Python Visuals · An Apeiron Company

Privacy Policy

Effective May 20, 2026 · Version 2.3

1. Who We Are

Apeiron is a web design and software agency currently operating under the registered business name Python-Visuals Web Design (Long Island, New York) while a New York limited liability company is in the process of formation. Throughout this Privacy Policy, "Apeiron," "we," "us," and "our" refer to this operating entity. If and when the LLC is formed, this Privacy Policy will be updated to reflect the new legal name and a transition notice will be posted.

This Privacy Policy applies to the following properties, which we collectively refer to as the "Apeiron Network":

  • apeironweb.com — the Apeiron Command Center, including the login page, the founder dashboard, the client portal, the public legal pages, and any subpages hosted on this domain.
  • python-visuals.com — our public-facing site, presenting the Apeiron OS productized service plans, services catalog, case studies, capabilities, partner network, and contact forms.
  • blackoutmedia.org, blueprintmedia.club, sydneyssweets.com — active client sites that we build, host, and maintain on behalf of the named client businesses. On these sites, Apeiron acts as a data processor rather than a data controller (see Section 9).

This Policy does not cover the data practices of the client businesses themselves — their own policies govern how they, as controllers, use any personal information they collect from their end customers through the sites we build for them.

2. What Information We Collect

The information we collect depends on which part of the Apeiron Network you are using and in what capacity. We have tried to describe this as plainly as possible.

If you are a visitor to apeironweb.com or python-visuals.com: We collect your IP address and basic request metadata (browser user agent, referring URL, page viewed, timestamp) through Cloudflare's standard edge logging, which is used for security, performance, and fraud prevention. On Apeiron-owned properties (apeironweb.com, python-visuals.com, dragonwildspvp.com, soulcode.uk) we also receive aggregate, cookieless analytics data through Cloudflare Web Analytics (page views, Core Web Vitals, country-level geography). On externally-owned client sites that we build and host, Cloudflare Web Analytics is currently enabled on blueprintmedia.club and sydneyssweets.com (captured at the time the sites were stood up; written consent from the respective owners is being formalized as of May 2026). We will remove Cloudflare Web Analytics from any client site whose owner declines. We do not use Google Analytics, Facebook Pixel, or any cross-site advertising tracker anywhere in the Apeiron Network.

If you submit one of the forms on python-visuals.com: The site has three forms that collect personal information voluntarily. (1) The Contact form collects your name, email address, business name (optional), and the message you send us. (2) The lead-magnet form ("Get All Three Guides") collects your email address only. (3) The SEO Snapshot form collects your domain and email address. All three forms submit to our formspree-webhook Supabase edge function, which records the submission and forwards it via Resend (transactional email) and Discord (internal notification) to the appropriate recipient. We use the information solely to respond to your inquiry, deliver the requested artifact, or, if the inquiry converts into a client relationship, to deliver services to you. We do not add submissions to any marketing email list.

If you are an Apeiron founder or authorized team member using the Command Center: We collect your email address, chosen password (stored as a salted hash by our authentication provider, never in plaintext), role, display name, task assignments, financial records you create, client and prospect records you create, calendar events, messages you send to other founders, and any notifications generated by your activity. The Command Center is an internal operations tool, and this data is the subject matter of your use of it.

If you are a Python Visuals client using the Client Portal: We display information about your account — your project status, estimates, invoices, photo uploads, and activity history. If you make a payment, we collect your email address and billing name through Stripe Checkout (see Section 5). We do not collect or store your full credit card number or CVV — that information goes directly from your browser to Stripe and never touches our servers.

If you visit one of the client sites we host (blackoutmedia.org, blueprintmedia.club, sydneyssweets.com): The data the site collects — bookings, inquiries, contact form submissions — is collected on behalf of the named client business, not Apeiron. Apeiron's role is to transmit, store, and display that data using the infrastructure described in Section 4. The client business, not Apeiron, determines how that data is used. See Section 9 for more detail on this processor relationship.

3. How We Use Information

We use the information we collect for the following purposes:

  • To provide the services you request. If you ask for a quote, we use your contact information to respond. If you are a client, we use your information to deliver the site, send invoices, and communicate about the work.
  • To operate and improve the Apeiron Network. Basic request logs help us debug issues, monitor uptime, detect abuse, and improve performance.
  • To send you transactional communications. Invoice emails, payment receipts, service notices, and responses to your direct inquiries. We do not send marketing email newsletters as of the effective date of this Policy; if that changes, we will update this Section and obtain appropriate consent where required.
  • To comply with legal obligations. Tax records, financial reporting, contractual recordkeeping, and responses to lawful requests from government authorities.
  • To protect our rights and your safety. Detecting fraud, investigating suspected abuse, enforcing our Terms of Service, and protecting against security threats.

We do not sell, rent, or trade your personal information to third parties for advertising or marketing purposes. We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

4. How We Store and Protect Information

All information described in this Policy is stored using the following infrastructure providers, each of which maintains its own security controls and compliance certifications:

  • Supabase (PostgreSQL database, authentication, file storage): Primary data store for both the Command Center and the Apeiron Network client sites. All tables are protected by Row-Level Security (RLS) policies that enforce data isolation at the database level, independent of any application-layer checks. Passwords are stored using Supabase's default bcrypt-style hashing.
  • Cloudflare (DNS, CDN, edge workers, R2 object storage, Pages hosting, Email Routing): All web traffic to the Apeiron Network transits Cloudflare's edge network. Client photo uploads and similar binary assets are stored in Cloudflare R2.
  • Resend (transactional email delivery): Outbound invoice emails and service notifications are sent through Resend using SPF, DKIM, and DMARC authentication.
  • Stripe (payment processing): Client invoice payments are processed via Stripe Checkout, a hosted payment page operated by Stripe Payments, Inc. Payment card information never touches Apeiron-operated infrastructure.
  • GitHub (source code hosting): Apeiron's codebase is stored in private repositories on GitHub. The code does not contain personal data about users; it contains the software that runs the Network.
  • DocuSign (electronic signatures): Executed contracts and signed documents are stored in DocuSign.

All data is transmitted between your browser and our infrastructure over TLS-encrypted connections. Data is also encrypted at rest by each of the infrastructure providers listed above, per their respective standard practices.

Security does not mean invulnerability. No system is perfectly secure. We maintain an internal Incident Response runbook that defines a 72-hour notification clock anchored to the moment a breach is discovered, aligned with the New York SHIELD Act and the 72-hour notification obligation of GDPR Article 33 for affected EU data subjects. If a breach occurs that materially affects your information, we will notify you and any applicable regulators as quickly as practicable, and within the legally required windows.

5. Third-Party Sub-Processors

The infrastructure providers listed in Section 4 are our sub-processors. Each of them may process limited personal information on our behalf to deliver the underlying service. We choose providers that publish their own Data Processing Agreements, support industry-standard authentication and encryption, and maintain SOC 2, ISO 27001, or equivalent certifications where available.

Current sub-processors and their purposes:

  • Supabase (Supabase Inc., USA) — database, authentication, storage.
  • Cloudflare (Cloudflare, Inc., USA) — DNS, CDN, edge compute, R2 storage, email routing, web analytics.
  • Resend (Resend Inc., USA) — transactional email delivery.
  • Stripe (Stripe Payments Company / Stripe, Inc., USA) — payment processing.
  • GitHub (GitHub, Inc., a subsidiary of Microsoft Corporation, USA) — source code hosting. No customer personal data is committed to repositories.
  • DocuSign (DocuSign, Inc., USA) — electronic signature and contract storage.
  • Anthropic (Anthropic, PBC, USA) — Claude AI inference. Used inside our automations, admin help systems, and customer-facing intelligence features to power reasoning steps. We have submitted an application to the Anthropic Partner Network (status: pending review). When customer data passes through a Claude reasoning step, Anthropic processes it under their published data terms, which prohibit training on customer-submitted content by default.
  • Google (Gmail and Google Workspace) — email inbox for our human support and forwarded privacy contacts. Subject to Google's own privacy policy.

If we add, change, or remove a sub-processor, we will update this list. Clients who have executed a Data Processing Agreement with us will receive advance notice of any material sub-processor change and a reasonable objection window, consistent with the terms of that Agreement.

6. How Long We Keep Information

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. The practical retention periods are:

  • Inquiry and quote records that do not convert into a client relationship: reviewed annually, generally deleted or anonymized after 12 months unless we have reason to expect further contact.
  • Active client records: retained for the duration of the client relationship plus a reasonable archival period (typically 3 years after termination) for dispute resolution, warranty claims, and tax purposes.
  • Financial, invoicing, and tax records: retained for at least 7 years to comply with federal and state tax recordkeeping requirements.
  • Authentication logs, security logs, and Command Center activity history: retained for operational and security auditing purposes, typically 12–24 months.
  • Backups: Infrastructure backups maintained by our sub-processors may contain deleted data for a period defined by their own retention schedules (typically 7–30 days).

When the retention period ends, we delete or anonymize the information, except where longer retention is required by law.

7. Your Rights

Depending on where you live and which part of the Network you interact with, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your personal information, subject to legal retention exceptions (see Section 6).
  • Port your information, receiving a copy in a commonly used machine-readable format.
  • Object to or restrict certain processing activities.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a supervisory authority in your jurisdiction.

New York residents have the protections of the New York SHIELD Act, including breach notification and reasonable security safeguards, which we observe.

California residents (CCPA/CPRA) have the right to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell or share personal information as defined by California law.

Residents of the European Economic Area, United Kingdom, and Switzerland have the rights granted by the GDPR and the UK GDPR. Our legal bases for processing are typically (i) your consent, (ii) the necessity of processing for a contract with you, (iii) our legitimate interests in operating and securing the Network, and (iv) compliance with legal obligations. If you are contacting us from one of these regions and wish to exercise your rights, please note that Apeiron is a US-based operator and your data may be processed in the United States.

To exercise any of these rights, email privacy@apeironweb.com with your request and enough information for us to identify the records you are asking about. We will respond within 30 days (or the shorter period required by your jurisdiction).

8. Cookies and Similar Technologies

The Apeiron Network uses the smallest practical set of cookies and browser storage. We do not use advertising, profiling, or cross-site tracking cookies anywhere on the Network.

For a full, detailed breakdown of every cookie, localStorage key, and sessionStorage key used, which part of the Network uses it, what it does, and how long it persists, see our Cookies Notice.

9. Client Sites and Our Processor Role

When you visit a website we have built and host on behalf of one of our clients — for example, blackoutmedia.org, blueprintmedia.club, or sydneyssweets.com — the information that site collects from you (bookings, contact forms, inquiries) is collected by the named client business as the data controller. Apeiron's role, and the role of our infrastructure providers, is to act as a data processor on that client's behalf — transmitting, storing, and displaying the information as instructed.

Practically, this means:

  • The client site's own published privacy policy (if any) governs how your information is used.
  • If you want to exercise data subject rights against a client site's data, contact that business directly. They will, in turn, contact us as their processor if they need us to retrieve, export, or delete data from the underlying database.
  • Apeiron will not use client-collected data for our own purposes. We will not merge it with our own customer records. We will not market to the client's customers under the Apeiron brand.
  • Where required, Apeiron executes a Data Processing Agreement with the client defining the scope, duration, and security measures of the processor relationship.

If you are unsure whether a site is an Apeiron Network client site and want to know which entity is the controller of your data, email privacy@apeironweb.com and we will identify the controller and route your request to them.

10. International Data Transfers

Apeiron operates from the United States. Our infrastructure sub-processors (Supabase, Cloudflare, Stripe, Resend, and others) may store, process, or transit data through data centers in the United States, the European Union, and other regions depending on where their edge infrastructure is located and where you are accessing the service from.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, your personal information may be transferred to and processed in the United States. Where such transfers occur, we rely on legally recognized transfer mechanisms — typically the Standard Contractual Clauses published by the European Commission — as implemented by our sub-processors' own data processing terms.

11. Children

The Apeiron Network is not directed to children under 13 years of age, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided personal information to us, please email privacy@apeironweb.com and we will delete the information promptly in accordance with the U.S. Children's Online Privacy Protection Act (COPPA).

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, infrastructure, or legal obligations. When we make a material change, we will update the effective date at the top of this page and, where practical, post a notice on apeironweb.com or send a notice to registered users. The current version is always available at python-visuals.com/legal/privacy.

13. Contact

If you have any questions about this Privacy Policy or how we handle your information, please contact us:

Apeiron — Privacy Contact
Email: privacy@apeironweb.com
Postal: Long Island, New York, United States

We are committed to resolving any concern you have about your privacy directly and in good faith before any formal complaint is necessary.