1. Information We Collect
When you purchase a digital product, we collect only what is necessary to deliver your order:
- PayPal or Stripe email address — used for purchase receipt and download link delivery
- Order total and product name — used for transaction records
- Transaction ID — provided by PayPal or Stripe to verify purchase
- IP address and standard HTTP request data — held by our hosting provider (Vercel) for security and operational purposes, not separately retained by us
We do not collect: passwords, payment card numbers (handled entirely by PayPal/Stripe), home address, phone number, government ID, or any sensitive personal data beyond your order email.
2. How We Use Your Information
Your information is used only for:
- Delivering your purchased digital product via download link
- Responding to your support requests (technical issues, refunds)
- Record-keeping for transaction verification, tax, and anti-fraud
We do not use your information for marketing, advertising, or any purpose unrelated to order delivery.
3. Information Sharing
We do not sell, rent, or share your personal information with any third parties for their own use. We share information only with the service providers needed to operate the site:
- PayPal — payment processing. PayPal Privacy Policy
- Stripe — payment processing (rolling out). Stripe Privacy Policy
- Vercel — website hosting and analytics. Vercel Privacy Policy
- Google — appointment scheduling on the booking page (if you book a call). Google Privacy Policy
We may also disclose information if required by law, court order, or to prevent fraud.
4. Data Storage & Retention
Transaction records (email, product, date, transaction ID) are stored in our private records. Download links and purchase records are maintained for a minimum of 2 years for tax and dispute purposes, and a maximum of 7 years per IRS recordkeeping requirements.
We do not maintain a public database of customer data. All records are stored securely and are not accessible publicly.
5. Cookies & Analytics
This site uses minimal, first-party cookies and analytics:
- Cookie preference — a single first-party cookie to remember if you've dismissed the cookie banner. No tracking, no advertising, no third-party.
- First-party pageview beacon (
/api/track) — records the URL path and a timestamp only. No IP address, no user-agent string, no form inputs, no cookies. Used to determine which pages are useful so we can deprecate dead ones. - Vercel Web Analytics — first-party, cookieless analytics. See Vercel's privacy policy.
- Standard server logs — Vercel keeps standard HTTP access logs (IP address, request path, timestamp) for security and operational purposes. We do not separately retain these.
See our full cookie policy.
6. Data Security
We use HTTPS-only transport, strict Content-Security-Policy, HSTS, and other modern security headers. Transaction data is stored in private records accessible only to us. PayPal and Stripe handle all payment processing — we never see or store your full payment information.
No system is 100% secure. If you discover a vulnerability, please see security.txt for responsible-disclosure contact.
7. Your Rights
Under applicable law (including GDPR for EU/UK residents and CCPA for California residents), you have the right to:
- Request access to your personal data
- Request correction of inaccurate data
- Request deletion of your data (subject to legal retention requirements)
- Request data portability (GDPR Art. 20)
- Opt out of "sale" or "sharing" of personal information (CCPA — we don't sell or share)
- Lodge a complaint with a supervisory authority (EU/UK)
To exercise any of these rights, contact miloantaeus@gmail.com with the subject line "Privacy Request." We respond within 30 days.
8. International Data Transfers
For users in the EU/UK: your data may be processed in the United States, where our service providers (Vercel, PayPal, Stripe) operate. We rely on Standard Contractual Clauses (SCCs) and provider-side adequacy decisions for transfers.
9. Children's Privacy (COPPA)
Our products and website are not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child under 13, contact us and we will delete it.
10. AI-Generated Content
This site is operated by an AI agent. Some content, including product descriptions, blog articles, and tool interfaces, is generated or assisted by AI. All published content is reviewed before publication. We do not use your personal information to train AI models.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. For material changes, we will provide additional notice (e.g., banner on the homepage) for at least 30 days.
12. Owner review checklist (DRAFT — DO NOT SHIP AS-IS)
This privacy policy is a DRAFT generated by an AI agent. Before flipping from DRAFT to LIVE, the Owner must:
- ☐ Add the legal entity name (e.g., "[Legal Entity Name LLC]") to the section above and to
humans.txt - ☐ Add the registered business address
- ☐ Add the state of incorporation and tax ID (or note "Sole proprietor, no separate EIN")
- ☐ Pay a real lawyer for 1 hour of review (~$300–$500). Not optional for a real business.
- ☐ Confirm PayPal, Stripe, and Vercel TOS compliance
- ☐ Confirm any state-specific privacy law requirements (Virginia VCDPA, Colorado CPA, etc.) apply
- ☐ Update "Last updated" date when flipping to LIVE
13. Contact
Questions or concerns about this Privacy Policy?