# itsbubbe.com — Privacy Policy
_Last updated: [DATE]_
> **Marketing site only.** This Privacy Policy covers visitors to `itsbubbe.com`. It does not cover information handled by the Bubbe payment application itself; that information is governed by the HIPAA Notice of Privacy Practices published by your healthcare provider.
## 1. Who we are
This site is operated by **STL Agency LLC** ("STL," "we," "us"), 525 N 11th St Ste 710, Philadelphia, PA 19123. Contact: `aaron@stlagency.net`.
## 2. What we collect
When you visit `itsbubbe.com`, we collect:
**Server logs.** IP address, user-agent string, referrer, requested URL, and timestamp. Retained for ninety (90) days for security and debugging purposes.
**Information you give us.** If you fill out a contact form or email us, we collect the information you provide (typically name, email, and the contents of your message).
We do **not** use third-party advertising or behavioral-tracking cookies on this site. We do not sell visitor information.
## 3. Cookies and similar technologies
The site uses a single first-party session cookie for security purposes. We do not use Google Analytics, Meta Pixel, or any other third-party analytics or advertising tracker on this site as of the date above. If we add basic analytics in the future, we will use a privacy-respecting tool that does not require user consent under GDPR or CPRA, and we will update this Policy.
## 4. How we use what we collect
We use the information we collect to:
- Operate and secure the site.
- Respond to inquiries you send us.
- Send follow-up email about Bubbe if you ask us to.
- Comply with legal obligations.
## 5. Who we share it with
**Hosting provider.** The site is hosted on Google Cloud Platform. Server logs and content reside there.
**Email.** Email you send to `aaron@stlagency.net` is delivered through Google Workspace.
**Legal disclosures.** We will disclose information if required by law, subpoena, or court order, or to protect our rights or the safety of others.
We do not share visitor information with marketing partners, data brokers, or advertisers.
## 6. PHI on this marketing site
This site is not a HIPAA-covered channel. Do not send protected health information through the contact form or by email. If you are a healthcare provider interested in evaluating Bubbe, contact us first to arrange a Business Associate Agreement before sharing any patient information.
## 7. Your choices
**Email.** You can email `aaron@stlagency.net` at any time to ask what information we hold about you, to ask us to delete it, or to opt out of any follow-up email.
**Cookies.** You can clear or block cookies in your browser; doing so does not affect the informational use of this site.
**Do Not Track.** We do not respond to browser Do Not Track signals because we do not track visitors across sites.
## 8. California, EU, and other regional rights
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) including the right to know what personal information we hold, the right to delete it, and the right to opt out of any sale or sharing for cross-context behavioral advertising. We do not sell or share personal information for advertising purposes.
If you are in the European Union or the United Kingdom, you have rights under the General Data Protection Regulation (GDPR) including access, rectification, erasure, restriction of processing, data portability, and objection. The lawful basis for our processing of your information is legitimate interest (operating and securing the site) and, for inquiries you send us, your consent.
To exercise any of these rights, write to `aaron@stlagency.net`. We will respond within thirty (30) days.
## 9. Children
The site is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided information through the site, write to `aaron@stlagency.net` and we will delete it.
## 10. Security
We take reasonable measures to protect information collected through the site, including TLS for all connections, restricted server access, and logging. No internet transmission is perfectly secure; we cannot guarantee absolute security.
## 11. Changes
STL may update this Policy by posting a revised version on this site. Changes are effective when posted.
## 12. Contact
Questions about this Policy: `aaron@stlagency.net`.