Dewluts

Privacy Policy

Last updated: June 2026

1. What we collect

We collect only what we need to run the store and deliver your products:

  • Email address — when you purchase, subscribe to updates, sign in with Google, or request a free filter.
  • Name and avatar — if you sign in with Google, we receive your display name and profile picture from Google.
  • Purchase information — order total and product IDs, to fulfil your order and generate download links.
  • Download activity — timestamps and counts when you download a file, to enforce token limits and prevent abuse.

2. How we use it

  • To deliver your purchased files via time-limited download links.
  • To send order confirmation emails with your download links.
  • To send occasional product updates if you opted in — you can unsubscribe at any time via the link in any email.
  • To manage your account and subscription.
  • To detect and prevent abuse (e.g., rate limiting on download endpoints).

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Third-party services

We use the following services to operate the store. Each has its own privacy policy linked below.

  • Stripe — payment processing. We never store your card details; Stripe handles all payment data. Stripe Privacy Policy
  • Google OAuth— account sign-in. When you click "Sign in with Google," Google shares your name, email, and profile picture with us. We do not receive your Google password or payment methods. Google Privacy Policy
  • Resend — transactional email (order confirmations, download links). Resend Privacy Policy
  • Vercel — hosting and analytics. Vercel Analytics is cookieless and does not track you across sites. Vercel Privacy Policy
  • Cloudflare — file storage (R2) for product deliverables. Files are private and only accessible via signed, time-limited URLs.

4. Cookies

We set a session cookie when you sign in (next-auth.session-token) so you stay logged in. We do not set advertising, tracking, or analytics cookies. Vercel Analytics is cookieless. If you do not sign in, no cookies are set.

5. Data retention

We keep your account and order data for as long as your account is active, or until you request deletion. Download logs are kept for 12 months for abuse prevention, then deleted. Webhook event records are kept for 90 days.

6. Your rights

You may request access to, correction of, or deletion of your personal data at any time by emailing hello@dewluts.com. We will respond within 7 days. If you are in the EU or UK, you also have the right to lodge a complaint with your local data protection authority.

7. Contact

Questions about this policy? Email hello@dewluts.com.