stupidface labsest.2026
live licenses ↗
← catalog / legal / privacy
document v1.0 · 2026.05 data we collect & how we use it

privacy.

We collect the minimum needed to run the store, deliver downloads, and answer support tickets. We do not sell or share your personal data with advertisers. The plug-ins make a single network call to validate your license against Lemon Squeezy on activation — that's it.

effective: 2026.05.01 version: 1.0 scope: stupidfacelabs.com + installed plug-ins contact: support@stupidfacelabs.com

at a glance

  • We collect: email, name, billing details (via our payment processor), and license activation data.
  • We never sell your personal data.
  • The plug-ins themselves do not connect to the internet during normal use. License activation is performed once, locally, against a signed file.
  • We use a single privacy-respecting analytics provider for aggregate site traffic (no cross-site tracking).
  • You can delete your account, request your data, or opt out at any time by emailing support@stupidfacelabs.com.

information we collect

Information you provide

  • Account information: email, name, password (stored hashed via industry-standard one-way hashing).
  • Billing information: collected and processed by our payment processor (Stripe). We receive only a transaction reference, the last four digits of the card, and the billing country.
  • Support correspondence: any information you include when contacting us, including the contents of support tickets and ticket numbers.
  • Newsletter subscription: email address only, used solely for delivering monthly release notes.

Information collected automatically

  • Site analytics: aggregate page views, referrer, user agent. We do not use cookies that track you across sites.
  • Server logs: IP address (truncated to /24 for IPv4 and /48 for IPv6), timestamp, requested URL, response status. Retained 30 days for security and abuse prevention.
  • License activation: when you activate a plug-in, your machine generates a fingerprint hash that we store with your license to enforce the seat limit. The fingerprint is not reversible to identify the device.

how we use it

We use information to:

  • fulfill orders and deliver the products you purchase;
  • provide license activation, updates, and customer support;
  • send transactional emails (receipts, license deliveries, ticket replies);
  • send the newsletter, if you've opted in;
  • operate, maintain, and improve the Site;
  • detect, prevent, and respond to fraud, abuse, or security incidents;
  • comply with legal obligations.

We do not use your data to train machine-learning models, sell advertising, or build behavioral profiles.

when we share

We share personal data only with:

  • Service providers who help us run the business (e.g. our payment processor, email provider, hosting), under contract that limits their use of the data to providing services to us;
  • Law enforcement or government authorities when legally required, in response to a valid subpoena, court order, or similar legal process;
  • Successors-in-interest in the event of a merger, acquisition, or sale of assets, with notice to you.

We do not sell your personal data.

cookies & analytics

We use a minimal set of cookies for essential site functionality:

  • Session cookies: keep you logged in while browsing.
  • Preferences: remember your boot-screen-skip flag (stored client-side only).

We use Plausible Analytics, a privacy-respecting alternative to Google Analytics, for aggregate site metrics. Plausible does not use cookies and does not track you across sites.

plug-in telemetry

The Stupidface Labs audio plug-ins do not connect to the internet during normal use. There is no telemetry, no usage tracking, no crash reporting beacons. License activation produces a local .lic file that the plug-in reads at startup; nothing is transmitted at runtime.

Software updates are user-initiated downloads from the Site. The plug-ins do not check for updates automatically.

data security

We implement industry-standard security practices:

  • TLS encryption for all Site traffic;
  • encrypted storage at rest for account data;
  • passwords stored using one-way hashing (bcrypt or equivalent);
  • limited employee access to personal data on a need-to-know basis;
  • incident-response procedures for suspected security events.

No system is perfectly secure. If we discover a breach affecting your data, we will notify you within 72 hours of confirming the incident.

data retention

  • Account data: retained while your account is active, plus seven years for tax and audit purposes after closure.
  • Order records: retained for seven years per U.S. tax law.
  • Server logs: 30 days.
  • Support tickets: retained for two years for reference, then deleted.
  • Newsletter list: retained until you unsubscribe.

your rights

Depending on your jurisdiction, you may have the right to:

  • access the personal data we hold about you;
  • correct inaccurate or incomplete data;
  • request deletion of your data (subject to our legal-retention requirements);
  • object to or restrict certain processing;
  • port your data to another service;
  • withdraw consent at any time.

To exercise any of these rights, email support@stupidfacelabs.com. We will respond within 30 days.

California residents have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of sale (we do not sell personal information).

children's privacy

The Site is not directed to children under 13. We do not knowingly collect personal data from children under 13. If we learn that we have collected such data, we will delete it.

international users

We are based in the United States. If you access the Site from outside the United States, your information may be transferred to, stored, and processed in the United States, where data-protection laws may differ from those in your country.

changes to policy

We may update this Privacy Policy from time to time. The "effective" date at the top reflects the most recent revision. Material changes will be communicated via email to active accounts.

contact

Questions about this Privacy Policy or your data should be directed to:

Stupidface Labs
support@stupidfacelabs.com
Los Angeles, California, USA