Privacy
Last updated: May 2026
Short version
We collect the bare minimum needed to operate the service. We don't sell your data, we don't run third-party ads, and we don't email your buyers without your consent.
What we collect
Sellers: email (for sign-in), name (optional), store metadata (store name, slug, bio, avatar, primary color), Stripe Connect account id when applicable, and product data you create.
Buyers: email (captured by Stripe Checkout), payment metadata returned by Stripe (last 4 digits, country, card brand), and a record of the order. We do not see or store full card numbers — Stripe handles them.
Cookies
We use one cookie: a session cookie set by our auth library to keep you signed in. No analytics cookies, no advertising cookies, no third-party trackers.
Where it lives
- Account & product data → Neon Postgres (EU region)
- Product files & cover images → Cloudflare R2 (private bucket)
- Payments → Stripe (PCI-compliant)
- Emails → Resend
- Hosting → Vercel
How long we keep it
Account and order data are kept as long as your account is active. After you delete your account, we keep order records for accounting/tax purposes (typically 7 years under European law), then permanently delete.
Your rights (GDPR)
You have the right to access, rectify, delete, restrict, port, and object to the processing of your personal data. Email hello@thinkspark.dev with your request — we respond within 30 days.
Children
The service is not directed at children under 16. We do not knowingly collect their data.
Changes
We may update this notice. Material changes are emailed to registered users 14 days before they take effect.
Contact
Data controller: Thinkspark · hello@thinkspark.dev