← Back

Privacy Policy

Last updated: May 16, 2026

This Privacy Policy describes how Machi Collective ("we", "us", "our") collects, uses, shares, and protects information about you when you visit or make a purchase from https://machicollective.com. We follow the principles of GDPR, CCPA, and similar privacy regimes regardless of where you live.

What we collect

How we use your data

Service providers we share with

We share the minimum data needed with:

We never sell your personal information.

Cookies & tracking

We set the following cookies:

Until you accept analytics or marketing cookies, only strictly-necessary cookies are set. Your choice is remembered for 12 months.

Your rights

Depending on your region, you may have the right to:

California residents additionally have CCPA rights — see /privacy/do-not-sell.

Data retention

Security

We use industry-standard practices: HTTPS everywhere, encrypted database at rest, scoped service-role access, signed webhooks, rate-limited public APIs, RLS on every table.

International transfers

Data is processed in the United States. By using the site you consent to this transfer. Stripe, Resend, Supabase all offer EU data-residency contracts; contact us if you need one.

DPO contact

For data-protection inquiries, contact collectivemachi@gmail.com. (Replace with your DPO name if you appoint one.)

Changes to this policy

We'll post the updated date above and notify newsletter subscribers of material changes.

Contact

Questions? Email collectivemachi@gmail.com.