M&G
Start
Home
Privacy

Privacy policy

We’re a two-person studio. We don’t have time for shady data practices. Here’s the short version of what we collect, why, and what you can do about it.

1. Who runs this

M&G Web Development is operated by Adam Mirmina and Phillip Gorokhovich, based in Cherry Hill, NJ. We are the controllers of any personal information described in this policy. For any privacy question, write to hello@mngwebdev.com.

2. What we collect

  • Account info: name, email, password (hashed via Supabase Auth), optional phone number.
  • Project info: business name, intake answers, files you upload, brand colors, copy you paste, messages you send through the dashboard.
  • Contract record: typed signing name, IP address, and user-agent on any signed contract. Required for the audit trail.
  • Acceptance log: timestamp recording when you accepted these Terms and Privacy Policy.
  • Server logs: request URLs, timestamps, IP addresses for debugging and abuse prevention. Retained 30 days.

3. What we do NOT collect

  • Tracking pixels, advertising cookies, third-party analytics, or behavioral tracking across the web.
  • Payment card or bank account info. Invoices are sent via Stripe or check; payment data lives at Stripe, not here.
  • Anything we don’t need to do the work.

4. How long we keep it

  • Account + project data: as long as your account exists. After you delete your account or two (2) years of inactivity, we delete primary records within 30 days.
  • Contract records: seven (7) years after the engagement ends, for tax and audit reasons.
  • Server logs: 30 days.
  • Backup snapshots: may contain deleted data for up to 30 additional days while normal backup rotations complete.

5. Who we share with

Just the vendors that make the site work:

  • Supabase — database and auth (US-hosted).
  • Vercel — web hosting (US-hosted).
  • Resend — transactional email delivery (US-hosted).
  • Cloudflare — DNS and email routing.
  • ntfy.sh — push notifications to our phones (notification titles and short message previews only; no full message bodies).

We do not sell your personal information, share it with advertisers, or pass it to anyone outside that vendor list. We may disclose information if required by law, a valid legal process, or to protect the rights or safety of ourselves or others.

6. Your rights

Depending on where you live, you may have specific rights under laws like the California Consumer Privacy Act (CCPA), the EU General Data Protection Regulation (GDPR), or similar state laws. We honor all of these for everyone, regardless of location:

  • Access: ask us for a copy of the personal info we hold about you.
  • Correction: update any inaccurate info. The account settings page handles most of this directly.
  • Deletion: close your account from the account settings page, or email us. We remove primary records as described in Section 4.
  • Portability: ask us for an export of your data in a standard format (JSON or CSV).
  • Opt-out of sale or sharing:we do not sell or share your data for advertising purposes, so there’s nothing to opt out of, but the right is honored.
  • Non-discrimination: we will not treat you differently for exercising any of the rights above.

To exercise a right, email hello@mngwebdev.com from the address on your account. We typically respond within seven (7) days, and always within thirty (30) days as required by applicable law.

7. Cookies

We use only the functional cookies required to keep you signed in (Supabase Auth session cookies). We do not use advertising cookies, third-party tracking cookies, or analytics that profile users across sites. Your browser lets you block or delete cookies; doing so will sign you out and may break parts of the site.

8. International transfers

Our vendors (Supabase, Vercel, Resend, Cloudflare, Anthropic) are based in the United States. If you access the site from outside the US, your data is transferred to and processed in the US under those vendors’ standard terms.

9. Children

The site is not directed at children under thirteen. We do not knowingly collect personal information from anyone under thirteen. If you believe we have, email us and we’ll delete it.

10. Security

We use standard industry practices to protect data: TLS for everything in transit, hashed passwords, row-level security in the database, and least-privilege access for admins. No system is perfectly secure; if we ever experience a breach affecting your data, we’ll notify affected accounts and applicable regulators as required by law.

11. Changes to this policy

If we change this policy, we’ll update the “Last updated” date below and email active accounts about material changes. Continued use after a change means you accept the new policy.

12. Contact

Privacy questions: hello@mngwebdev.com. Mailing address available on request.

Last updated May 12, 2026.