WorldClass Creative (David Eby Media Creations Inc., “we,” “us”) respects your privacy. This policy explains what information we collect through worldclass-creative.com (the “Site”), why we collect it, which third parties receive it, and the choices you have.
We share personal information only as necessary with the providers below. We do not sell your personal information.
| Provider | Purpose | What they may receive |
|---|---|---|
| Supabase | Database, authentication, and file storage (client portal) | Account credentials, project data, PII stored in the portal; auth session cookies (sb-*) set on authenticated pages only |
| Stripe | Payment processing | Name, email, billing address, and payment card details (handled directly by Stripe; we do not store full card numbers) |
| Airtable | CRM and project management | Client contact details, project records, and communication history |
| Dropbox | Delivery of finished media files | Delivered photo and video files; associated project metadata |
| Vercel | Website hosting and serverless functions | All requests pass through Vercel infrastructure; IP addresses and request logs are retained per Vercel’s data retention policies. TODO(david): confirm Vercel log retention period and DPA status. |
| Vimeo | Embedded video hosting (public site) | Viewer IP address, device data, and playback events when you watch embedded videos. Blocked until you accept cookies. Subject to Vimeo’s Privacy Policy. |
| Google / YouTube | Embedded video hosting (public site) and Google Fonts (typography CDN) | YouTube: viewer IP address, device data, and viewing events when you watch embedded videos. Blocked until you accept cookies. Subject to Google’s Privacy Policy. Google Fonts: font stylesheet and font file requests; Google Fonts does not set cookies and does not log IP addresses for CDN requests per Google’s documentation. |
| HubSpot | CRM and marketing (server-side only) | Contact and lead data synced server-side. No HubSpot tracking pixel, cookie, or client-side script is loaded on this Site. TODO(david): confirm HubSpot DPA is in place. |
| Zapier | Workflow automation (apply form) | Application form submissions routed via Zapier webhook to internal tools. TODO(david): confirm Zapier DPA / data processing agreement is in place. |
| Resend | Transactional email delivery | Recipient email address and email content for service notifications. TODO(david): confirm Resend is deployed and active; if not, remove this row. |
| OpenAI / Google Gemini | AI-assisted server-side workflows | Project content processed server-side for AI-assisted features. TODO(david): confirm which provider(s) are live in production and what data is submitted; update this row accordingly. Ensure applicable data processing terms are accepted. |
| Gmail / Google OAuth | Admin email and authentication | Email communications sent or received via the admin Gmail account. No client data is stored in Gmail beyond normal email correspondence. |
| Telegram | Internal admin alerts | Operational notifications sent to the admin. No client PII is transmitted beyond what appears in operational alerts (e.g. new application received). TODO(david): review what data fields appear in Telegram alert messages. |
We use three categories of cookies and similar technologies. You can manage your consent choice at any time using the cookie banner at the bottom of the page.
Strictly necessary for the authenticated client portal to function. These cookies are set only on authenticated pages (hub.html and the client app) — not on public marketing pages.
sb-* — Supabase auth session tokens (set by Supabase; session-scoped)No consent gate is applied to essential cookies.
Google Fonts is loaded from fonts.googleapis.com / fonts.gstatic.com on every page to serve the site’s typefaces. Per Google’s documentation, the Fonts CDN does not set cookies and does not log IP addresses for font file requests. We declare it here for transparency. No cookie consent gate is applied.
The Site embeds Vimeo and YouTube videos. These providers set third-party cookies and collect viewer data when a video loads. We block all Vimeo and YouTube embed requests until you explicitly accept cookies using the banner below. If you decline, placeholders are shown in place of videos. You can enable a specific video on a per-click basis without changing your global choice.
player.vimeo.com. Subject to Vimeo’s Privacy Policy.www.youtube.com/embed. Subject to Google’s Privacy Policy.We also include the dnt=1 parameter on background Vimeo embeds to request Do Not Track behaviour from Vimeo even when accepted.
Your choice is stored in localStorage under the key wcc_cookie_consent (value: accepted or declined). This is not a cookie; it is local to your device and browser.
We keep your information for as long as needed to respond to your inquiry, provide services, and meet our legal and accounting obligations, after which we delete or anonymise it. TODO(david): define specific retention periods (e.g. application data: 12 months after last contact; client project data: 7 years for accounting; payment records: per Stripe/accountant guidance) and confirm with your attorney.
Depending on your location, you may have rights to access, correct, delete, or restrict our use of your personal information, and to object to certain processing. To make a request, contact us at the address below. We will respond within a reasonable time. TODO(david): confirm applicable privacy law framework(s) (e.g. Florida, GDPR if EU clients, CCPA if California clients) with your attorney and add jurisdiction-specific disclosures if required.
The Site is intended for business users and is not directed to children under 16. We do not knowingly collect information from children.
We may update this policy periodically. The “last updated” date above reflects the latest revision. Material changes will be noted here.
To exercise your rights, ask a question, or raise a concern, contact business@worldclasscreative.co or (561) 220-7201, David Eby Media Creations Inc., West Palm Beach, FL 33414.