Privacy

Last updated: April 17, 2026

The Lombardi Project is operated by Joey Farah ("Joey Donuts"). This page explains what data we collect, why we collect it, and how you can get it removed. Short version: we store the minimum we need to remember what you bought, and we don't share it.

What we collect

• Email address — stored when you sign in so we can associate purchases with your account and deliver downloads.
• Purchase records — which packs you own, the Stripe checkout session ID, and the timestamp of each purchase. This is what lets you re-download files any time.
• Session cookie — a short-lived token set by Supabase after sign-in so you stay signed in across page loads. No third-party tracking cookies.

What we don't collect

• Card details — Stripe handles payment end-to-end. Your card number never touches our servers.
• Passwords — authentication is magic-link only, so there's no password to store or leak.
• Personal identifiers beyond email — we don't ask for your name, address, phone number, or Discord handle. If Stripe collects billing details during checkout, those live in Stripe and we don't copy them over.

Subprocessors

We use a small set of third-party services to run the site:

• Supabase — hosts the database, authentication, and private storage for savestate files. supabase.com/privacy
• Stripe — processes payments. stripe.com/privacy
• Vercel — hosts the site itself and serves the pages you're reading. vercel.com/legal/privacy-policy

Downloads

Savestate files live in private storage. When you click download we issue a short-lived signed URL (expires in about a minute) tied to your account. The URL is single-use from the browser's perspective — closing the tab or sharing the link later won't give anyone else access.

Analytics

We may use lightweight, privacy-respecting analytics (page view counts, referrer, country) to understand which parts of the site get used. We don't set tracking cookies, fingerprint visitors, or build profiles. If we change this, the update will appear on this page.

Data retention and deletion

We keep your account and purchase records for as long as the account is active. If you'd like your account deleted, email the address below and we'll remove your email, purchase history, and any associated records within a reasonable timeframe. Note: Stripe retains transaction records for tax and anti-fraud purposes regardless of what we do — contact Stripe directly if you need records removed on their end.

Changes to this policy

If we update this policy we'll bump the "Last updated" date at the top of the page and, for material changes, send a note to the email on your account.

Contact

Questions about this policy, a data request, or anything else? Email joeyefarah@gmail.com.