Legal

Privacy Policy

Last updated · April 26, 2026

Savage Studio Holdings ("we", "us", or The Architect) operates thearchitect.wiki and the client portal that ships with it. This policy explains what we collect, why we collect it, how we use it, and how you can reach us with questions or requests.

What we collect

We only collect information that we need to deliver the service you signed up for:

  • Account information. Your name and email address when you sign up or are invited to a project. We use magic-link authentication, so we never store your password.
  • Project data. Anything you submit through the intake form, the project portal, or messages — including files you upload as references or deliverables.
  • Payment information. When you pay a deposit, milestone, or invoice, Stripe collects your payment details directly. We receive a payment confirmation, the last four digits of your card, and the receipt URL — we never see or store your full card number.
  • Web Push subscriptions. If you opt in to browser notifications from the portal, your browser issues a push subscription token that we store so we can notify you when a project event happens. You can disable this any time from the portal or your browser settings.
  • Operational data. Standard server logs (IP address, user-agent, timestamps) generated by our hosting provider for security and abuse prevention. We do not run analytics scripts or third-party trackers on this site.

How we use it

We use the information above to:

  • Authenticate you and keep your portal session secure.
  • Deliver the services you booked (build the project, exchange files, send milestone updates, capture payments).
  • Send transactional email — magic-link sign-ins, invoice receipts, milestone notifications, deal confirmations.
  • Provide customer support if you write to us at support@thearchitect.wiki.
  • Comply with legal obligations (tax records, fraud investigation).

We do not sell, rent, or lease your information to anyone. We do not use your data to train AI models. We do not run behavioral advertising.

Service providers we share with

We rely on a small set of vendors to run the service. Each one only receives the data it needs for its function:

  • Stripe — payment processing and tax calculation. See stripe.com/privacy.
  • Resend — transactional email delivery (magic-link sign-ins, receipts, project updates).
  • Vercel — application hosting, edge networking, and deployment.
  • Neon — managed Postgres database (where your account, project, and message records live).
  • Vercel Blob — encrypted file storage for uploads exchanged through the portal.
  • Better Auth — open-source authentication library running on our infrastructure (no third-party data transfer).

Cookies

We set a small number of first-party cookies, all strictly necessary for the site to work:

  • A session cookie issued by Better Auth so we know you're signed in. It is HTTP-only, signed, and short-lived.
  • A signed cookie cache that mirrors your role (client / admin / partner) so the proxy can route you correctly without hitting the database on every request.

We don't run third-party analytics, ad networks, or social tracking pixels. There is no consent banner because there is nothing to consent to beyond what is required to operate the site.

How long we keep it

Active project data stays in your portal for the duration of the engagement plus 90 days of post-launch support. After that, we keep records as long as is reasonably necessary to comply with tax, contract, and audit obligations — typically seven years for invoice and payment records. You can ask us to delete your account at any time and we will, subject to those retention requirements.

Security

All traffic is served over TLS. Files in Vercel Blob are encrypted at rest. Database backups are encrypted by Neon. We use the principle of least privilege for service-account credentials and rotate them when staff or vendors change. No system is perfectly secure — if you spot a vulnerability, email support@thearchitect.wiki and we will respond within one business day.

Your rights

Depending on where you live (GDPR in the EU/UK, CCPA in California, similar laws elsewhere) you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data.
  • Export a copy of your data.
  • Object to or restrict certain types of processing.

Email hello@thearchitect.wiki to exercise any of these. We respond within 30 days. We will not retaliate for any rights request — see California's "Shine the Light" law for the framework we follow.

Children

The service is not directed to anyone under 16. We do not knowingly collect personal data from children. If you believe a child has submitted information, contact us and we will delete it.

International users

We are based in the United States. If you use the service from outside the US, your information is transferred to and processed in the US under our service providers' Standard Contractual Clauses where applicable.

Changes to this policy

When we materially change this policy we update the "Last updated" date above and, for active clients, send a notice through the portal. Continued use of the service after a change means you accept the updated policy.

Contact

Savage Studio Holdings
Email: hello@thearchitect.wiki
Support: support@thearchitect.wiki