Last updated April 26, 2026. Plain-English summary of what gets collected, where it goes, and what your rights are. Not a substitute for legal advice — if you have questions specific to your jurisdiction or industry, talk to a lawyer.

Privacy Policy

NerdTechs is a one-person service operated by Mike. This page describes what happens to the information you share when you submit a ticket or browse the site.

What I collect

Intake details. Your name, email, optionally your company, and the contents of your ticket — including any attachments you upload.
Conversation history. Every email between us about your ticket, plus any internal notes I take while working on it.
Payment metadata. Stripe processes the charge. I see the amount, currency, and a Stripe customer ID — never your full card number, CVV, or bank details.
Network data. Your IP address at submission time, used for rate limiting and bot mitigation.
Anonymous analytics. Page views and basic interaction events via Vercel Analytics. No third-party advertising trackers.

How I use it

Your data is used to deliver the support you paid for: reading your ticket, drafting a reply, sending follow-ups, processing the payment, and keeping a record of what was discussed for future reference. I may use an LLM (currently via OpenRouter) to help me draft responses faster — every reply still passes through me before it's sent. I do not sell your data, share it with advertisers, or use it to train public AI models.

Knowledge-base articles

Resolved tickets sometimes turn into anonymous articles in the public /answers archive — they teach the next person who Googles the same problem. Before publishing, I run a PII-scrubbing step that removes your name, email, company, domain, tenant IDs, and any specific identifiers. The published version describes the technical pattern; it does not identify you. If you'd rather your ticket never be used this way, just say so in the intake form (there's a notes field) and I won't.

Service providers I use

These third parties process some of your data on my behalf. Each is bound by their own privacy policy:

Stripe — payment processing.
Supabase — database storage and ticket attachments (private bucket, not publicly accessible).
Resend — outbound transactional email and inbound reply parsing.
OpenRouter — large-language-model inference for draft generation and PII scrubbing.
OpenAI — text embeddings (numerical fingerprints) for similarity search across past tickets and KB articles.
Cloudflare Turnstile — bot mitigation on the intake form.
Vercel — hosting and anonymous analytics.
Sentry (optional) — error reporting if enabled. Stack traces and request metadata only; never your ticket content.

Cookies

The admin console uses an authentication cookie so I can stay logged in. The public site does not set tracking or advertising cookies. Vercel Analytics uses anonymous, cookie-less measurement.

Data retention

Ticket content is kept indefinitely so I have history to draw on for follow-up questions. Raw inbound email payloads are kept up to 180 days for debugging deliverability issues. Rate-limit log entries roll off after a couple of hours. Payment records are retained for as long as required by tax and accounting regulations.

Your rights

You can ask me to send you a copy of everything I hold about you, or to delete your ticket data, at any time. Submit a ticket and mark it as a privacy request — the $29 triage fee is refunded for data-rights requests, and I'll respond within 14 days. Note: payment records that I'm legally required to retain (tax purposes) cannot be deleted on request.

Security

Data is transmitted over HTTPS. The database uses row-level security policies that deny access by default. Attachments are stored in a private bucket with MIME-type allowlists and a 10 MiB size cap. The admin console is protected by magic-link authentication and an allowlisted email. I'm not Fort Knox, but I take reasonable, modern precautions.

Children

This service is intended for adults running a business or managing tech for one. I don't knowingly collect data from anyone under 16.

Changes to this policy

Material changes will be announced at the top of this page for at least 30 days before taking effect. The “last updated” date reflects the current version.

Contact

Questions, requests, or concerns: submit a ticket and mark it as a privacy request. The $29 triage fee is refunded for privacy and data-rights inquiries.