Logo

Legal

Privacy Policy

What data we collect, how we use it, and your rights as a user.

Last updated: February 18, 2026

Next Starter ("we", "us", "our") operates https://www.next-starter.co. We sell a Next.js SaaS boilerplate. When you purchase, we process your payment through Stripe and grant you access to a private GitHub repository. This policy explains what data we collect, why we collect it, and your rights.

1. Information We Collect

Account information. When you create an account we collect your email address and, optionally, your name. Your password is hashed with bcrypt before storage; we never see or store it in plain text. If you sign in with Google OAuth, we receive your name and email from Google.

Payment information. Payments are processed entirely by Stripe. We never receive or store your credit card number. Stripe shares with us your name, billing address, and a customer identifier so we can manage your subscription.

GitHub username. We collect your GitHub username at checkout solely to invite you as a collaborator on our private repository. We do not access any other GitHub data.

Profile avatar (optional). If you upload a profile image it is stored on Cloudflare R2 and deleted when you remove it or delete your account.

Contact form. If you contact us through our website we collect your name, email, and message content to respond to your inquiry.

2. How We Use Your Information

  • Authenticate you and maintain your session
  • Process payments and manage your subscription via Stripe
  • Grant access to our private GitHub repository
  • Send transactional emails: account verification, password reset, payment receipts, and payment failure alerts
  • Respond to support or contact-form inquiries

We do not use your data for advertising, profiling, or automated decision-making. We do not run analytics or tracking scripts on our website.

3. Legal Basis for Processing (GDPR)

Where the GDPR applies, we process your data on these bases:

  • Contract performance: to fulfill your purchase and deliver repository access
  • Legitimate interest: to secure our service and prevent fraud
  • Consent: for optional features like Google sign-in and avatar uploads, which you can withdraw at any time
  • Legal obligation: to retain transaction records as required by law

4. Cookies

We use a single, essential HTTP-only session cookie to keep you signed in. It is transmitted only over HTTPS and cannot be read by client-side JavaScript. We do not use advertising, analytics, or third-party tracking cookies.

Google reCAPTCHA, which we use for bot prevention on forms, may set its own cookies subject to Google's Privacy Policy.

5. Third-Party Services

We share the minimum data necessary with the following service providers:

  • Stripe: payment processing (billing details, subscription status). Privacy Policy
  • GitHub: repository access invitations (GitHub username only). Privacy Policy
  • SMTP2Go: transactional email delivery (email address and email content). Privacy Policy
  • Cloudflare: file storage for avatars (image files only). Privacy Policy
  • Google: OAuth sign-in (name and email, only if you choose Google sign-in) and reCAPTCHA. Privacy Policy

We do not sell, rent, or trade your personal information to any third party.

6. Data Retention

We retain your account data for as long as your account is active. Session tokens expire automatically. Email verification and password-reset tokens are single-use and deleted immediately after use. When you delete your account, we remove your user record, sessions, and stored files. Stripe independently retains transaction records per their own retention policy and applicable tax and accounting laws.

7. Data Security

We protect your data with industry-standard measures including bcrypt password hashing, HTTP-only secure session cookies, short-lived pre-signed URLs for file uploads, rate limiting on authentication endpoints, and HTTPS encryption for all data in transit. No system is 100% secure. If you discover a vulnerability, please contact us immediately.

8. Your Rights

Depending on your location, applicable privacy laws (including the GDPR, CCPA/CPRA, and other regulations) may give you the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your account and associated data
  • Export your data in a portable format
  • Object to or restrict certain processing
  • Withdraw consent at any time for consent-based processing
  • Opt out of sale/sharing: we do not sell or share your personal information, so no opt-out is necessary

You can update your information and delete your account directly from your account settings. For any other request, email contact@fuzesoft.com and we will respond within 30 days.

9. International Transfers

Our service providers may process data outside your country of residence. Where required, we rely on Standard Contractual Clauses or equivalent safeguards to protect data transferred internationally.

10. Children

Our service is not directed to anyone under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, contact us and we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. If we make material changes we will update the "Last updated" date above. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions or to exercise your rights, contact us at contact@fuzesoft.com.