Rckstrt app iconRckstrt
Sign up
Back to all policies

Privacy Policy

Last Updated: March 13, 2026 Effective Date: March 13, 2026

1. Introduction

This Privacy Policy describes how RCKSTRT ("we", "us", "our") collects, uses, shares, and protects information when you use the RCKSTRT platform, including our website, client workspace, admin dashboard, waitlist and partnership inquiry flows, project intake forms, and related studio services (collectively, the "Service").

By using the Service, you acknowledge that you have read and agree to the data practices described in this Privacy Policy. If you do not agree, do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Account data: email address, authentication credentials managed through our authentication provider, and any optional profile information you choose to provide (such as name or company).
  • Project data: project briefs, requirements documents, descriptions, files, design assets, feedback, approval responses, and all other content you submit to initiate, plan, or manage a project.
  • Partner and creator data: partnership or creator program inquiries, creator profile details, audience or platform information, referral codes, referral activity, payout onboarding information, and related correspondence.
  • Communications: messages, clarification responses, milestone approvals, notes, and other communications you submit through the platform workspace.
  • AI feature inputs: prompts, notes, files, and other context you submit when using AI-assisted features, if available.
  • Payment onboarding: billing contact information, payment method details (processed and stored by Stripe — see Section 2.2), and tax exemption documentation where provided.
  • Support inquiries: messages, attachments, and other information you provide when contacting us for support.

2.2 Payment Information

All payment transactions are processed by Stripe, Inc. RCKSTRT does not store full payment card numbers, card security codes, or full bank account details on our servers. We receive and store from Stripe: payment status, Stripe customer identifiers, payment method identifiers, card brand, card expiration month and year, and the last four digits of the card number (or equivalent for bank accounts). This limited data is used for account management, billing, and refund processing.

When a payment method is saved without an immediate charge (e.g., for waitlist participation), we store Stripe's payment method identifier and a record of your consent. Stripe's privacy practices are described at stripe.com/privacy.

2.3 Automatically Collected Data

When you access the Service, we and our service providers automatically collect:

  • Log data: IP address, browser type and version, operating system, referring URL, pages visited, request timestamps, and HTTP status codes.
  • Device data: device type, device identifiers, screen resolution, and general location derived from IP address (city or region level).
  • Usage data: features used, clicks, form interactions, session duration, and navigation patterns.
  • Cookies and similar technologies: see Section 2.4.

2.4 Cookies and Tracking Technologies

We use the following categories of cookies and similar technologies:

  • Strictly necessary cookies: required for authentication, session management, security, and core platform functionality. These cannot be disabled without breaking the Service.
  • Functional cookies: used to remember your preferences and settings within the platform.
  • Analytics cookies: used to understand how the Service is used in aggregate (e.g., page popularity, error rates). These may be set by third-party analytics providers.
  • Error monitoring: our error monitoring provider (Sentry) may set cookies or use local storage to correlate error events with session context.

Most browsers allow you to control cookies through browser settings. Disabling strictly necessary cookies may prevent the Service from functioning correctly.

2.5 Waitlist and Scheduling Data

If you join a waitlist or request scheduling for a future project:

  • we collect your submitted project brief, project category, preferred timeline, and queue or scheduling preferences;
  • we store your waitlist position, status, and any communications about scheduling or intake decisions; and
  • if a payment method is placed on file for waitlist or scheduling purposes, we store Stripe payment identifiers and consent records as described in Section 2.2.

2.6 AI Feature Processing

When you use AI-assisted features (if and when available), we may transmit your inputs — including prompts, project notes, requirements, and attached files — to third-party AI model providers to generate the requested output. We retain the minimum information reasonably necessary to deliver, audit, and improve those features. AI providers process data under their own privacy policies and may retain inputs and outputs per their data retention terms. We will identify material AI providers in these policies or in our Terms of Service as they are used.

2.7 Information From Third Parties

We may receive information about you from:

  • Authentication providers: if you use a social login or SSO provider, we may receive basic profile information (name, email) as permitted by your settings.
  • Referral sources: if you are referred through a partner or creator referral link, we receive the referral code and associated attribution data.
  • Stripe: payment events, subscription status updates, and dispute notifications via webhook.

3. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Service: manage accounts, process intake, run the workspace, deliver projects, and administer the platform.
  • Process payments and billing: charge, invoice, manage subscriptions, process refunds, handle disputes, and maintain payment records.
  • Manage waitlists and scheduling: queue submissions, communicate scheduling decisions, and plan project intake.
  • Administer partnerships and referrals: evaluate partner and creator applications, track referral attribution, process referral credits, and manage payout onboarding.
  • Communicate with you: send transactional emails (project updates, approvals, payment confirmations, stage notifications), respond to support requests, and deliver platform notifications.
  • Send marketing communications: if you have opted in or are an existing customer, we may send email updates about new features, programs, and announcements. You may opt out at any time (see Section 6.3).
  • Enforce our agreements: detect fraud, misuse, or violations of our Terms of Service, Acceptable Use Policy, or project agreements.
  • Improve the Service: analyze usage patterns, diagnose errors, test new features, and refine the platform experience.
  • Legal compliance: comply with applicable laws, respond to legal process, and enforce or defend our rights.
  • Deliver AI features: transmit inputs to AI providers as necessary to generate requested outputs.

We do not use your personal information for automated decision-making that produces legal or similarly significant effects without human review.

4. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:

  • Contract performance: processing necessary to provide the Service, manage your account, and fulfill project engagements.
  • Legitimate interests: fraud detection, service security, analytics, and platform improvement, where those interests are not overridden by your rights.
  • Legal obligation: processing required to comply with applicable law, regulatory requirements, or court orders.
  • Consent: where we rely on consent (e.g., optional marketing emails, non-essential cookies), you may withdraw consent at any time without affecting the lawfulness of prior processing.

5. How We Share Your Information

We do not sell your personal information. We share information only as described below.

5.1 Service Providers

We share information with third-party service providers acting on our behalf:

ProviderPurposeData Shared
StripePayment processing, subscription billing, payout infrastructurePayment method tokens, billing contact, transaction records
SupabaseAuthentication, database, and file storage infrastructureAccount data, project data, files, session tokens
ResendTransactional and notification email deliveryRecipient email address, email content
SentryError monitoring and performance trackingError context, session identifiers, limited usage data
VercelHosting, edge delivery, and deployment infrastructureRequest logs, IP addresses
AI model providersGenerating outputs for AI-assisted featuresFeature inputs as described in Section 2.6

Service providers are contractually restricted from using your information for purposes other than those described above.

5.2 Legal Requirements and Rights Protection

We may disclose information when we reasonably believe disclosure is necessary to:

  • comply with a law, regulation, legal process, or enforceable government request;
  • enforce our Terms of Service, project agreements, or other policies;
  • detect, prevent, or address fraud, security vulnerabilities, or technical problems; or
  • protect the rights, property, or safety of RCKSTRT, our users, or the public.

5.3 Business Transfers

If RCKSTRT is acquired, merged, or transfers all or a substantial portion of its assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent platform notice before your information becomes subject to a materially different privacy policy as a result of such a transfer.

5.4 With Your Consent

We may share information for other purposes when you give us your explicit consent.

6. Your Rights and Choices

6.1 Access, Correction, and Deletion

You may request access to, correction of, or deletion of your personal information by contacting us at hi@rckstrt.com. We will respond within 30 days. Certain information may be retained as required by law, for legitimate business purposes, or for the duration of an active project engagement.

6.2 California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (as amended by the CPRA):

  • Right to know: request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the categories of third parties with whom we share it.
  • Right to delete: request deletion of personal information we hold about you, subject to certain exceptions (e.g., completing a transaction, security, legal obligations).
  • Right to correct: request correction of inaccurate personal information we hold about you.
  • Right to opt out of sale or sharing: we do not sell or share personal information for cross-context behavioral advertising purposes.
  • Right to limit use of sensitive personal information: we do not use sensitive personal information (as defined under CPRA) beyond what is necessary to provide the Service.
  • Right to non-discrimination: we will not discriminate against you for exercising any of these rights.

To exercise your California privacy rights, contact hi@rckstrt.com with "California Privacy Rights Request" in the subject line. We may verify your identity before processing your request.

6.3 Marketing Communications Opt-Out

You may unsubscribe from marketing emails at any time using the unsubscribe link in any marketing email or by contacting hi@rckstrt.com. Transactional emails related to your account security, active projects, and billing are not optional and will continue as needed to provide the Service.

6.4 Cookie Controls

You can manage cookie preferences through your browser settings. For analytics cookies set by third parties, you may also use opt-out mechanisms provided by those third parties.

6.5 Data Portability

You may request a copy of your account and project data in a portable format by contacting hi@rckstrt.com.

6.6 Rights for EEA and UK Residents

If you are located in the EEA or UK, you have the right to:

  • access your personal data;
  • rectify inaccurate personal data;
  • erase personal data (subject to legal bases for continued retention);
  • restrict processing;
  • object to processing based on legitimate interests;
  • data portability for data processed on the basis of contract or consent;
  • lodge a complaint with your applicable supervisory authority.

7. Data Retention

We retain personal information for as long as necessary to:

  • maintain and provide your account and active project engagements;
  • comply with legal, tax, and accounting obligations;
  • resolve disputes and enforce our agreements; and
  • operate legitimate business functions such as fraud prevention and security.

Typical retention periods:

  • Account data: retained for the life of the account and up to 7 years after account closure for tax and legal compliance purposes.
  • Project data and files: retained for the duration of the project engagement and a reasonable period thereafter for dispute resolution; deleted or anonymized upon written request after project completion.
  • Payment records: retained for at least 7 years to comply with financial recordkeeping laws.
  • Log and usage data: generally retained for 90 days in operational logs; aggregated analytics data may be retained longer in anonymized form.
  • AI feature inputs and outputs: retained for the minimum period required to deliver and audit the feature.

When personal information is no longer needed for the purposes described above, we delete or anonymize it in accordance with our internal data lifecycle procedures.

8. Data Security

We implement technical and organizational security measures designed to protect your personal information against unauthorized access, disclosure, alteration, and destruction. These measures include:

  • encryption of data in transit (TLS) and at rest;
  • role-based access controls limiting internal access to personal data;
  • authentication security enforced through our authentication provider;
  • error monitoring and alerting for anomalous activity; and
  • periodic review of security practices.

No method of transmission or storage is completely secure. In the event of a data breach that creates a material risk of harm to you, we will notify affected users as required by applicable law, which may include notification within 72 hours for EEA/UK users under GDPR obligations and within required timeframes under applicable U.S. state laws.

9. International Data Transfers

RCKSTRT operates primarily from the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States or in other countries where our service providers operate.

For transfers from the EEA or UK, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or equivalent mechanisms as required by applicable law.

10. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we discover that we have inadvertently collected personal information from a child under 18, we will delete it promptly. If you believe we may have collected information from a child, contact hi@rckstrt.com.

11. Third-Party Links and Integrations

The Service may contain links to third-party websites or integrate with third-party services (such as Stripe). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you use in connection with RCKSTRT.

12. Automated Decision-Making

We do not use fully automated decision-making processes that produce legal or similarly significant effects on you (such as automated credit or employment decisions). Project acceptance, partnership approvals, and similar decisions involve human review.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the platform at least 14 days before the changes take effect. The "Last Updated" date at the top of this page reflects the date of the most recent revision. Continued use of the Service after the effective date of a revised policy constitutes your acceptance of the changes.

14. Contact Us

For privacy questions, rights requests, or concerns:

RCKSTRT Email: hi@rckstrt.com Support: hi@rckstrt.com Website: rckstrt.com

To submit a formal privacy rights request, email hi@rckstrt.com with "Privacy Rights Request" in the subject line and include enough identifying information for us to verify your identity.

By using RCKSTRT, you acknowledge that you have read, understood, and agree to the data practices described in this Privacy Policy.