Compliance & Security

This page explains how RaxxWare (raxxware.com) protects your data and meets its legal and security obligations. We keep it in plain English. If anything is unclear, email stizzyraxx@gmail.com.

Data Protection (GDPR & CCPA)

We comply with the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Depending on where you live, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion of your account and associated data.
• Receive a portable copy of your data.
• Opt out of any sale of your data — we do not sell personal data.

To exercise any of these rights, email stizzyraxx@gmail.com. We respond to verified requests within 30 days.

Security Practices

• Encryption in transit: All traffic to and from RaxxWare is served over HTTPS/TLS with HSTS enforced.
• Encryption at rest: Our database and backups are encrypted at rest by our hosting provider (Supabase).
• Password handling: Passwords are hashed with bcrypt — we never store them in plain text.
• Access controls: Production data access is restricted to authorized personnel, scoped by role, and logged.
• Network hardening: We apply security response headers (HSTS, X-Frame-Options, nosniff, restrictive Permissions-Policy) and rate-limit public endpoints to deter abuse.
• Payment security: Card data is handled entirely by Stripe (PCI-DSS Level 1). We never see or store full card numbers.

We take reasonable, industry-standard precautions, but no system can be guaranteed 100% secure.

Acceptable Use

When using RaxxWare you agree not to:

• Break the law or infringe anyone's rights.
• Attempt to access accounts, data, or systems you are not authorized to use.
• Probe, scan, or test the vulnerability of our systems without permission.
• Send spam, run automated scraping, or abuse our forms and APIs.
• Upload malware or content that is unlawful, fraudulent, or harmful.
• Interfere with or disrupt the service for other users.

We may suspend or terminate accounts that violate this policy.

Data Retention & Deletion

We keep your account data for as long as your account is active. When you close your account, we delete your personal data within 90 days, except where we are legally required to keep certain records (for example, tax and transaction records). You can request deletion at any time by emailing stizzyraxx@gmail.com.

Subprocessors

We rely on a small set of trusted vendors to run RaxxWare. Each is bound by its own data-protection terms:

• Stripe — Payment processing and affiliate payouts.
• Supabase — Database hosting and authentication infrastructure.
• Vercel — Application hosting and edge delivery.
• Email provider (SMTP / Amazon SES) — Transactional and notification email delivery.

Breach Notification

If we discover a data breach that affects your personal data, we will investigate promptly, take steps to contain it, and notify affected users and the relevant authorities without undue delay — and within 72 hours where required by law (e.g., GDPR Article 33). Notifications will explain what happened, what data was involved, and what you can do to protect yourself.

Cookie Usage

We use session cookies to keep you logged in and to track referral attribution (e.g., ?ref= parameters). We do not use third-party advertising or cross-site tracking cookies. See our Cookie Policy for details.

Contact

For compliance, security, or data-privacy questions — or to report a vulnerability — email stizzyraxx@gmail.com. RAXX BEATS STUDIOS LLC — we aim to respond within 48 hours.