Privacy Policy
This Privacy Policy describes how ChapHaus LLC ("ChapHaus," "we," "us," or "our") collects, uses, shares, and protects information about you when you access or use our websites, mobile applications, and other services (together, the "Services"). The Services include chaphaus.com, the StartupLenz cost-calculator at startuplenz.com, the SlimeLog application, and any other product we publish under the ChapHaus name. Some products maintain product-specific privacy notices that apply in addition to this Policy; in case of conflict, the product-specific notice controls for that product.
The short version. We collect what we need to run the products and not much more. We don't sell your personal information. We use third-party services (cloud hosting, payment processing, analytics, advertising on some apps) and they're listed in Section 4. We follow COPPA for under-13 users, GDPR for users in the EU/UK, and CCPA for California residents. You can email support@chaphaus.com at any time to access, correct, or delete your data.
1. Information we collect
1.1 Information you provide
Account information. When you create an account on a Service that requires one, we collect information you submit: email address, username or display name, password (stored as a salted cryptographic hash — never in plain text), and, where applicable, date of birth (used for age verification).
Profile information. Optional information you add to your profile such as a display name, biography, profile image, social media handles, or location.
User Content. Content you submit through the Services — ratings, reviews, comments, photos, posts, and similar material.
Payment information. If you purchase a paid feature or subscription, payment card information is collected and processed by our payment processors (Stripe, RevenueCat, or the operating system's app store). We do not store full payment card details on our servers. We retain billing-related metadata such as customer ID, subscription status, plan tier, and renewal dates.
Communications. When you contact us by email or in-app, we retain that correspondence so we can respond and, if needed, follow up.
1.2 Information collected automatically
Usage data. Information about how you interact with the Services, including pages or screens viewed, features used, interactions with content, session duration, and the timestamps of those interactions.
Device and technical data. IP address, browser type, operating system, device model, device language, screen size, mobile network information, and crash logs.
Identifiers. Cookies, web beacons, and similar technologies on our websites. On mobile, we may collect device identifiers (for example, the Apple Identifier for Advertisers (IDFA) where you have granted permission through Apple's App Tracking Transparency framework, or the Android Advertising ID).
Location. We do not collect precise GPS location. We may infer your approximate location (country or region) from your IP address.
1.3 Information from third parties
If you sign in to a Service using a third-party authentication provider (such as Apple, Google, or GitHub), we receive basic profile information from that provider (typically your email and name) as permitted by the provider and your settings with them.
2. How we use information
We use the information we collect to:
- Operate, maintain, and improve the Services
- Create and secure your account; authenticate access
- Verify compliance with age requirements
- Process payments and manage subscriptions
- Personalize content (for example, showing you your saved plans, your favorite slimes, or relevant recommendations)
- Send transactional communications about your account, security, billing, and policy changes
- Send marketing communications, where you have opted in or where permitted by law (you can unsubscribe at any time)
- Respond to support requests, feedback, and inquiries
- Measure performance, run analytics, and understand how the Services are used
- Serve and measure advertising on Services that include ads (see Section 3)
- Detect, investigate, and prevent fraud, abuse, security incidents, and other harmful or illegal activity
- Comply with legal obligations and respond to lawful requests
3. Advertising and analytics
Certain Services display advertising. Advertising may be served by us directly or by third-party advertising networks. Some advertising is contextual (based on the content of the page or screen) and some is personalized (based on aggregated information about your interests and device).
On iOS: we will request your permission through Apple's App Tracking Transparency (ATT) prompt before tracking you across other companies' apps and websites or before sharing your IDFA with advertising partners for cross-app personalization. If you do not grant permission, you will still see ads in supported Services, but those ads will be contextual rather than personalized.
We use first-party analytics (Vercel Web Analytics, Vercel Speed Insights) and may use third-party analytics tools to understand how our Services are used. These tools generally use cookies, device identifiers, and similar technologies. Where required, we obtain consent before placing non-essential cookies or trackers.
We do not knowingly serve personalized advertising to users under 18, and we do not display advertising of any kind to users we have identified as under 13.
4. How we share information
With other users. Some Services include public profiles, posts, ratings, or social features. Information you choose to make public will be visible to other users and, in some cases, the general public.
With service providers. We share information with third-party vendors that help us operate the Services. Each is contractually bound to use the information only to perform services on our behalf. Our current key providers include:
| Provider | Purpose |
|---|---|
| Supabase | Database hosting, authentication, row-level security |
| Vercel | Web hosting, CDN, analytics, speed insights |
| Resend | Transactional and marketing email delivery |
| Stripe | Payment processing for web-based subscriptions |
| RevenueCat | Subscription management for mobile in-app purchases |
| Apple App Store, Google Play | App distribution, in-app purchase processing on mobile |
| Advertising partners | Ad serving and measurement in Services that include ads (mobile) |
For legal reasons. We may disclose information if we believe disclosure is required by law, regulation, court order, or government request, or if disclosure is necessary to protect our rights, protect user safety, address fraud, or respond to a security incident.
In a business transaction. If ChapHaus is involved in a merger, acquisition, financing, or sale of assets, user information may be transferred as part of that transaction. We will provide notice before personal information becomes subject to a different privacy policy.
We do not sell your personal information. We do not share your personal information with third parties for those third parties' direct marketing purposes without your consent.
5. Cookies and tracking technologies
Our websites use cookies and similar technologies to keep you logged in, remember your preferences, secure your account, and measure how the Services are used. You can control cookies through your browser settings, including blocking or deleting them. Some features may not function correctly if you block essential cookies.
6. Data retention
We retain personal information for as long as your account is active or as needed to provide the Services. When you delete your account, we delete or anonymize your personal information within a reasonable period (typically 30 to 90 days), except where we are required to retain certain information for legal, tax, accounting, security, or fraud-prevention purposes.
If we identify a user as under 13 years old, we delete the account and associated personal information promptly, in accordance with the Children's Online Privacy Protection Act (COPPA).
7. Your rights and choices
Depending on where you live, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate information
- Delete your personal information
- Object to or restrict certain processing
- Receive a copy of your data in a portable format
- Withdraw consent where processing is based on consent
- Opt out of marketing communications
To exercise any of these rights, email support@chaphaus.com. We will verify your request and respond within a reasonable time (typically within 30 days). We may decline requests that are repetitive, unreasonable, or that would compromise the privacy of others, but we will explain our reasoning if we do.
7.1 California residents (CCPA / CPRA)
You have the right to know what categories of personal information we collect, the purposes for which we collect it, the categories of third parties we share it with, and the right to request access, correction, or deletion of your personal information. You also have the right not to be discriminated against for exercising these rights. We do not sell personal information.
7.2 European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)
Our legal bases for processing your personal information are: contract performance (to deliver the Services you request), legitimate interests (to operate, secure, and improve the Services and prevent abuse), consent (where required, such as for marketing communications and certain tracking), and legal obligations (where required by law). You have the right to lodge a complaint with your local data protection authority.
8. Children's privacy
The Services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information and the associated account promptly. If you believe we may have information about a child under 13, contact support@chaphaus.com.
For users between 13 and the age of majority in their jurisdiction, certain Services may require parental or guardian consent. Where this is the case, the Service will disclose the requirement at signup.
9. Security
We use technical and organizational measures designed to protect your information, including encryption in transit (HTTPS/TLS), encryption at rest where appropriate, hashed passwords, access controls, and ongoing monitoring. However, no system is perfectly secure, and we cannot guarantee the absolute security of your information. If we become aware of a security incident affecting your personal information, we will notify you and the relevant authorities to the extent required by law.
10. International data transfers
Our Services are operated from the United States. If you access the Services from outside the United States, your information may be transferred to, stored in, and processed in the United States or other countries where our service providers operate. These countries may have data-protection laws that differ from the laws of your country. By using the Services, you consent to these transfers. Where required (for example for transfers from the EEA, UK, or Switzerland), we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.
11. Apple privacy disclosures
For Services delivered through the Apple App Store, the privacy practices applicable to that app are also summarized on the app's App Store product page through Apple's "Privacy Nutrition Labels." Those labels reflect the data types collected and how that data is used and linked to your identity. This Privacy Policy provides the full description.
12. Changes to this Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top. For material changes, we will provide reasonable notice through email, an in-app notification, or a prominent notice on the Services before the change takes effect.
13. Contact
Questions about this Privacy Policy or our data practices can be sent to support@chaphaus.com. For copyright (DMCA) notices, use dmca@chaphaus.com. For all other general inquiries, hello@chaphaus.com.
Our postal address for legal notices is listed in the footer of this page.