PRIVACY

Privacy policy.

Last updated May 19, 2026

Plain-English version: we collect only what we need to run the Club, never sell your data, and delete it on request. If something here is unclear, email [email protected].

What we collect

  • Email — for sign-in (magic link) and billing.
  • Name — optional; collected at Stripe Checkout if you provide one.
  • Discord identity — if you connect Discord: your Discord user ID, username, and avatar hash. We do not store your Discord access or refresh tokens.
  • Billing details — anything you type into the invoice notes field on your account page (company name, VAT ID, address). We never see your card number — that goes directly to Stripe.
  • Audit events — sign-ins, admin actions, Discord membership changes, and Stripe purchase events, retained for security review.
  • Session metadata — IP address and user agent are stored per active session for security review.

What we don't collect

  • Payment card numbers — those live with Stripe.
  • Analytics, ad pixels, session replay, tracking cookies, fingerprinting. No Google Analytics, no Mixpanel, no Hotjar.
  • Anything about you from third parties. We don't enrich, append, or buy data.

Who we share data with

Only the operational vendors that make the Club work:

  • Stripe — payment processing. Your name, email, and billing details flow through Stripe Checkout.
  • Resend — transactional and Club-member email. We sync member emails to a single "Club Members" segment.
  • Discord — guild membership. We send your Discord ID to add or remove you from the server.
  • Sentry — server-side error tracking, with personally-identifiable information scrubbed before send.
  • Cal.com — booking iframe on the advisory page. Loads in your browser; we don't send anything server-side to Cal on your behalf.
  • Railway — hosting (app servers, Postgres, Redis).

We do not sell your data. We do not share it with advertisers, brokers, or anyone outside the list above.

How long we keep it

  • Account, membership, and Discord-connection records: retained for the life of the account. Deletion on request — see below.
  • Audit events: retained indefinitely for security review.
  • Invoice and purchase records: retained for at least 7 years to satisfy US tax recordkeeping rules. These remain on file even after account deletion.
  • Magic-link sign-in tokens: expire 24 hours after issuance.

How to delete your data

Email [email protected] from the address on your account and ask us to delete it. We'll remove your personal data within 30 days, except invoice records we're legally required to keep — those are retained but isolated from your active account.

Cookies

One signed session cookie (session_id) so you stay logged in. Marked HttpOnly and SameSite=Lax; served only over HTTPS in production. No tracking cookies, no third-party cookies.

Where data lives

Our database and app servers are hosted by Railway. Stripe, Resend, Discord, Sentry, and Cal.com store data per their own policies — links: Stripe, Resend, Discord, Sentry, Cal.com.

Changes

We'll update this page when we change how data flows. Material changes get emailed to active members.

Contact

[email protected]. Operated by Initial Commit, United States.