Skitza

Privacy

What we collect.

Last updated: April 2026 · Plain English · Tell us at privacy@skitza.app if anything reads wrong.

As a producer

We collect your email, display name, studio URL (slug), currency, timezone, and brand settings — the things you enter during onboarding and in /dashboard/settings. We store these to render your portfolio and operate your studio. We store nothing you don't tell us.

When a lead opens your link

When someone clicks a /m/<token> URL you sent, we log: the time of the open, an approximate IP (from the proxy headers), a short user-agent string, and the referring URL (if the browser provides one). This is shown to you as analytics (opens, devices, dwell time). We do not share this with anyone.

What we don't do

  • No third-party analytics, trackers, or ad pixels.
  • No cross-site cookies.
  • No selling or sharing of producer or lead data.
  • No email marketing lists built from your lead opens.

Magic link tokens

The raw tokens we issue are never stored — only a SHA-256 hash. If the database is leaked, an attacker cannot recover working URLs from the hash alone.

Data you own, data you can delete

You can delete your profile and all related data (portfolio tracks, magic links, analytics) by emailing privacy@skitza.app — we'll comply within 7 days. A self-serve delete button lands soon.

Processors we use

  • Authentication — Clerk (USA)
  • Database — Neon Postgres (EU · Frankfurt)
  • Hosting — Vercel (USA / Global edge)