Skip to content
← Back to home

Privacy Policy

Last updated: July 2, 2026

1. Who We Are

Seedly Communities is operated by Andrew Lee Jenkins LLC ("Company", "we", "us"). seedlycommunities.com is the sales site for Seedly Communities, a community platform sold as source code that buyers deploy from source they own, on infrastructure they control. This Privacy Policy explains how we collect, use, and protect your information when you visit this website, purchase our source code Product, or use a hosted Seedly Communities Service or demo we operate.

2. Information We Collect

Information you provide

  • Name and email address (account signup, waitlist, demo request, or purchase)
  • Payment information (processed by Stripe - we do not store card details)
  • Business information you enter into a hosted Service or demo (posts, messages, courses, events, member records)
  • Files and attachments you upload to a hosted Service or demo
  • Feedback and screenshots submitted via feedback forms

Information collected automatically

  • IP address and browser user agent
  • Page views and site usage (Google Analytics and Microsoft Clarity, set only with your consent)
  • Authentication session data

If you try the live demo, we collect the name and email you submit to send your access link and follow-up emails. Your community's members never interact with this site.

3. How We Use Your Information

  • To provide and operate this website and any hosted Seedly Communities Service or demo
  • To process purchases and deliver the source code Product
  • To authenticate your identity and manage your account
  • To send transactional emails (receipts, license keys, confirmations, notifications)
  • To issue and manage live demo access links
  • To prevent fraud and abuse
  • To improve our website and products through analytics
  • To respond to support requests and feedback

4. Third-Party Services (Sub-Processors)

We use the following third-party services that may process your data:

Infrastructure & Hosting

  • Railway - Hosting and database for this website (waitlist, purchases, licenses)
  • Cloudflare - DNS and network proxy in front of this website
  • Convex - Backend database, real-time sync, and file storage for the hosted live demo (SOC 2 Type II). DPA
  • Vercel - Frontend hosting, CDN, and serverless compute for the hosted live demo (SOC 2 Type II, ISO 27001). DPA

Payments & Email

  • Stripe - Payment processing (PCI DSS Level 1). Privacy Policy
  • SendGrid (Twilio) - Delivery of the transactional and marketing emails we send you
  • Resend - Legacy email delivery provider, retained for a limited set of sends during migration

Analytics & Monitoring

  • Google Analytics - Site analytics (page views, traffic sources), consent-gated
  • Microsoft Clarity - Session analytics (scrolling, interaction heatmaps), consent-gated

Bot Protection

  • Cloudflare Turnstile - Protects our signup and demo-request forms from automated abuse. When you submit one of these forms, Turnstile processes limited technical signals (such as your IP address and browser and device characteristics) to confirm you are human. It does not use tracking cookies for advertising. Privacy Policy

5. Member Data Lives in Your Deployment

When you buy Seedly Communities and deploy it, your members' data (profiles, posts, messages, course progress, event RSVPs) lives entirely in your deployment, on Convex and Vercel accounts you own. We never receive, store, or process your members' data, and we have no relationship with your members. You are the sole data controller for your community.

Member payments in your deployment flow through your own Stripe account, so your members' payment data goes to you and Stripe, never to us. The only personal data we process on this site is your own (demo signup, purchase, and support data as described above).

6. Data Retention

Data you store in a hosted Service is retained for as long as your account is active. Upon account termination, your data will be deleted within 30 days. Purchase records and license keys for the source code Product are retained indefinitely to support lifetime access to updates. Audit logs are retained for 12 months.

7. Data Security

We use industry-standard security measures to protect your data:

  • All data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • OAuth tokens and API credentials encrypted with AES-256-GCM at the application level
  • Payment information processed entirely by Stripe - card data never touches our servers
  • Role-based access controls with granular per-module permissions
  • Full audit logging of data changes with user attribution
  • Webhook signature verification on all inbound integrations
  • Rate limiting on public endpoints

8. Your Rights

You have the right to:

  • Request a copy of the personal data we hold about you
  • Request deletion of your personal data
  • Request export of the data you store in a hosted Service in a portable format
  • Opt out of marketing communications
  • Request correction of inaccurate data
  • Withdraw consent for analytics cookies

To exercise any of these rights, contact us at [email protected].

9. Cookies

We use cookies and similar technologies for authentication (session cookies) and analytics (Google Analytics and Microsoft Clarity). Authentication cookies are essential for the Service to function. Analytics cookies are only set with your consent. You can disable non-essential cookies via the cookie banner or your browser settings.

10. California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know - You can request details about the personal information we collect, use, and disclose about you
  • Right to Delete - You can request deletion of your personal information, subject to certain exceptions
  • Right to Correct - You can request correction of inaccurate personal information
  • Right to Opt Out of Sale - We do not sell your personal information to third parties
  • Right to Non-Discrimination - We will not discriminate against you for exercising your privacy rights

To exercise any of these rights, contact us at [email protected]. We will respond within 45 days as required by law. We do not sell personal information and have not done so in the preceding 12 months.

11. UK and EEA Residents (GDPR)

If you are located in the United Kingdom or European Economic Area, you have the following additional rights under the UK GDPR and EU GDPR:

  • Lawful Basis - We process your data based on: (a) contract performance (to provide the Service), (b) legitimate interest (fraud prevention, service improvement), and (c) consent (analytics cookies)
  • Right to Access - Request a copy of your personal data
  • Right to Rectification - Request correction of inaccurate data
  • Right to Erasure - Request deletion of your personal data
  • Right to Restrict Processing - Request we limit how we use your data
  • Right to Data Portability - Receive your data in a structured, machine-readable format
  • Right to Object - Object to processing based on legitimate interest
  • Right to Withdraw Consent - Withdraw cookie consent at any time by clearing your browser cookies and revisiting the site

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. If you believe your rights have been violated, you have the right to lodge a complaint with your local data protection authority (the ICO in the UK, or your national DPA in the EEA).

12. International Data Transfers

Our infrastructure and service providers listed in Section 4 are located in the United States. If you access our website or Service from the UK or EEA, your data will be transferred to the US. We rely on Standard Contractual Clauses, the EU-U.S. Data Privacy Framework, and adequacy decisions as appropriate to ensure your data is protected in accordance with applicable law. Our sub-processors maintain their own SCCs and DPAs which are linked in Section 4.

13. Children

Our Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact

For privacy-related inquiries, contact us at [email protected].