Privacy Policy

This policy explains what madcoolhifi.com collects, why, and what you can do about it. It covers the main site (madcoolhifi.com), the auth bridge (auth.madcoolhifi.com), and the HighLevel Marketplace integration that connects a dealer's HighLevel sub-account to Mad Cool HiFi.

What we collect

Account data — when you sign in with a magic link we store your email address and a Supabase-issued user id. If you become a member we also store the Stripe customer id and subscription status.

Session data — a signed, HttpOnly cookie holding an HS256 JWT with your user id and a single membership flag. It expires after seven days.

Usage data — Vercel Analytics records aggregate page-view counts without cookies. PostHog records page-views and button clicks if you opt in via the consent banner — anonymous, no PII, no mouse-movement, no session-replay.

Error data — Sentry collects stack traces when the site crashes, with request query params scrubbed for secrets. Used to debug, never to identify visitors.

HighLevel sub-account data (Marketplace integration)

When a dealer installs the Mad Cool HiFi app from the HighLevel Marketplace and authorizes the connection, we receive an OAuth access token and refresh token scoped to that single sub-account. We store the token pair in our own Supabase project, encrypted at rest by the provider and isolated by row-level security so only our service-role key can read it. The refresh token rotates on every refresh; we persist the new value before responding to the API call so a lost rotation cannot leave the install in an unrecoverable state.

Scopes we request and what they let us do:

• contacts.readonly, contacts.write — read contact records to drive monthly reporting and lifecycle dashboards; write managed-service tags (e.g. mch:foundation:lead) to segment outreach.
• conversations.readonly, conversations/message.write — audit response times and send templated review-request and follow-up messages on the dealer's behalf.
• opportunities.readonly, opportunities.write — pipeline metrics and stage transitions when our team works leads.
• calendars.readonly, calendars/events.readonly — surface upcoming appointments and booked/no-show metrics.
• workflows.readonly — verify the deployed snapshot's workflows are installed and active.
• locations.readonly, users.readonly — identify the connected sub-account and map our team's actions to specific HL user IDs for an audit trail.

We do not request agency-level scopes (no oauth.*, snapshots.*, companies.*), billing or payment scopes, social- planner write scopes, or the SaaS-mode location-provisioning scopes. We do not export contact lists from one connected sub-account to any other party.

Webhook data — we subscribe to lifecycle webhooks (contact, opportunity, appointment, and inbound-message events) and store the raw event payloads in ghl_webhook_events for 90 days for debugging and idempotent processing. Each event is signature-verified against HighLevel's published Ed25519 public key before it is accepted; unsigned or invalid-signature events are rejected.

Per-sub-account isolation — every connected sub-account holds its own token pair and its own webhook event history. We never cross-reference data between sub-accounts and never share one dealer's HighLevel data with another dealer.

Revoking access — uninstall the Mad Cool HiFi app from the HighLevel sub-account install screen at any time. Uninstalling invalidates the access and refresh tokens within minutes; we stop reading and writing immediately. To request deletion of the retained webhook events for an uninstalled sub-account, email hello@madcoolhifi.com.

What we don't collect

We do not sell data, share it with advertising networks, or build marketing profiles. We do not track you across sites you don't own. We do not read the contents of files you upload outside of what's strictly required to serve them back to you.

Who we share it with

Data is processed by the vendors that run the stack: Supabase (database + auth), Vercel (hosting + analytics), Stripe (payments), Fastmail (transactional email), PostHog (product analytics, opt-in only), Sentry (error tracking), BetterStack (uptime monitoring + log aggregation). Each is bound by its own DPA and we never grant them more access than the service needs.

For the HighLevel Marketplace integration, the dealer who installed the app is the data controller for that sub-account's HighLevel data; Mad Cool HiFi acts as a processor under the dealer's instructions and only on the connected sub-account. We do not transfer HighLevel sub-account data to any third party other than the infrastructure vendors above.

Your rights

You can request an export or deletion of your account data at any time by emailing hello@madcoolhifi.com. We respond within 30 days. EU/UK residents have the rights described in GDPR Article 15-22; California residents have the rights described in CCPA §1798.100-1798.150.

Retention

Account rows live as long as the account exists. HighLevel OAuth token pairs are deleted when the dealer uninstalls the integration. HighLevel webhook event logs are kept 90 days from receipt. Aggregate analytics are kept indefinitely but are not tied to your identity after deletion.

Changes

Material changes to this policy will be announced by email to active members at least 14 days before they take effect.