Privacy Policy

Who we are

This Privacy Policy explains how The Algo Catalog ("we", "us", "our") collects, uses, shares, and protects your personal information when you visit this website or purchase from us. We are a sole proprietorship based in Orem, Utah, United States, and we act as the data controller for purchases made through this site.

What we collect

We collect only what is necessary to operate the storefront, deliver the product, and provide support.

• Order data: your name, email address, billing address, country, and order metadata (order ID, timestamp, product purchased, amount paid). Collected directly via Stripe at checkout.
• Support correspondence: the contents of any email you send to our support address, retained so we can assist you.
• Analytics: page views, referrer, approximate location (city-level), device type, and a small number of named events (which strategy pages you view, when you click a buy or download button, when you start or complete checkout). Collected via Google Analytics 4. GA4 sets first-party cookies that persist for up to 14 months and assign you an anonymous identifier so we can distinguish returning visitors from new ones. We do NOT enable Google Signals, demographics, advertising, or remarketing features. You can opt out at any time using the "Do Not Sell or Share My Personal Information" link in this site's footer; your opt-out is stored locally in your browser. Browsers that send the Global Privacy Control signal (Firefox, Brave, DuckDuckGo, and others) are opted out automatically without any action.
• Server logs: standard request logs (IP address, user agent, request path, timestamp) retained transiently for security and abuse-prevention purposes.

What we do NOT collect

We do not collect payment card numbers, bank account numbers, or other financial credentials — those are handled exclusively by Stripe and never reach our servers. We do not run advertising trackers. We do not build behavioral profiles for advertising. We do not sell, rent, or trade your personal information to anyone. The first-party cookies set by Google Analytics 4 are used solely to count returning visitors and measure our own site funnel; we do not connect them to any advertising network.

How we use your information

• To process your payment (Stripe).
• To deliver the Product via a time-limited download link sent to your email (Resend).
• To respond to your support requests.
• To comply with our legal obligations, including tax reporting (e.g. IRS Form 1099-K via Stripe).
• To detect and prevent fraud, abuse, or violations of our Terms.

We do not use your information for marketing emails unless you explicitly opt in (e.g. by joining a waitlist or newsletter). We do not share your email with other buyers.

Subprocessors we share data with

We share the minimum data necessary with the following service providers, each of whom is contractually obligated to protect it:

• Stripe, Inc. — payment processing. Sees your name, email, billing address, payment instrument. See stripe.com/privacy.
• Resend (Resend Inc.) — transactional email delivery. Sees your email address and the contents of receipts and download messages.
• DigitalOcean — website hosting, file storage (Spaces), and the orders database. Sees order metadata; does not see payment data.
• Google LLC (Google Analytics 4 + Google Tag Manager) — site analytics. Sees event data (pages viewed, anonymous device/browser identifier, approximate location, referrer, and the named events listed above). Does not see your name, email, payment data, or precise location. See policies.google.com/privacy. You can opt out per the "Cookies" section below.

We may disclose your information if required by law, court order, or to enforce our Terms or protect our rights.

How long we keep it

• Order records: retained for at least seven (7) years to comply with U.S. tax-recordkeeping requirements.
• Support emails: retained for up to three (3) years from the date of the last message in the thread.
• Server logs: retained for up to 30 days, then deleted.
• Google Analytics 4: event-level data retained for up to 14 months, then auto-deleted by Google. Aggregate reporting may persist longer.

International transfers

Our servers and subprocessors are located primarily in the United States. If you access the site from outside the U.S., your information will be transferred to and processed in the U.S., which may have different data-protection laws than your home jurisdiction. By purchasing, you consent to this transfer.

Security

We protect your data with industry-standard measures: HTTPS for all site traffic (TLS 1.2+), encrypted-at-rest storage for orders and files, principle-of-least-privilege access controls, and isolation of payment data with Stripe. No system is perfectly secure; we cannot guarantee absolute protection against unauthorized access. In the event of a data breach affecting your personal information, we will notify you and applicable authorities as required by law.

Your rights

You have the right to:

• Request a copy of the personal data we hold about you.
• Request that we correct inaccurate or incomplete data.
• Request that we delete data we no longer have a legal obligation to retain.
• Object to certain uses of your data.
• Withdraw consent at any time (subject to the legal effect of past processing).

To exercise any of these rights, email the support address with your order ID. We will respond within 30 days. We may need to verify your identity (typically by confirming you control the email used at purchase) before acting on a request. Note: we are legally obligated to retain certain records (e.g. for tax purposes) and may decline a deletion request to that extent.

California residents (CCPA / CPRA)

If you are a California resident, you have the same rights described above and the following additional rights: (a) the right to know what personal information we collect, use, and disclose; (b) the right to opt out of "sale" or "sharing" of personal information — exercise this right via the "Do Not Sell or Share My Personal Information" link in this site's footer, or by enabling Global Privacy Control in your browser; (c) the right to non-discrimination for exercising your rights. We do not knowingly sell personal information, and we do not share it for cross-context behavioral advertising. To exercise other CCPA/CPRA rights not covered by the opt-out link, contact support.

Children's privacy

The Product is intended for adults aged 18 or older. We do not knowingly collect personal information from anyone under 18. If you believe a child under 18 has provided us with personal information, contact support and we will delete it.

Cookies, opt-out, and Global Privacy Control

We use two categories of cookies:

• Strictly necessary: a short-lived cookie required for the Stripe Checkout flow; it expires when you close your browser. Cannot be disabled without breaking checkout.
• Analytics: first-party cookies set by Google Analytics 4 that persist for up to 14 months. They store an anonymous identifier so we can distinguish returning visitors from new ones and measure our funnel.

How to opt out: click the "Do Not Sell or Share My Personal Information" link in this site's footer. Your preference is stored locally in your browser; once set, our analytics loader will refuse to fire on every subsequent page load. If your browser sends a Global Privacy Control (GPC) signal — Firefox, Brave, DuckDuckGo, and others do so by default — you are opted out automatically without any action. We treat GPC as equivalent to a verified opt-out request under California law.

The Do Not Track ("DNT") browser signal is non-standardized and ignored by most sites; we honor GPC instead because it is the standard adopted by California and several other state regulators.

Changes to this policy

We may update this Privacy Policy. The effective date at the top of the page will change. Material changes (e.g. adding a new category of data, a new subprocessor, or a new use) will be summarized at the top of the policy for 30 days following the change.

Contact

Privacy questions or requests: use our contact form. Postal mail: The Algo Catalog, Orem, Utah, United States.