Privacy Policy
Last updated: 16 May 2026
1. Information We Collect
We collect the following information when you use our website or make a purchase:
- Email address — collected during checkout via Stripe to deliver your purchase receipt and enable secure access to your ebook.
- Payment information — credit card numbers, PayNow UEN, or other payment details are entered directly into Stripe's secure checkout. We do not store or have access to your full payment card data.
- Purchase records — Stripe session ID, purchase token, book title, amount paid, currency, and timestamp. This allows us to verify your purchase and grant download access.
- Anonymous analytics — page views and visitor geography via Vercel Analytics. This data is aggregated and cannot be used to identify you personally.
- Server logs — IP address, browser type, and request timestamps captured automatically by our hosting provider for security and debugging.
2. How We Use Your Information
We use the information collected solely for the following purposes:
- To process and confirm your ebook purchase.
- To generate and deliver a secure download token and access link.
- To send purchase receipts and transactional emails (via Stripe).
- To detect and prevent fraud or unauthorized access to purchased content.
- To analyse aggregated site traffic and improve user experience.
We do not use your email address for marketing communications unless you explicitly opt in.
3. Parties to Whom Information Is Disclosed
We do not sell, rent, or trade your personal information. Your data is shared only with the following service providers strictly necessary to operate our business:
- Stripe, Inc. — Payment processing, checkout sessions, receipt delivery, and fraud prevention.
- Vercel, Inc. — Website hosting, serverless functions, blob storage for ebook files, and anonymous analytics.
- Flipsnack — Embedded ebook preview viewer (free preview pages only). No purchase or personal data is shared with Flipsnack.
4. Method of Disclosure
All data transfers to third-party services occur via encrypted, industry-standard methods:
- TLS 1.3 encryption — All communication between your browser, our servers, and Stripe is encrypted in transit.
- Stripe API — Purchase metadata (book slug, edition) is transmitted server-to-server using authenticated HTTPS requests with a secret API key.
- Vercel Blob — Ebook PDF files are stored in a private blob store with signed, time-limited access URLs. Files are never publicly listed.
- Webhook verification — Stripe webhook payloads are verified using cryptographic signatures to ensure authenticity.
5. Security Practices
We employ the following safeguards to protect your information:
- No card data storage — We never store, log, or transmit your credit card details. All payment data is handled entirely by Stripe, which is certified PCI-DSS Level 1 compliant.
- Token-based access — Download links contain cryptographically random tokens that expire and are validated on every request. Direct blob URLs are not exposed publicly.
- Session validation — Before serving a download, we verify the Stripe checkout session is paid and matches the requested ebook.
- Password-protected admin — Internal dashboards require a strong password and are not accessible to the public.
- HTTPS everywhere — The entire site is served over TLS with HSTS enabled.
6. Data Retention
Purchase records are retained for as long as necessary to honour download requests, comply with tax obligations, and resolve disputes. You may request deletion of your purchase record by emailing us, provided doing so does not conflict with legal retention requirements.
7. Your Rights
You have the right to access, correct, or request deletion of your personal information. To exercise these rights, contact us at mtm3283@gmail.com.
8. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with a revised "Last updated" date. Continued use of the site after changes constitutes acceptance of the updated policy.
9. Contact
For questions about this Privacy Policy or our data practices, email mtm3283@gmail.com.