Privacy
Policy

We know you won't read this. We wrote it anyway. LAST UPDATED: MAY 2026 · VERSION 1.1

This Privacy Policy explains how The Button ("thebutton.club", "we", "us", "The Council") collects, uses, and protects your personal information when you visit our website or make a purchase.

We take your privacy seriously. We are not in the business of selling your data. We are in the business of selling button presses. These are very different businesses.

If you are located in the European Union, this policy complies with the General Data Protection Regulation (GDPR). If you are located in California, this policy complies with the California Consumer Privacy Act (CCPA). If you are located elsewhere, the relevant parts still apply to you.

1. Who We Are

The Button is operated by an individual based in the EU. For the purposes of GDPR, we are the data controller of your personal information.

Contact: support@thebutton.club

2. What Data We Collect

We collect only what we need. Nothing more. Here is exactly what that is:

Data	Why We Collect It	How Long We Keep It
Your name (as provided at checkout)	To display on the Hall of Fame and personalize your certificate	Until you request removal
Email address	To send your order confirmation and link to your certificate	3 years or until deletion requested
Payment information	To process your purchase. We never see or store your full card details. Stripe handles this entirely.	We don't store it. Stripe does, per their own policy.
IP address	Fraud prevention and chargeback dispute evidence	90 days
Purchase timestamp	Order records and chargeback dispute evidence	7 years (legal requirement)
Consent checkbox timestamp	Record that you agreed to our Terms before purchasing	7 years (legal requirement)

We do not collect: your social security number, passport details, medical information, biometric data, or anything else we have no business knowing.

3. How We Use Your Data

We use your data for exactly four things:

Fulfillment: recording your press and adding you to the Hall of Fame
Communication: sending your order confirmation and certificate via email
Legal protection: maintaining records in case of payment disputes or chargebacks

We do not use your data for: targeted advertising, selling to third parties, building marketing profiles, or anything that would make you uncomfortable if you knew about it.

4. Legal Basis for Processing (GDPR)

For users in the European Union, our legal basis for processing your data is:

Contract performance (Article 6(1)(b)): processing your name and email to fulfill your order
Legal obligation (Article 6(1)(c)): retaining transaction records as required by law
Legitimate interests (Article 6(1)(f)): fraud prevention and chargeback protection

5. Who We Share Your Data With

We share your data with exactly three third parties, all necessary to operate the site:

Stripe: payment processing. Stripe is PCI-DSS compliant and handles all payment data. We never see your full card number. Stripe's Privacy Policy →
Supabase: database hosting for the Hall of Fame and order records. Data is stored on servers within the EU. Supabase's Privacy Policy →
Resend: transactional email delivery. Your name and email address are transmitted to Resend solely to send your order confirmation. Resend does not use this data for any other purpose. Resend's Privacy Policy →

We do not sell your personal information. We do not share your data with advertisers, data brokers, or any other party not listed above. California residents: we do not sell personal information as defined under the CCPA. If we ever receive a legal request for your data from a government or law enforcement agency, we will notify you unless prohibited by law from doing so.

6. The Hall of Fame

By making a purchase, your name (as provided) is displayed publicly on our Hall of Fame page. This is part of the product you purchased.

If you wish to have your name removed from the Hall of Fame, contact us at support@thebutton.club. We will process removal requests within 30 days. Removal from the Hall of Fame does not constitute a refund. Your press still counts, it just goes anonymous.

You may also choose to appear as "Anonymous" at the time of purchase if you prefer not to have your name displayed publicly.

7. Cookies

This site sets no first-party cookies. The only cookies are set by Stripe on their hosted checkout page for payment processing and fraud prevention, per Stripe's policy.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not use Google Analytics. We do not want to know that much about you.

8. Your Rights (GDPR & CCPA)

Depending on your location, you have the following rights regarding your personal data:

Right of access: request a copy of all data we hold about you
Right to rectification: request correction of inaccurate data
Right to erasure: request deletion of your data (the "right to be forgotten")
Right to restriction: request that we limit how we use your data
Right to data portability: request your data in a machine-readable format
Right to object: object to processing based on legitimate interests
Right to withdraw consent: where processing is based on consent

Note: Some data must be retained for legal reasons (transaction records, consent timestamps) regardless of deletion requests. We will always tell you clearly what we can and cannot delete and why.

To exercise any of these rights, contact us at support@thebutton.club. We will respond within 30 days. We do not charge for these requests.

If you are in the EU and believe we have mishandled your data, you have the right to lodge a complaint with your local data protection authority.

9. Data Security

We take reasonable technical and organizational measures to protect your data against unauthorized access, loss, or misuse. These include:

HTTPS encryption on all pages
Payment data handled entirely by Stripe (PCI-DSS Level 1 compliant)
Database access restricted to authorized systems only
No storage of full payment card details on our servers

No system is perfectly secure. In the unlikely event of a data breach that affects your personal data, we will notify you and the relevant authorities as required by law.

10. Data Transfers Outside the EU

Stripe processes payments globally and may transfer data outside the EU. Stripe maintains Standard Contractual Clauses (SCCs) and other appropriate safeguards for such transfers. Our database (Supabase) is hosted within the EU.

11. Children's Privacy

The Button is not intended for anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has made a purchase on our site, contact us immediately at support@thebutton.club and we will take appropriate action.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date at the top. For significant changes, we will notify you by email if we hold your email address.

Your continued use of the site after changes constitutes acceptance of the updated policy. If you disagree with any changes, you may request deletion of your data at any time.

13. Contact

For any privacy-related questions, data requests, or concerns, contact us at:
support@thebutton.club

We aim to respond to all privacy inquiries within 5 business days and all formal data subject requests within 30 days.

We respect your privacy. We are just here to charge you money to press a button. These two things are not mutually exclusive.

PrivacyPolicy