/privacy

Privacy.

The short version: we collect the minimum needed to run ForStarters.io, we don't sell user data, and we don't run third-party trackers on the marketing site.

Last updated: May 13, 2026 · Effective: May 13, 2026

Who we are

ForStarters.io is a product of J19 Labs, LLC ("J19 Labs," "we," "us," or "our"), a Delaware limited liability company. ForStarters.io is the customer-facing brand; J19 Labs, LLC is the legal entity responsible for the service and the party named on Stripe receipts. You can reach us at privacy@forstarters.io.

What this policy covers

This policy describes how we collect, use, and share information when you visit forstarters.io, sign up for the waitlist, create an account, or subscribe to the service. It applies to the marketing site, the subscriber app, and any related services we operate. It does not cover third-party sites we link to.

Information we collect

Information you give us

  • Waitlist signup. Your email address, submitted voluntarily so we can email you when ForStarters.io is generally available.
  • Account information. When subscriber accounts go live, we will receive your GitHub-issued identity (login, primary email address, and avatar URL) via GitHub OAuth. We never see your GitHub password.
  • Billing information. Subscription payments are processed by Stripe. We receive Stripe's billing metadata (plan, status, last four digits of the card, billing country). We never see or store full card numbers, expiration dates, or CVCs — those go directly from your browser to Stripe.
  • Support correspondence. If you email us, we keep the message and our reply.

Information we collect automatically

  • Server logs. Our Cloudflare Workers infrastructure logs request metadata (IP address, user agent, request path, response status, timestamp). Logs are retained for up to 30 days and used for debugging, abuse prevention, and capacity planning.
  • Product analytics. When configured, we use a self-managed instance of PostHog to capture page views and product events. Events are tagged with the environment (production / staging) and a build identifier. We do not run third-party advertising trackers, fingerprinting libraries, or session-replay tools that capture form inputs.
  • Cookies. The marketing site sets no cookies until you sign in. Signed-in subscribers receive a single session cookie (HttpOnly, SameSite=Lax, Secure) used to authenticate API requests. No marketing cookies, no consent banner is required for the public site.

Information from third parties

  • GitHub. When account sign-in goes live, GitHub will share your public profile and primary email with us, subject to your GitHub OAuth consent.
  • Stripe. Stripe shares the subscription metadata described above whenever your subscription state changes (created, updated, canceled, past due).

How we use information

We use the information we collect to:

  • Operate and maintain the service, including authentication and billing.
  • Send transactional email (waitlist confirmation, receipts, security notifications, subscription state changes, password-style account events).
  • Send the optional update digest when subscribers opt in. This is the only non-transactional email and is off by default.
  • Diagnose bugs, debug issues, and improve performance.
  • Prevent fraud, abuse, and violations of our Terms of Service.
  • Comply with legal obligations.

We do not use your information to train machine-learning models, to build advertising profiles, or to sell to data brokers.

How we share information

We do not sell, rent, or trade your personal information. We share information only with the sub-processors we rely on to operate the service:

  • Cloudflare — hosting, edge compute, DNS, CDN, logs. Sub-processor under their customer DPA.
  • Stripe — payments processing and subscription billing. See Stripe's privacy policy.
  • GitHub — identity provider and source code delivery (via a GitHub App that issues per-subscriber installation tokens).
  • Resend — transactional email delivery.
  • PostHog — product analytics (self-managed instance when enabled).

We may also disclose information when required by law, in response to a lawful subpoena or court order, or to protect the rights, safety, or property of J19 Labs, our users, or the public. If we are involved in a merger, acquisition, or sale of assets, we will provide notice before personal information is transferred and becomes subject to a different privacy policy.

Data retention

  • Waitlist emails. Retained until ForStarters.io launches and we send the announcement, or until you ask us to delete them, whichever is sooner.
  • Account data. Retained while your account is active and for up to 12 months after cancellation so we can restore the account if you return. You can request earlier deletion at any time.
  • Billing records. Retained for 7 years for tax and accounting compliance.
  • Server logs and analytics. Retained for 30 days.

Your rights and choices

Regardless of where you live, you can:

  • Access. Request a copy of the personal information we hold about you.
  • Correct. Ask us to fix information that is inaccurate.
  • Delete. Ask us to delete your information. We will delete it unless we are required by law to keep it (for example, billing records).
  • Export. Request a portable copy of your account data.
  • Unsubscribe. Opt out of any non-transactional email at any time. Every digest email includes a one-click unsubscribe link.

Email privacy@forstarters.io to exercise any of these rights. We respond within 30 days.

If you are in the EEA, UK, or Switzerland: we process your data on the legal basis of performing the contract you've entered into with us, your consent (for the optional update digest), or our legitimate interest in operating and securing the service. You have the right to lodge a complaint with your local supervisory authority.

If you are in California: the CCPA gives you the right to know what categories of personal information we collect, the right to delete, and the right to non-discrimination for exercising your rights. We do not sell personal information.

Security

Data in transit is encrypted with TLS. Data at rest is encrypted by our sub-processors. Session cookies are HttpOnly, SameSite=Lax, and Secure. Access to production systems is restricted to a small set of named operators and logged. We cannot promise perfect security — no service can — but we design and audit toward minimizing what we collect and what we expose.

Children

ForStarters.io is a developer tool not directed at children. We do not knowingly collect personal information from children under 13 (or under 16 in the EEA). If you believe a child has provided us information, email privacy@forstarters.io and we will delete it.

International transfers

J19 Labs is based in the United States. Our sub-processors operate globally. When data is transferred from the EEA, UK, or Switzerland to the United States or other countries, we rely on the standard contractual clauses provided by our sub-processors.

Changes to this policy

We may update this policy as the service evolves. Material changes will be announced on this page and, where appropriate, by email to account holders. The "Last updated" date at the top of this page always reflects the most recent revision. Continued use of the service after a revision means you accept the updated policy.

Contact

Questions, requests, or concerns? Email privacy@forstarters.io. For postal mail:

J19 Labs, LLC
Attn: Privacy
(Mailing address available on request)

See also: Terms of Service · Contact us