Trust, Security & Privacy

This page is maintained by the First-Time Authors Playbook team to answer common security and privacy questions about how we handle your data. It describes our current practices and is editable project content — it is not an independent certification or third-party audit.

Accounts & Authentication

Access to your purchases and downloads requires signing in. Accounts are protected by email-and-password sign-in, with optional Google sign-in. Passwords are never stored in plain text — authentication is handled by our managed backend provider.

Each customer can only view their own orders and files. Access tied to your email address is only granted once that email has been verified.

Payments

Payments are processed by Stripe, a PCI-DSS Level 1 certified payment provider. We do not store or have access to your full card number — card details are entered directly into Stripe's secure checkout.

We retain order records (such as product, amount, and status) so we can deliver your purchase and provide support.

Data Protection & Access Controls

Customer data is stored in a managed database with row-level access rules so each user can only read their own records. Downloadable files live in a private storage bucket and are served through short-lived signed links, never public URLs.

Administrative access is limited to authorized team members through role-based controls.

Data We Collect

We collect the information needed to deliver your purchase and support your account: your name (if provided), email address, and order history. We do not sell your personal data.

Retention & Deletion

We keep account and order records for as long as your account is active or as needed to meet legal and accounting obligations. You can request deletion of your account and associated personal data by contacting us.

Subprocessors

We rely on trusted third parties to operate this service, including Stripe (payments) and our managed cloud backend (database, authentication, and file storage). These providers process data on our behalf under their own security and privacy commitments.

Contact & Security Reports

Have a privacy request or a security concern? Reach out through our contact options and we'll respond as quickly as we can. If you believe you've found a vulnerability, please report it to us before disclosing it publicly so we can address it.

This page reflects our current practices and may be updated over time.