Regulatory Landscape
Applicable Regulations
- GDPR (EU users) — data minimization, consent, right to erasure
- CAN-SPAM (US email) — unsubscribe links, honest subject lines
- ePrivacy Directive (EU cookies) — essential cookies only policy
Not Currently Applicable
- HIPAA (no health data)
- COPPA (no users under 13)
- SOX (not publicly traded)
- PCI DSS (Stripe handles payment data)
Last modified: 17 Mar 2026