Privacy Policy

Effective date: April 3, 2026 · Last updated: April 3, 2026

Introduction

Gardenpatch ("we," "us," or "our") is committed to protecting the privacy and security of our users' personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at gardenpatch.xyz, purchase our products, or use our services.

Information We Collect

Information you provide directly

• Contact information: name, email address, phone number (when voluntarily provided via forms)
• Payment information: processed securely through Stripe — we never store credit card numbers on our servers
• Communications: messages you send through our contact form or email
• Newsletter subscription: email address for our newsletter ("The Growth Spurt")

Information collected automatically

• Usage data: pages visited, time spent, referring URL, browser type, device type
• IP address: used for analytics, security, and approximate geographic location
• Cookies and similar technologies: see Cookie Policy section below

Cookie Policy

We use the following types of cookies:

• Essential cookies: required for the site to function (e.g., workbook access tokens, session management). Cannot be disabled.
• Analytics cookies: help us understand how visitors use our site (Google Analytics/Vercel Analytics). Collect anonymized usage data.
• Functional cookies: remember your preferences (e.g., portal progress stored in localStorage — not transmitted to our servers).

We do not use advertising or tracking cookies. We do not serve third-party ads. You can manage cookies through your browser settings. Disabling essential cookies may prevent certain features (like workbook portal access) from functioning.

How We Use Your Information

• To provide and deliver products you purchase (workbooks, playbooks)
• To send you our newsletter (only if you opted in — you can unsubscribe anytime)
• To respond to your inquiries and provide customer support
• To improve our website, products, and services through analytics
• To process payments securely through Stripe
• To comply with legal obligations

We do not sell your personal information. We do not use your data for third-party lead generation or affiliate marketing.

Third-Party Service Providers

We share data with the following service providers who process data on our behalf:

• Stripe — payment processing (PCI DSS compliant)
• Mailgun — transactional email delivery (newsletter, purchase confirmations)
• Vercel — website hosting and edge functions
• Google Analytics / Vercel Analytics — anonymized website usage analytics

Each provider is bound by their own privacy policies and data processing agreements. We only share the minimum data necessary for each service to function.

Data Retention

• Contact form submissions: retained for 2 years, then deleted
• Newsletter subscribers: retained until you unsubscribe
• Purchase records: retained for 7 years (tax/legal compliance)
• Analytics data: retained for 26 months (Google Analytics default), then automatically aggregated and anonymized
• Playbook access tokens: expire after 1 year

Data Security

We protect your data with industry-standard security measures including:

• HTTPS encryption on all pages (TLS 1.3)
• HSTS with 2-year preload for forced encrypted connections
• HMAC-signed tokens with timing-safe comparison for access control
• HttpOnly, Secure, SameSite cookies to prevent XSS and CSRF attacks
• Content Security Policy headers restricting script execution
• Payment data handled entirely by Stripe (PCI DSS Level 1 compliant) — never touches our servers

Your Rights Under GDPR (EU/EEA Users)

If you are located in the EU or EEA, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict processing of your data
• Data portability — receive your data in a structured format
• Object to processing based on legitimate interest
• Withdraw consent at any time

Legal basis for processing: We process your data based on (a) your consent (newsletter signup, form submissions), (b) contractual necessity (workbook purchases), and (c) legitimate interest (analytics, service improvement).

Your Rights Under CCPA (California Residents)

If you are a California resident, you have the right to:

• Know what personal information we collect and how we use it
• Delete your personal information
• Opt-out of the sale of your personal information (we do not sell personal information)
• Non-discrimination — exercising your rights will not result in different pricing or service quality

To exercise any CCPA rights, email privacy@gardenpatch.xyz with "CCPA Request" in the subject line. We will respond within 45 days.

Children's Privacy

Our website and services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at privacy@gardenpatch.xyz and we will promptly delete the data.

SMS Communications

For users who voluntarily provide a phone number and explicitly consent, we may send SMS messages for service-related purposes only (appointment confirmations, meeting reminders). We never send marketing SMS without consent. To opt out, reply STOP to any message or email privacy@gardenpatch.xyz.

International Data Transfers

Our services are hosted in the United States. If you access our site from outside the US, your data may be transferred to and processed in the US. We ensure appropriate safeguards (including standard contractual clauses where applicable) are in place to protect your data during transfer.

Do Not Track

We honor Do Not Track browser signals. When we detect a DNT signal, we disable non-essential analytics tracking.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via a notice on our website or by email. The "Last updated" date at the top reflects the most recent revision. Continued use of our site after changes constitutes acceptance of the updated policy.

Contact Us

For privacy-related inquiries, data access requests, or to exercise your rights:

• Email: privacy@gardenpatch.xyz
• General inquiries: hello@gardenpatch.xyz
• Response time: We aim to respond to all privacy requests within 30 days (45 days for CCPA requests)