Privacy Policy 1

Last Updated: October 14, 2025

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site.

1. Information We Collect

1.1 Personal Information You Provide

We collect information that you voluntarily provide to us when you:

• Register for an account

• Subscribe to our newsletter

• Make a purchase or subscription

• Submit a contact form

• Comment on blog posts

• Participate in surveys or promotions

This information may include:

• Name

• Email address

• Payment information (processed securely by Stripe)

• Profile information

• Communication preferences

1.2 Automatically Collected Information

When you visit our website, we automatically collect certain information about your device and browsing behavior:

Essential Information (No Consent Required)

• Authentication data: Session tokens, login status (necessary for account functionality)

• Security data: Hashed IP addresses for fraud prevention, CSRF tokens

• Technical data: Error logs, performance metrics (for maintaining service quality)

Analytics Information (Consent Required)

With your consent, we collect analytics data to improve our content and services:

Geographic Analytics:

• Country and city names (via IP geolocation lookup through IP-API)

• Your IP address is sent to IP-API for lookup but is NOT stored by us

• Only aggregate location data is retained

• Retention: 90 days

Reading Analytics:

• Blog post views and reading duration

• Reading completion rates

• Time of day patterns

• Article engagement metrics

• Fully anonymous - no user IDs or identifiers

• Retention: 90 days

Device & Browser Analytics:

• Browser type and version

• Operating system

• Device type (desktop, mobile, tablet)

• Screen resolution category

• Generic categories only - no device identifiers

• Retention: 90 days

Security Monitoring (Authenticated Users Only):

• Login patterns and account access times

• Session activity for anomaly detection

• Used exclusively for protecting your account

• Retention: 90 days

1.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our website. For detailed information about our use of cookies, please see our Cookie Policy.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Essential Operations (Legal Basis: Contract Performance & Legitimate Interest)

• Create and manage your account

• Process your transactions and subscriptions

• Provide customer support

• Send transactional emails (account verification, password reset, receipts)

• Ensure security and prevent fraud

• Maintain and improve our services

• Comply with legal obligations

2.2 With Your Consent

• Send marketing communications and newsletters

• Collect analytics data to understand user behavior

• Track geographic and demographic trends

• Personalize your experience

• Display relevant content

2.3 Legitimate Interests

• Analyze usage patterns to improve content quality

• Monitor security threats and suspicious activity

• Optimize website performance

• Conduct research and development

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

• Supabase (US): Database hosting, authentication, and backend services

  • Privacy Policy: https://supabase.com/privacy

  • Data shared: Account information, user data, authentication tokens

• Stripe (US): Payment processing for subscriptions and purchases

  • Privacy Policy: https://stripe.com/privacy

  • Data shared: Payment information, billing details, transaction data

• IP-API (US): Geolocation lookup service (only with analytics consent)

  • Privacy Policy: https://ip-api.com/docs/legal

  • Data shared: IP address for lookup (not stored by us)

• CleverReach (Germany): Email marketing and newsletter service (only with consent)

  • Privacy Policy: https://www.cleverreach.com/en/privacy-policy/

  • Data shared: Email address, name, subscription preferences

• Setmore (US): Appointment booking system (if enabled, only with consent)

  • Privacy Policy: https://www.setmore.com/privacy

  • Data shared: Name, email, phone number, appointment details

• OpenStreetMap (UK): Map services (if enabled, only with consent)

  • Privacy Policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy

  • Data shared: Location data for map display, tile requests

3.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

3.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership.

3.4 With Your Consent

We may share your information with third parties when we have your explicit consent to do so.

4. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, particularly the United States. These countries may have data protection laws that differ from those of your country.

Safeguards we implement:

• EU-US Data Privacy Framework compliance (where applicable)

• Standard Contractual Clauses (SCCs) approved by the European Commission

• Additional technical and organizational security measures

• Regular security audits and assessments

5. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention periods:

• Account data: Until you delete your account, plus 30 days for backup purposes

• Transaction records: 7 years (for tax and legal compliance)

• Analytics data: 90 days (automatically deleted)

• Marketing communications: Until you unsubscribe, plus 30 days

• Cookie consent records: 3 years (GDPR compliance requirement)

• Security logs: 90 days (for threat detection and prevention)

After the retention period expires, we securely delete or anonymize your information.

6. Data Security

We implement appropriate technical and organizational measures to protect your information:

Technical Measures

• End-to-end encryption for data transmission (HTTPS/TLS)

• Encrypted storage of sensitive data at rest

• Password hashing using industry-standard algorithms

• IP address hashing (SHA-256) before storage

• Multi-factor authentication (MFA) support for accounts

• Rate limiting and DDoS protection

• Regular security audits and penetration testing

Organizational Measures

• Access controls and principle of least privilege

• Employee security training

• Data processing agreements with all service providers

• Incident response procedures

• Regular backups with encryption

Important: No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

7.1 GDPR Rights (European Economic Area)

If you are in the EEA, you have the following rights:

• Right to access: Request a copy of your personal data

• Right to rectification: Request correction of inaccurate or incomplete data

• Right to erasure ("Right to be forgotten"): Request deletion of your data

• Right to restrict processing: Request limitation of how we use your data

• Right to data portability: Receive your data in a portable format

• Right to object: Object to processing based on legitimate interests

• Right to withdraw consent: Withdraw consent at any time (without affecting prior processing)

• Right to lodge a complaint: File a complaint with your local data protection authority

7.2 CCPA Rights (California Residents)

If you are a California resident, you have the following rights:

• Right to know: Request disclosure of personal information collected

• Right to delete: Request deletion of personal information

• Right to opt-out: Opt-out of the sale of personal information (we do not sell your information)

• Right to non-discrimination: Not be discriminated against for exercising your rights

7.3 How to Exercise Your Rights

To exercise any of these rights, you can:

• Email us: [Your Privacy Email]

• Contact form: [Your Contact Page URL]

• Account settings: Manage many settings directly in your account dashboard

• Cookie preferences: Use the "Cookie Settings" link in our footer

We will respond to your request within 30 days. We may need to verify your identity before processing your request.

8. Children's Privacy

Our website is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover that a child under 16 has provided us with personal information, we will delete such information from our systems.

9. Marketing Communications

9.1 Newsletter Subscriptions

With your consent, we may send you marketing emails about our products, services, and content. You can opt-out at any time by:

• Clicking the "unsubscribe" link in any marketing email

• Managing your email preferences in your account settings

• Contacting us directly

9.2 Transactional Emails

We will continue to send you transactional emails (account verification, password resets, receipts) even if you opt-out of marketing communications, as these are necessary for account operation.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to read the privacy policies of any third-party sites you visit.

11. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature. We respect DNT signals and will:

• Not set analytics or marketing cookies when DNT is enabled

• Only use essential cookies necessary for website functionality

• Treat DNT as equivalent to declining optional cookies

12. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Our analytics systems are used solely for aggregate statistics and content improvement, not for individual profiling or automated decisions.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy

• Notify you via email (if you have an account)

• Display a prominent notice on our website

• Request renewed consent where required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

• Email: [Your Privacy Email]

• Contact Form: [Your Contact Page URL]

• Postal Address: [Your Complete Postal Address]

• Data Protection Officer: [DPO Email, if applicable]

15. Supervisory Authority

If you are in the European Economic Area and believe we have not addressed your concerns adequately, you have the right to lodge a complaint with your local data protection supervisory authority.

Find your supervisory authority:
https://edpb.europa.eu/about-edpb/board/members_en

16. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Consent (Art. 6(1)(a)): Marketing communications, analytics cookies, optional features

• Contract Performance (Art. 6(1)(b)): Account management, order processing, service delivery

• Legal Obligation (Art. 6(1)(c)): Tax compliance, fraud prevention, legal requests

• Legitimate Interests (Art. 6(1)(f)): Website security, fraud prevention, service improvement

17. Data Protection Impact Assessment

We have conducted Data Protection Impact Assessments (DPIAs) for high-risk processing activities, including:

• Geolocation tracking and analytics

• Security monitoring and threat detection

• Automated log retention and cleanup

These assessments ensure that privacy risks are identified and mitigated appropriately.