with an active site.
Contact
Brandon at brandon@blessamission.com. Not a form, not a ticket system — a real person replies.