Pause
← Back to home

Privacy Policy

Effective date: March 25, 2026

Who we are

Pause (“we,” “us,” or “our”) operates the website at givepause.com and the Pause email-based scam-protection education service. Pause is the data controller for the personal data described in this policy. For any privacy-related questions, you can reach us at support@givepause.com.

What personal data we collect

We collect different information depending on your role in the service:

Buyer account data. When you create an account and purchase a subscription, we collect your email address (used for authentication and communication) and your name if you choose to provide it.

Recipient data. When a buyer enrolls a recipient, we collect the recipient's first name, email address, and their relationship to the buyer (e.g., “Mom,” “Grandpa”). This information is provided to us by the buyer during enrollment.

Payment data. Payments are processed entirely by Stripe. We receive and store your Stripe customer ID and basic purchase status (active, cancelled, etc.), but we never receive, process, or store your credit card number, CVV, expiration date, or full card details.

Lesson engagement data. We collect data about how recipients interact with lessons, including email open events, link clicks, quiz answers, and lesson completion timestamps. This powers the buyer dashboard and helps us improve lesson effectiveness.

Technical data. Our hosting provider (Vercel) may automatically collect standard server logs including IP addresses, browser type, and referring pages. We do not use this data to identify individual users.

How we use your data

We use personal data only for the following purposes:

  • Account management: Buyer email and name are used for authentication (magic-link login), purchase confirmations, and account-related communications.
  • Lesson delivery: Recipient name and email are used to send weekly scam-protection lessons, personalize lesson content, and deliver monthly summary emails.
  • Progress tracking: Lesson engagement data is used to display progress on the buyer dashboard and generate monthly summary reports.
  • Payment processing: Stripe customer IDs and purchase status are used to manage subscriptions, process renewals, and handle refund requests.
  • Service improvement: Aggregated, de-identified engagement data may be used to improve lesson content and the overall product experience.

We do not sell, rent, or share your personal data with third parties for their marketing purposes.

Third-party service providers

We share personal data with the following third-party processors, solely to operate the service:

  • Stripe (payment processing) — processes and stores payment card data on our behalf. See Stripe's privacy policy.
  • Resend (email delivery) — sends transactional and lesson emails on our behalf. Email addresses and message content pass through their systems. See Resend's privacy policy.
  • Vercel (hosting and infrastructure) — hosts our website and application. Server logs may include IP addresses and request data. See Vercel's privacy policy.
  • Prisma / PostgreSQL (database) — stores account, recipient, and lesson data in a managed PostgreSQL database operated through Prisma's data platform.

Each processor is contractually required to handle your data only as needed to provide their service and in accordance with applicable data protection laws.

Cookies

We use a single session cookie set by NextAuth to keep you logged in after authentication. This cookie is strictly necessary for the service to function and cannot be disabled while using the app.

We do not use advertising cookies, tracking cookies, or third-party analytics cookies. We do not use any cookie-based cross-site tracking.

Data retention

  • Account data (buyer email, name, Stripe customer ID): retained while your subscription is active and for 30 days after cancellation, after which it is deleted.
  • Recipient data (name, email, relationship): retained on the same schedule as the associated buyer account.
  • Lesson completion data (quiz answers, completion timestamps): retained indefinitely to support the lifetime access feature, which allows recipients to revisit completed lessons even after the subscription ends.
  • Payment records: Stripe retains payment data per their own retention policies and applicable financial regulations.

If you request account deletion, we will remove your personal data within 30 days. Anonymized, aggregated data that cannot identify you may be retained for product improvement.

Your rights

Regardless of where you live, you may exercise the following rights by emailing support@givepause.com:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Ask us to correct inaccurate or incomplete data.
  • Deletion: Request that we delete your personal data. We will process deletion requests within 30 days, subject to any legal obligations requiring us to retain certain records.
  • Data portability: Request your data in a structured, commonly used format.

We will respond to all rights requests within 30 days. We do not charge a fee for reasonable requests.

California residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights, including the right to know what personal information we collect and how it is used, the right to request deletion of your personal information, and the right not to be discriminated against for exercising your rights. We do not sell personal information as defined by the CCPA. To exercise your rights, email support@givepause.com.

European users (GDPR)

If you are in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) provides you with additional rights, including the right to access, rectify, erase, restrict processing, and port your data. Our legal basis for processing your data is (a) performance of our contract with you (delivering the service you purchased), and (b) our legitimate interest in improving the service. You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data appropriately.

Security

We take reasonable measures to protect your personal data, including:

  • All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.
  • Payment processing is handled entirely by Stripe, which is PCI DSS Level 1 certified.
  • Authentication uses secure, time-limited magic links — we do not store passwords.
  • Database access is restricted and credentials are managed through environment variables, never committed to code.

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Children's privacy

Pause is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. The recipients of our service are adults (typically parents or grandparents). If we learn that we have inadvertently collected data from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with personal data, please contact us at support@givepause.com.

Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email at the address associated with your account before the changes take effect. The “Effective date” at the top of this page indicates when the policy was last revised. Continued use of the service after changes take effect constitutes your acceptance of the updated policy.

Contact us

If you have questions about this Privacy Policy or how we handle your data, contact us at support@givepause.com.