01. Information We Collect
When you subscribe to our newsletter or send fan mail, we collect your email address, optional name, and the message content (text or audio). When you purchase a membership or merchandise, Stripe collects and processes your payment details — we never see or store full card numbers. Your IP address and approximate location are logged for fraud prevention and rate limiting. Voice notes are stored as audio files in Emergent Object Storage and remain private to Nina Capone Media.
02. How We Use It
We use your information to (a) deliver the newsletter and event blasts you opted into, (b) fulfil membership perks (Backstage access, monthly featured-supporter drawing), (c) send transactional emails (purchase receipts, booking replies, password resets), and (d) improve the Site. We never sell your data to third parties.
03. Email & Double Opt-In
All marketing emails require a double opt-in: you confirm via a link after subscribing. Every newsletter contains an unsubscribe link at the footer (CAN-SPAM compliant). One-click unsubscribe removes you from all future marketing — you'll still receive transactional emails (receipts, account notices) if you have an active subscription.
04. Cookies
We use a small number of first-party cookies for: keeping you logged into the Admin Dashboard (admins only), remembering your form draft state, and providing Stripe payment widgets. We do not run third-party advertising trackers, behavioural retargeting, or social-media pixels.
05. Payment Data
Stripe is our PCI-DSS-compliant payment processor. Card numbers, CVCs, and bank credentials are submitted directly to Stripe — they do not pass through our servers. We retain only the Stripe customer ID and subscription metadata (status, current period end) to manage your membership. Stripe's privacy policy applies to data they collect.
06. Data Retention
We keep newsletter subscriptions until you unsubscribe. Fan mail and voice notes are kept for the lifetime of the membership and may be archived afterward to preserve our editorial record (unless you request deletion). Payment records and invoices are retained for 7 years for tax compliance.
07. Your Rights (GDPR / CCPA)
You have the right to access, correct, export, or delete your personal data. Email bookings@ninacapone.com with the subject "Data Request" and include the email address tied to your account. We will respond within 30 days. Note that we will need to verify your identity before fulfilling deletion requests.
08. Security
We use industry-standard encryption (TLS in transit, encrypted at rest in MongoDB Atlas and Emergent Object Storage). Admin access is gated by JWT-based authentication. Backstage stream URLs are never exposed in public API responses. If we ever experience a data incident affecting your personal information, we will notify you within 72 hours.
09. Children
The Site is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe we have inadvertently collected such information, email bookings@ninacapone.com and we will delete it promptly.
10. Contact
Questions about this Privacy Policy or your data? Email bookings@ninacapone.com.