Privacy Policy

What we collect

When you join the waitlist, we collect your email address. When you redeem an access code or browse the hub, we set a short-lived cookie tracking your session. When you click through to a third-party storefront (Etsy, Shopify, Gumroad, Whop, TeePublic), we record the click against your session for attribution.

How we use it

• Send you waitlist + early-access emails (Resend).
• Recommend products for your persona (we infer a coarse category — designer/developer/marketer/etc — from your signup signals).
• Attribute outbound clicks to specific UTM campaigns.
• Operate aggregate analytics via PostHog. We do not sell raw event data.

Third-party data

Trovekit does not handle your payment information. When you click "Buy" on a product, you're redirected to the storefront (Etsy, Stripe, etc.) where checkout happens under their terms.

Your rights

Email privacy@trovekit.shop to request a copy of, correction to, or deletion of your data. We'll respond within 30 days. EU/UK residents have GDPR rights; CA residents have CCPA rights.

You can also submit a programmatic request via POST /api/v1/dsar/request with body { "email": "you@example.com", "kind": "export" | "delete" }. We respond within 30 days.

Cookies

Required cookies: session token (gates the hub if hub is private) and access-grant cookie (after code redemption). Optional cookies: PostHog analytics. We show a banner on first visit asking for analytics consent.

Retention

Waitlist emails are kept until you ask us to delete them. Click attribution is retained for 12 months. Session cookies expire after 30 days.

Contact

For privacy questions: privacy@trovekit.shop. For everything else: hello@trovekit.shop.