Security & Data Protection

Infrastructure

• ✓Vercel — global edge network for fast, reliable delivery
• ✓Supabase — PostgreSQL database with Row Level Security (RLS) enforced on every table
• ✓Stripe — PCI-DSS compliant payment processing; we never store card details

Encryption

• ✓In transit — all connections use HTTPS/TLS encryption
• ✓At rest — database and backups are encrypted at rest

Authentication

• ✓Supabase Auth — industry-standard authentication with secure session management
• ✓Token-based sessions — short-lived JWTs with automatic refresh

What the Widget Does NOT Do

The StickyCTAs widget is designed to be privacy-friendly. It does not:

• ×Set cookies on your visitors
• ×Use tracking pixels or fingerprinting
• ×Collect personally identifiable information (PII) from visitors
• ×Share data with third parties

For more details, see our privacy and compliance documentation.

Data Retention & Deletion

Your account data is retained while your subscription is active. If you cancel, your data is kept for 30 days in case you change your mind. After 30 days, all account data is permanently deleted. You can also request immediate deletion at any time by contacting us.

Compliance Awareness

StickyCTAs is built with privacy regulations in mind:

• ✓GDPR — no visitor PII collected, no cookies set, data deletion on request
• ✓CCPA — no sale of personal information, transparent data practices

The widget's lightweight, cookie-free design also means zero impact on page speed. For full details, see our Privacy Policy.