Privacy Policy

Last updated: March 7, 2026

This Privacy Policy describes how Sole Proprietorship Nicolas Cava ("Company", "We", "Us", or "Our") collects, uses, and discloses Your information when You use the nicolascava.com website (the "Service"). It also tells You about Your privacy rights and how the law protects You.

By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation & Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for You to access our Service or parts of our Service.
  • Company (referred to as either "the Company", "We", "Us" or "Our" in this Privacy Policy) refers to Sole Proprietorship Nicolas Cava, 6020 rue René-Auclair, G3E 0E2 Québec, QC, Canada. For the purpose of the GDPR, the Company is the Data Controller.
  • Cookies are small files placed on Your device by a website, containing details of Your browsing history among its many uses.
  • Personal Data means any information that relates to an identified or identifiable individual.
  • Service refers to the Website.
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, page view duration).
  • Website refers to nicolascava.com.
  • You means the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service.

Data We Collect

Personal Data

When You create an Account or purchase a product, We may ask You to provide certain personally identifiable information, including but not limited to:

  • Email address
  • First name and last name
  • Date of birth
  • Gender

Payment Data

When You make a purchase, payment information (such as credit card details) is collected and processed directly by our payment processor, Stripe. We do not store Your full credit card number. We receive and store Your Stripe customer ID, payment intent ID, transaction amount, and currency for record-keeping purposes.

Usage Data

Usage Data is collected automatically when You use the Service. It may include information such as Your browser type, browser version, the pages You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

Location Data

If You grant permission, We may collect and store Your approximate geographic location (latitude and longitude) to provide location-relevant features. You can enable or disable location services through Your device or browser settings.

Cookies & Tracking Technologies

Session Cookie

We use a single essential cookie named session to maintain Your authentication state. This cookie contains an encrypted token (JWT) with Your user ID and expiration date. It is:

  • HttpOnly — not accessible to client-side JavaScript
  • Secure — transmitted only over HTTPS
  • SameSite: Lax — provides CSRF protection
  • Expiration — 7 days by default, or 30 days if You select "Remember me"

Analytics Cookies

Third-party analytics services (described below) may set their own cookies to track usage patterns. These cookies are governed by the respective third-party privacy policies.

How We Use Your Data

We use Your Personal Data for the following purposes:

  • To provide and maintain the Service, including monitoring usage and managing Your Account.
  • To process transactions, including purchases and payments made through the Service.
  • To contact You by email for transactional purposes such as password resets and purchase confirmations.
  • To manage Your requests and respond to inquiries You submit to Us.
  • To improve the Service by analyzing usage patterns, performance metrics, and error logs.

Third-Party Service Providers

We share Your data with the following third-party providers to operate the Service. Each provider processes data according to their own privacy policy.

Stripe (Payment Processing)

We use Stripe to process payments. When You make a purchase, Your email, payment details, and transaction information are sent to Stripe. Stripe's privacy policy is available at stripe.com/privacy.

Resend (Transactional Email)

We use Resend to deliver transactional emails such as password reset links. Your email address is shared with Resend for this purpose. Resend's privacy policy is available at resend.com/legal/privacy-policy.

PostHog (Website Analytics)

We use PostHog to understand how visitors interact with the Service. PostHog operates in cookieless mode on this site, meaning no cookies or local storage are used. No personal data is collected. Anonymous usage data (page views, button clicks) is aggregated using a privacy-preserving hash that cannot identify individual visitors. PostHog's privacy policy is available at posthog.com/privacy.

Axiom (Logging & Monitoring)

We use Axiom for application logging and error monitoring. Logs may contain Your user ID, session events, and error traces. Axiom's privacy policy is available at axiom.co/privacy.

Data Retention

We retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

  • Account data is retained for as long as Your Account is active.
  • Purchase records are retained for accounting and tax purposes as required by applicable law.
  • Password reset tokens expire after 1 hour and are deleted after use.
  • Logs and analytics data are retained according to our third-party providers' retention policies.

Data Security

We take reasonable measures to protect Your Personal Data, including:

  • Passwords are hashed using bcrypt and never stored in plain text.
  • Sessions are managed with encrypted JWT tokens.
  • All data is transmitted over TLS (HTTPS).
  • Payment data is handled entirely by Stripe and never touches our servers.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Your Privacy Rights

General Rights

Depending on Your location, You may have the following rights regarding Your Personal Data:

  • Access — request a copy of the Personal Data We hold about You.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure — request deletion of Your Personal Data, subject to legal retention requirements.
  • Portability — request Your data in a structured, commonly used, machine-readable format.
  • Objection — object to the processing of Your Personal Data under certain circumstances.
  • Withdraw consent — where processing is based on consent, You may withdraw it at any time.

For Users in the European Economic Area (GDPR)

If You are in the EEA, We process Your Personal Data under the following legal bases:

  • Contract performance — to provide the Service You signed up for (account management, purchases).
  • Legitimate interest — to improve and secure the Service (analytics, logging).
  • Consent — for optional data collection such as location data.

You have the right to lodge a complaint with a supervisory authority if You believe Your data protection rights have been violated.

For Users in California (CCPA/CPRA)

If You are a California resident, You have the right to:

  • Know what Personal Data is collected and how it is used.
  • Request deletion of Your Personal Data.
  • Opt out of the sale or sharing of Your Personal Data. We do not sell Your Personal Data.
  • Not be discriminated against for exercising Your privacy rights.

For Users in Canada (PIPEDA)

If You are a Canadian resident, You have the right to access Your Personal Data held by Us, request corrections, and withdraw consent for its collection, use, or disclosure, subject to legal or contractual restrictions.

Children's Privacy

Our Service is not directed to anyone under the age of 18. We do not knowingly collect Personal Data from anyone under 18. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us so We can take steps to remove that information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If You have any questions about this Privacy Policy or wish to exercise Your privacy rights, please contact Us at:

hello@nicolascava.com

Nicolas Cava

Early-stage CTO helping founders build scalable software and teams from MVP to $5M+ ARR without burnout.

LinkedInInstagramThreadsThreads

About Me

More

Legal

Support my work

Your support helps me keep my content free, independent, and consistently valuable.

Buy Me A Coffee

© 2026 Nicolas Cava. All rights reserved.