Privacy Policy

Effective March 3, 2026

Introduction

no-mess ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our headless CMS platform.

Information We Collect

We collect the following categories of information:

Account Data (via Clerk)

Email address, display name, avatar URL, and Clerk user ID. Collected during registration and authentication.

Content Data

Content types, entries, field values, and assets that you create and manage through the Service.

Site Configuration

Site names, slugs, API keys, preview settings, and other configuration you define for your projects.

Collaboration Data

Access records, team member roles, and invitations associated with your sites.

Shopify Data (Optional)

If you connect a Shopify store: store domain, synced product data, and collection data. This data is only collected when you explicitly enable the Shopify integration.

Usage Analytics (via PostHog)

Page views, feature usage patterns, browser and device information, and anonymized IP addresses. Collected to improve the Service.

How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve the Service
Authenticate your identity and manage your account
Analyze usage patterns to improve features and user experience
Detect, prevent, and address security issues
Communicate with you about service updates and changes

Third-Party Services

We use the following third-party services to operate the platform. Each has its own privacy policy governing data handling:

Clerk (authentication) — clerk.com/legal/privacy
Convex (database & file storage) — convex.dev/legal/privacy
PostHog (analytics) — posthog.com/privacy
Vercel (hosting) — vercel.com/legal/privacy-policy
Shopify (optional integration) — shopify.com/legal/privacy

Cookies & Tracking

The Service uses the following cookies and tracking technologies:

Session cookies (Clerk) — Required for authentication
Analytics cookies (PostHog) — Used to understand how the Service is used

We do not use advertising cookies or sell your data to third parties.

Data Retention

Active accounts — Data is retained for the duration of your account
Deleted accounts — Data is retained for 30 days after deletion, then permanently removed
Preview sessions — Preview tokens expire after 10 minutes

Data Security

We implement appropriate technical measures to protect your data:

All data transmitted over HTTPS
HMAC-SHA256 signed preview tokens
Password hashing managed by Clerk
Encryption at rest provided by Convex
Tenant-isolated data access at the application level

Your Rights

You have the right to:

Access your personal data stored in the Service
Correct inaccurate information in your account
Delete your account and associated data
Export your content data

To exercise any of these rights, contact us at support@nomess.xyz.

Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

International Data

Your data is processed and stored in the United States. By using the Service, you consent to the transfer of your information to the United States.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the effective date at the top of this page and notify you through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

Contact

If you have questions about this Privacy Policy, contact us at support@nomess.xyz.