Privacy Policy

Steven Angel · Last updated: 2026-05-08

This privacy policy covers two surfaces: (A) the steven-angel.com website (including the shop, ghost production service, lessons, and mix & mastering inquiries); and (B) the @stevenangel.prod Instagram automation built with the Steven Angel Marketing Meta App.

We follow the principle of collecting only what we need to deliver the service you asked for. We do not sell or rent your personal data to anyone, ever.

A — Website Privacy (steven-angel.com)

Who we are

steven-angel.com is operated by Steven Angel (sole proprietor), based in Tel Aviv, Israel. Contact: hello@steven-angel.com.

What we collect on the website

Depending on what you do on the site:

  • Visiting any page: anonymous usage data via Google Analytics 4 (page views, device, country at city level, referrer) and Microsoft Clarity (session recordings, click maps, scroll depth) — both standard analytics tools.
  • Submitting a contact / quote form: your name, email, message, optional reference link.
  • Creating a shop account: email address, hashed password (we never see the plain password), optional name.
  • Buying a product: payment is processed by PayPal — we receive a transaction ID, the product purchased, and the email used. We do not see or store your card number.
  • Clicking a Google Ads or Meta Ads link to the site: click attribution data (Google Click ID, Facebook Click ID) used for ad performance measurement.
  • Clicking a WhatsApp button: nothing is collected by us — the click opens WhatsApp directly; if you message, your phone number becomes visible to Steven.
  • Subscribing to a newsletter or completing a lead form: your email is stored in Brevo (our email service provider) for sending the requested content + occasional updates. You can unsubscribe from any email instantly.

How we use it

  • To deliver the product or service you asked for (downloads, lessons, ghost production, masterclass).
  • To improve the site (analytics tells us which pages work, where users get stuck).
  • To measure paid advertising performance (so we can stop wasting money on irrelevant clicks).
  • To respond to your messages and quote requests.
  • To send you legitimate emails (purchase confirmations, password resets, update emails you opted into).

We do not use your data for: profiling, automated decision-making, training AI models, or sale/rental to third parties.

Cookies & tracking technologies

The site uses these cookie / storage categories:

  • Strictly necessary — auth session (JWT, set when you log in to the shop), 30-day expiry. Cannot be disabled.
  • Analytics — Google Analytics 4 (_ga, _ga_*), Microsoft Clarity (_clck, _clsk). Anonymized.
  • Advertising — Google Ads conversion tracking + remarketing tags. Used to measure ad performance and show relevant ads on Google's network.

You can disable analytics + advertising cookies via your browser settings. We are also planning a cookie consent banner (Klaro CMP) for clearer per-category opt-in.

Third-party services we share data with

We share the minimum data needed for these tools to function:

  • Google Analytics 4 — anonymized usage data (Google LLC, US; EU-US Data Privacy Framework certified).
  • Microsoft Clarity — session recordings without sensitive form data (Microsoft Corp., US).
  • Google Ads — click + conversion data (Google LLC).
  • PayPal — payment processing only (PayPal Holdings).
  • Brevo — email delivery for transactional + marketing emails (Brevo SAS, EU).
  • Cloudflare — CDN, DDoS protection, R2 file storage (Cloudflare Inc., US/EU).
  • Netlify — static site hosting (Netlify Inc., US).
  • Railway — backend application hosting (Railway Corp., US).

Your rights

Regardless of where you are, you can:

  • Access — request a copy of the data we hold on you.
  • Correct — ask us to fix any incorrect data.
  • Delete — ask us to delete your account and associated data.
  • Object — opt out of analytics, advertising, or marketing emails.
  • Portability (GDPR / EU) — receive your data in a machine-readable format.
  • Do Not Sell My Personal Information (CCPA / California) — we never sell your data, but you can confirm this in writing if you want.

To exercise any of these rights, email hello@steven-angel.com. We respond within 30 days.

Data retention

  • Auth sessions: 30 days from last login (auto-expire).
  • Shop accounts + purchase history: kept for as long as the account exists, plus 7 years for tax/accounting (Israeli law).
  • Contact form submissions: 2 years, then deleted.
  • Newsletter list (Brevo): until you unsubscribe.
  • Analytics (GA4): 14 months (Google's default).
  • Clarity recordings: 90 days (Microsoft's default).

Children

The site is intended for users 16 and older. We do not knowingly collect data from children under 16. If you believe a child has submitted data, contact us and we will delete it.

Changes to this policy

When we update this policy, we change the “Last updated” date at the top of this page. Material changes will be announced on the site and via email to anyone with a shop account.

B — Instagram Bot Privacy (@stevenangel.prod)

This section covers data collected when you interact with the @stevenangel.prod Instagram automation (the “Bot”), built using the Steven Angel Marketing Meta App.

What we collect

When you comment a trigger word (e.g. “samples”) on our Instagram posts, or message us afterwards, we collect:

  • Your Instagram username
  • Instagram-scoped user ID (IGSID)
  • The comment ID
  • The email address you reply with

Why

Solely to send you the requested free download link via Instagram Direct Message.

How it’s stored

Encrypted on Cloudflare D1, EU region. We do not share, sell, or transfer this data to third parties.

Retention & deletion

Data is kept until you request deletion. To request deletion, email hello@steven-angel.com with the subject “Delete my data”. We will delete your record within 30 days.

Contact

For any privacy question or request — whether about the website or the Instagram Bot — email hello@steven-angel.com.

← Back to steven-angel.com