Privacy Policy
Last updated: March 1, 2026
This Privacy Policy describes how SewReady ("we", "us", "our") collects, uses, and protects information when you use the SewReady platform ("Service"). We are committed to protecting the privacy of shop owners, their employees, and their customers.
1. Information We Collect
1.1 Shop Owner & Employee Information
- Name, email address, phone number
- Business name, address, operating hours
- Account credentials (passwords are stored as SHA-256 hashes, never in plaintext)
- Billing information (processed by Snipcart; we do not store credit card numbers)
- Employee names, roles, and schedules
1.2 Customer Information (End Users of Your Shop)
- Name, phone number, email address
- Military unit or organization (optional)
- Order details: garment type, alteration requests, measurements, deadlines
- Order photos uploaded for reference
- Delivery addresses (when using driver pickup service)
1.3 Automatically Collected Information
- IP address and approximate location (via Cloudflare)
- Browser type and device information
- Pages visited and features used
- Timestamps of account activity
2. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|
| Provide the Service (order management, notifications) | All order and customer data | Contract performance |
| Send SMS notifications | Customer phone numbers, order status | Legitimate interest / consent |
| Send email notifications | Customer email addresses, order status | Legitimate interest / consent |
| Process payments | Billing email, subscription plan | Contract performance |
| Customer support | Account information, order details | Legitimate interest |
| Service improvement | Aggregated, anonymized usage data | Legitimate interest |
| Security & fraud prevention | IP addresses, login activity, audit logs | Legitimate interest |
3. Third-Party Service Providers
We use the following third-party services to operate SewReady:
| Provider | Purpose | Data Shared |
|---|
| Cloudflare | Hosting, CDN, database (D1), file storage (R2) | All platform data is stored on Cloudflare infrastructure |
| Twilio | SMS notifications | Customer phone numbers, message content |
| Resend | Email notifications and transactional emails | Customer email addresses, message content |
| Snipcart | Payment processing for subscriptions and hardware | Billing email, plan selection, payment details |
| Anthropic | AI chat assistant (Claude) | Customer chat messages, shop context (name, services) |
Each provider has their own privacy policy. We encourage you to review them. We only share the minimum data necessary for each provider to perform their function.
4. Data Storage & Security
- Database: All structured data is stored in Cloudflare D1 (SQLite-based, globally distributed).
- File Storage: Order photos are stored in Cloudflare R2 (S3-compatible object storage).
- Encryption: All data is encrypted in transit (TLS/HTTPS). Passwords are hashed using SHA-256.
- Access Control: Shop data is isolated by shop_slug. Each shop can only access its own data. Role-based access (owner/manager/employee) limits what each user can do.
- Sessions: Authentication uses HTTP-only cookies with 24-hour expiration.
- Audit Trail: All admin actions are logged with user ID, timestamp, and action details.
5. Data Retention
- Active accounts: Data is retained for the duration of your subscription.
- Cancelled accounts: Data is retained for 30 days after cancellation, then permanently deleted.
- Order photos: Stored for the duration of the account, deleted with the account.
- SMS/Email logs: Delivery receipts are retained for 90 days for troubleshooting.
- Audit logs: Retained for 1 year, then automatically purged.
- Sessions: Expired sessions are deleted automatically.
6. Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your personal data ("right to be forgotten").
- Export: Export your data in CSV format at any time via Settings.
- Opt-out: You can disable SMS and email notifications in Settings.
- Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
6.1 California Residents (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, and disclose.
- Request deletion of your personal information.
- Opt out of the sale of personal information. We do not sell personal information.
- Non-discrimination for exercising your CCPA rights.
6.2 Other State Privacy Laws
We comply with applicable state privacy laws including the Virginia Consumer Data Protection Act (VCDPA) and Colorado Privacy Act (CPA). Residents of these states may exercise their rights by contacting us at the address below.
7. Cookies
- Session Cookie (sewready_session): HTTP-only cookie used for authentication. Expires after 24 hours. Essential for the Service to function.
- No Tracking Cookies: We do not use advertising cookies, analytics cookies, or third-party tracking pixels.
8. Children's Privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.
9. International Data
The Service is hosted on Cloudflare's global network. Data may be processed in the United States and other countries where Cloudflare operates. By using the Service, you consent to the transfer of your data to these locations.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. The "Last updated" date at the top indicates the latest revision.
11. Shop Owner Responsibilities
As a shop owner using SewReady, you are a data controller for your customers' information. You are responsible for:
- Obtaining appropriate consent from customers before collecting their data.
- Informing customers about how their data is used.
- Responding to customer data access or deletion requests.
- Complying with applicable privacy laws in your jurisdiction.
12. Contact
For privacy questions, data requests, or concerns: