Sacred Notes
Sacred NotesWestern Wall
Légal

Politique de Confidentialité

Last updated: May 7, 2026

1. Overview

Sacred Notes ("we", "us", "our") is a business registered and operating in Las Vegas, Nevada, USA. We operate the website sacrednotes.org and provide a physical note-delivery and rabbi blessing service. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

This Policy complies with applicable US federal and state privacy laws including the Nevada Revised Statutes Chapter 603A (Nevada Online Privacy Law / SB 220), the California Consumer Privacy Act (CCPA/CPRA), and the US Federal Trade Commission Act. For users in the European Economic Area (EEA) or United Kingdom, this Policy also addresses compliance with the General Data Protection Regulation (GDPR) and UK GDPR.

2. Information We Collect

We collect only the minimum information necessary to provide the Service:

  • Contact information: Your name (optional) and email address, used to send delivery confirmation.
  • Note content or uploaded image: Used exclusively to print and place your note at the Western Wall. We do not read, analyse, or retain note content beyond the delivery process.
  • Payment data: All payments are processed by PayPal, Inc. We never receive, store, or process your credit card or bank account details. PayPal's privacy policy governs their handling of your payment data.
  • Technical data: Basic server logs (IP address, browser type, access time) retained for up to 30 days for security and fraud prevention purposes only.
  • Photographs: If you voluntarily upload a photo as part of a blessing order, it is stored securely and used solely for that order.

We do not use behavioural advertising beyond Meta Pixel (used for ad measurement only) or third-party analytics that profile you. We do not use automated decision-making that produces legal or similarly significant effects.

3. Legal Basis for Processing (GDPR)

If you are located in the EEA or UK, our legal bases for processing your personal data are:

  • Contract performance (Art. 6(1)(b) GDPR): Processing your name, email, and note content to fulfil your order.
  • Legitimate interests (Art. 6(1)(f) GDPR): Server logs for security and fraud prevention, where our interests are not overridden by your rights.
  • Legal obligation (Art. 6(1)(c) GDPR): Retaining transaction records as required by applicable law.

4. How We Use Your Information

Your information is used solely to:

  • Print and place your note at the Western Wall
  • Send you a delivery confirmation email
  • Process your payment via PayPal
  • Respond to customer support enquiries
  • Maintain security and prevent fraud
  • Comply with legal obligations

We will never sell, rent, share, or publish your note content or personal information to any third party for marketing, advertising, or commercial purposes.

5. Third-Party Service Providers

We use a limited number of trusted third-party providers solely to operate the Service:

  • PayPal, Inc. - payment processing. Subject to PayPal's Privacy Policy.
  • Supabase, Inc. - database and file storage, hosted on AWS infrastructure. Data processed under a Data Processing Agreement.
  • Vercel, Inc. - website hosting and content delivery.
  • Resend, Inc. - transactional email delivery (confirmation emails only).
  • Meta Platforms, Inc. - Provides advertising analytics. We use Meta Pixel (browser-side) and the Meta Conversions API (server-side) to measure ad effectiveness and improve targeting of our Facebook and Instagram ads. Meta receives hashed identifiers (email, name, IP, browser metadata) only for visitors who consent to advertising cookies. Meta's data practices: https://www.facebook.com/privacy/policy.
  • Tawk.to Inc. - Provides our optional live chat support widget. When enabled, Tawk collects visitor IP, browser metadata, and chat-message content for the duration of any chat. The widget loads only for visitors who consent to it.

All providers are required to process your data only on our instructions and in accordance with applicable data protection law.

6. International Data Transfers

Sacred Notes is operated from Las Vegas, Nevada, USA. Our infrastructure is primarily hosted in the United States. If you are located in the EEA, UK, or another jurisdiction with data transfer restrictions, your personal data will be transferred to and processed in the United States.

For EEA/UK users, such transfers are carried out under the EU Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent transfer mechanisms. Where our service providers operate from Israel, transfers are additionally covered by the European Commission's adequacy decision for Israel (Decision 2011/61/EU).

By using the Service, you acknowledge and consent to the transfer of your personal data to the United States, where data protection laws may differ from those in your country.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include encrypted database storage, access controls, and secure HTTPS transmission. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant supervisory authorities as required by applicable law.

8. Data Retention

We retain personal data only as long as necessary:

  • Note content and uploaded images: Deleted within 90 days of delivery confirmation, unless you request earlier deletion.
  • Email address and transaction records: Retained for up to 3 years for legal, tax, and dispute resolution purposes.
  • Server logs: Deleted after 30 days.

You may request deletion of your personal data at any time (see Section 9).

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): Request deletion of your data, subject to legal retention obligations.
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.

California residents (CCPA/CPRA): You have the right to know what personal information is collected, to delete it, to opt out of sale (we do not sell personal information), to correct inaccurate information, and to non-discrimination for exercising these rights. Authorised agent requests are accepted with written proof of authorisation.

Nevada residents (Nevada Revised Statutes Chapter 603A / SB 220): Nevada law grants you the right to opt out of the sale of covered personal information. We do not sell personal information as defined under Nevada law. If you wish to submit an opt-out request or have questions, contact us at privacy@sacrednotes.org.

To exercise any of the rights described above, contact us at privacy@sacrednotes.org. We will respond within 45 days (extendable by a further 45 days where reasonably necessary with prior notice). We may require identity verification before fulfilling your request. We will not discriminate against you for exercising your privacy rights.

10. Cookies

We use Meta Pixel and the Meta Conversions API to measure and improve our advertising on Facebook and Instagram, and the Tawk.to live chat widget to provide visitor support. For visitors in the European Union, United Kingdom, Switzerland, EEA, Brazil, and California, these tools load only after you opt in via our consent banner. For other regions, these tools load by default; you can opt out at any time using the "Cookie settings" link in our footer. We do not run other third-party advertising networks, retargeting platforms, or behavioural analytics products.

11. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected personal data from a person under 18 without verified parental consent, we will delete that information promptly. If you believe we have inadvertently collected such information, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated date and, where required by law, by email. Your continued use of the Service after any changes constitutes acceptance of the updated Policy. If you do not agree to the revised Policy, please discontinue use of the Service.

13. Contact & Complaints

For privacy-related questions, requests, or to exercise your rights, contact us at:

US residents: If you believe we have violated your privacy rights, you may also file a complaint with the Federal Trade Commission at ftc.gov, or with your state attorney general's office.

EEA/UK residents: If you are located in the EEA or UK and believe we have not adequately addressed your concern, you have the right to lodge a complaint with your local data protection supervisory authority (e.g., the UK ICO at ico.org.uk).

We take all privacy concerns seriously and will respond within the timeframes required by applicable law.

← Retour à l'Accueil