Legal Document

Privacy Policy

Effective Date: 30 May 2026 ■ Version: 1.0 ■ Jurisdiction: US · EU/EEA · Canada

Contents

  • 01Who We Are
  • 02Information We Collect
  • 03How We Use Your Information
  • 04Legal Basis for Processing
  • 05How We Share Your Information
  • 06Data Retention
  • 07International Transfers
  • 08Cookies & Tracking
  • 09Your Privacy Rights
  • 10Do Not Sell or Share
  • 11Data Security
  • 12Children's Privacy
  • 13Data Breach Notification
  • 14Third-Party Links
  • 15Policy Changes
  • 16Contact & Complaints

Covers

GDPR CCPA/CPRA PIPEDA VCDPA CPA (CO) CTDPA TDPSA COPPA CAN-SPAM ePrivacy

Section_01

Who We Are

Deadband Life ("we," "us," or "our") is a consulting and education firm registered as Deadband Life, located in Richmond, Virginia, United States.

We operate the website at www.deadbandlife.com and any associated products, services, courses, or community platforms (collectively, the "Services").

Data Controller / Business GDPRPIPEDA

For purposes of GDPR, Deadband Life is the Data Controller. For purposes of CCPA, we are the "Business" as defined in Cal. Civ. Code § 1798.140.

Privacy Officer / Data Protection Officer

We have designated a Privacy Officer responsible for data protection compliance. Contact: Peter Lavallee at [PRIVACY EMAIL].

EU/EEA residents: Our EU representative under GDPR Article 27 (if required) is: [Not currently required].

Section_02

Information We Collect

We collect personal information you provide directly, information collected automatically through your use of our Services, and information received from third parties.

2.1 Information You Provide Directly

CategoryExamplesSource
IdentifiersName, email address, username, passwordAccount registration, contact forms, waitlist signup
Contact InformationMailing address, phone numberProfile settings, billing, correspondence
Payment & FinancialPayment card type and last four digits, billing addressCourse or product purchase (processed by third-party payment processors; we do not store full card data)
Profile InformationLife stage, financial goals, learning preferences, audit responsesLife Systems Audit, onboarding questionnaire
User ContentMessages, forum posts, badge submissions, uploaded documentsCommunity platform, merit badge system
CommunicationsEmail content, support tickets, survey responsesDirect correspondence, feedback forms

2.2 Information Collected Automatically

CategoryExamplesMethod
Usage DataPages visited, time on page, click paths, features usedServer logs, analytics cookies
Device & Technical DataIP address, browser type, operating system, device type, screen resolutionAutomatic collection upon site access
Location DataCountry/region inferred from IP addressIP geolocation
Cookies & TrackingSession identifiers, preference cookies, analytics identifiersCookies, web beacons, pixels (see Section 8)

2.3 Information from Third Parties

  • Payment processors — transaction confirmation and fraud signals
  • Email service providers — delivery and engagement metrics
  • Analytics providers — aggregated behavioral data
  • Social platforms — if you connect or share content from our Services

2.4 Sensitive Personal Information

We do not intentionally collect sensitive personal information such as Social Security numbers, government IDs, financial account numbers, health data, biometric data, racial or ethnic origin, religious beliefs, or sexual orientation. Please do not submit such information through our Services.

CCPA Category Disclosure CCPA/CPRA

Categories of personal information collected in the preceding 12 months include: Identifiers; Commercial Information; Internet or Other Electronic Network Activity; Geolocation Data (country/region only); and Inferences drawn from the above to create a profile.

Section_03

How We Use Your Information

PurposeDescriptionLegal Basis (GDPR)
Providing ServicesAccount management, course delivery, merit badge system operationContract performance
Early Access / WaitlistProcessing waitlist signups, sending access notificationsConsent / Legitimate interest
Service CommunicationsSending updates, policy notices, and support responsesContract / Legal obligation
MarketingSending newsletters, educational content, and product announcements (opt-in only)Consent
Analytics & ImprovementUnderstanding how Services are used to improve content and featuresLegitimate interest
Security & Fraud PreventionDetecting and preventing unauthorized access, abuse, and fraudLegitimate interest / Legal obligation
Legal ComplianceMeeting obligations under applicable laws, responding to lawful requestsLegal obligation
PersonalizationTailoring content and recommendations based on Life Systems Audit resultsConsent / Legitimate interest

We will not use your personal information for purposes materially different from those described above without prior notice and, where required by law, your consent.

Section_04

Legal Basis for Processing

Applies To EU/EEA Residents GDPR Art.6

Under GDPR Article 6, we must identify a lawful basis for each processing activity. This section applies to individuals in the EU or EEA.

  • Contract Performance (Art. 6(1)(b)): Processing necessary to deliver requested Services, manage your account, and process transactions.
  • Consent (Art. 6(1)(a)): Where you have given clear, freely given, specific, informed consent — for example, subscribing to marketing emails or enabling non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Legitimate Interests (Art. 6(1)(f)): Where processing is necessary for our legitimate interests — such as improving our Services, ensuring security, and preventing fraud — unless overridden by your interests or fundamental rights.
  • Legal Obligation (Art. 6(1)(c)): Where processing is required to comply with applicable law, regulation, or court order.

To withdraw consent or object to legitimate-interest processing, contact us using Section 16.

Section_05

How We Share Your Information

We do not sell your personal information. We share personal information only in the limited circumstances described below.

5.1 Service Providers (Processors)

We engage trusted third-party service providers who process personal information on our behalf under contractual obligations consistent with this Policy. These include:

  • Email delivery: [Provider, e.g., Mailchimp / ConvertKit / Beehiiv]
  • Payment processing: [Provider, e.g., Stripe] — full card data is not stored by us
  • Web analytics: [Provider, e.g., Google Analytics / Fathom / Plausible]
  • Cloud hosting: [Provider, e.g., AWS / Vercel / Netlify]
  • Customer support: [Provider, e.g., Intercom / HelpScout]
  • Community platform: [Provider, e.g., Circle / Mighty Networks]

5.2 Legal and Regulatory Disclosure

We may disclose personal information when required by law, court order, or government request; to enforce our Terms of Service; or to protect the rights, property, or safety of Deadband Life, our users, or the public.

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, personal information may be transferred as part of that transaction. We will provide notice before any such transfer.

5.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

No Sale of Data CCPA/CPRA

We do not sell personal information to third parties for monetary consideration. See Section 10 for our full Do Not Sell or Share disclosure.

Section_06

Data Retention

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements.

Data CategoryRetention PeriodBasis
Account informationDuration of account plus 3 years after closureContract performance; legal claims
Transaction records7 years from transaction dateTax and accounting legal obligations
Marketing communicationsUntil unsubscribe; unsubscribe record retained indefinitelyConsent management; CAN-SPAM / CASL compliance
Waitlist signupsUntil launch plus 12 months, or until you unsubscribeConsent
Support correspondence3 years from last interactionLegitimate interest (dispute resolution)
Analytics / usage data26 months (or per analytics platform settings)Legitimate interest (service improvement)
Audit logs / security data12 monthsSecurity; legal obligation

After the applicable retention period, we securely delete or anonymize personal information. Anonymized, aggregated data may be retained longer for research purposes.

Section_07

International Data Transfers

Deadband Life is based in the United States. If you access our Services from outside the United States, your personal information may be transferred to, stored, and processed in the US or other countries where our service providers operate.

EU/EEA Transfer Safeguards GDPR Ch.V

For transfers of personal data from the EU/EEA to countries without an adequacy decision, we rely on the following GDPR Chapter V safeguards:

  • Standard Contractual Clauses (SCCs): Adopted by the European Commission, incorporated into our data processing agreements with service providers.
  • EU-US Data Privacy Framework: Where our service providers are certified participants.
  • Adequacy Decisions: Where applicable countries have received an adequacy decision from the European Commission.
Canada Transfer Notice PIPEDA

Personal information transferred to the United States may be subject to access by US law enforcement and national security authorities under applicable US law. We take commercially reasonable steps to protect your information as described in Section 11.

Section_08

Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate our Services, analyze usage patterns, and (where you have consented) deliver relevant content.

8.1 Types of Cookies We Use

TypePurposeConsent Required?
Strictly NecessarySession management, security, load balancing — required for the site to functionNo (legitimate interest)
Functional / PreferenceRemembering your settings, language, and login stateNo (legitimate interest)
AnalyticsUnderstanding site usage, page performance, and user journeys (anonymized where possible)Yes (consent)
Marketing / TargetingMeasuring campaign effectiveness; retargeting (if implemented)Yes (consent)

8.2 Third-Party Cookies

Third-party services we use may set their own cookies subject to their own privacy policies. We do not control third-party cookies.

8.3 Managing Cookies

You may manage cookie preferences at any time through our cookie consent banner, accessible via the "Cookie Settings" link in our footer. You may also configure your browser to refuse or delete cookies, though this may affect Services functionality.

8.4 Global Privacy Control (GPC)

We honor the Global Privacy Control (GPC) signal. If your browser transmits a GPC signal, we treat it as a request to opt out of the sale or sharing of personal information for targeted advertising, as required under CCPA/CPRA and applicable US state laws.

8.5 Email Tracking

Marketing emails may contain tracking pixels to determine whether an email was opened and which links were clicked, for analytics and deliverability purposes. You may opt out by unsubscribing or disabling images in your email client.

Section_09

Your Privacy Rights

Depending on your location, you may have specific rights regarding your personal information. We honor all applicable rights and will respond to verified requests within the timeframes required by law.

9.1 Rights Available to All Users

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal exceptions.
  • Withdraw Consent: Withdraw previously given consent at any time without penalty.
  • Opt Out of Marketing: Unsubscribe from marketing emails via the unsubscribe link or by contacting us.
GDPR Rights — EU/EEA Residents GDPR Art.15–22
  • Right of Access (Art. 15): Obtain confirmation of processing and a copy of your data.
  • Right to Rectification (Art. 16): Have inaccurate data corrected without undue delay.
  • Right to Erasure / “Right to be Forgotten” (Art. 17): Have data deleted where certain conditions apply.
  • Right to Restrict Processing (Art. 18): Request that we limit how we use your data in certain circumstances.
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.
  • Rights Related to Automated Decisions (Art. 22): Not be subject to solely automated decisions producing significant legal or similar effects.
  • Response Time: We respond within 30 calendar days, extendable by 2 months for complex requests with notice.
CCPA / CPRA Rights — California Residents CCPA/CPRA
  • Right to Know: Categories and specific pieces of personal information collected, used, disclosed, or sold.
  • Right to Delete: Request deletion of personal information we collected from you.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt Out: Opt out of the sale or sharing of personal information.
  • Right to Limit Sensitive PI: Limit use and disclosure of sensitive personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights.
  • Response Time: We respond within 45 calendar days, extendable by an additional 45 days with notice.
US State Privacy Rights VCDPACPA (CO) CTDPATDPSAOCPA

Residents of Virginia, Colorado, Connecticut, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, Utah, and Florida may have rights including access, correction, deletion, portability, and opt-out of targeted advertising or profiling under their respective state privacy laws. Where applicable, you may also have the right to appeal our decision regarding a privacy request. Contact us using Section 16 to exercise these rights.

Canadian Privacy Rights PIPEDA

Canadian residents have the right to access personal information we hold and to challenge its accuracy. Access requests must be made in writing. We respond within 30 calendar days. You may also file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca.

How to Exercise Your Rights

Submit a Privacy Request

To exercise any right described above, submit a verifiable request using one of the methods below. We will verify your identity before processing. We do not charge a fee for reasonable requests.

By Email

[PRIVACY REQUEST EMAIL]

Authorized Agent (CA)

California residents may designate an authorized agent. We require written authorization and identity verification from both you and your agent.

Section_10

Do Not Sell or Share My Personal Information

We do not sell your personal information for monetary consideration.

Under CCPA/CPRA, "sharing" includes disclosing personal information to third parties for cross-context behavioral advertising, even without monetary exchange. To the extent we engage in any such sharing (e.g., through third-party analytics with advertising components), you have the right to opt out.

Opt-Out Options CCPA/CPRAVCDPAUS States
  • Use the "Cookie Settings" link in our site footer to opt out of analytics and advertising cookies.
  • Enable the Global Privacy Control (GPC) in your browser — we honor GPC signals as a valid opt-out.
  • Submit a "Do Not Sell or Share" request via the contact methods in Section 9.

We do not have actual knowledge that we sell or share the personal information of consumers of any age or those under 16 years of age.

Section_11

Data Security

We implement appropriate technical and organizational security measures designed to protect your personal information against unauthorized access, accidental loss, destruction, alteration, or disclosure. Measures include, where appropriate:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access controls and role-based permissions limiting data access to authorized personnel
  • Regular security assessments and vulnerability monitoring
  • Contractual security requirements with all third-party service providers
  • Employee training on data handling and security practices
Important Notice

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

Section_12

Children's Privacy

Our Services are intended for adults and are not directed to children under the age of 13 (or 16 in the EU/EEA under GDPR Article 8). We do not knowingly collect personal information from children under these ages.

COPPA Notice COPPAGDPR Art.8

If we become aware that we have inadvertently collected personal information from a child under 13 (US) or 16 (EU/EEA) without verified parental consent, we will immediately delete that information. If you believe this has occurred, contact us at [PRIVACY EMAIL].

Section_13

Data Breach Notification

In the event of a personal data breach, we will comply with all applicable legal notification obligations:

  • GDPR (EU/EEA): We will notify the relevant supervisory authority within 72 hours of becoming aware of a breach posing a risk to individuals' rights and freedoms. Where there is high risk to individuals, we will also notify affected individuals without undue delay.
  • US State Laws: We will notify affected individuals and, where required, state attorneys general within the timeframes specified by applicable state breach notification laws (ranging from 30 to 90 days depending on jurisdiction).
  • PIPEDA (Canada): We will notify the Office of the Privacy Commissioner and affected individuals of breaches that create a real risk of significant harm.

Breach notifications will be delivered by email to the address associated with your account, and/or through prominent notice on our website where individual notification is not practicable.

Section_14

Third-Party Links & Services

Our Services may contain links to third-party websites or applications not operated by us. This Privacy Policy does not apply to those third-party services. We have no control over, and assume no responsibility for, the privacy practices of any third-party sites or services.

We encourage you to review the privacy policy of every website you visit before providing any personal information.

Section_15

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will update the "Effective Date" at the top of this page whenever we make material changes.

Where changes are material, we will notify you by:

  • Email to the address associated with your account, and/or
  • Prominent notice on our website for a reasonable period prior to the change taking effect.

Your continued use of our Services after the effective date constitutes acceptance of the updated policy, to the extent permitted by law.

Per CCPA § 1798.130, we review and update this Policy at least once every 12 months.

Section_16

Contact & Supervisory Authority Complaints

Contact Us

For questions, concerns, or requests related to this Privacy Policy or your personal information:

Privacy Contact

Email

[PRIVACY EMAIL]

Supervisory Authority Complaints

If you believe we have not adequately addressed your privacy concern, you have the right to lodge a complaint with the relevant supervisory authority:

  • EU/EEA: Your local Data Protection Authority. Find your authority at edpb.europa.eu.
  • California: California Privacy Protection Agency (CPPA) — cppa.ca.gov. California Attorney General — oag.ca.gov/privacy.
  • Canada: Office of the Privacy Commissioner of Canada (OPC) — priv.gc.ca.
  • US Federal: Federal Trade Commission — ftc.gov/privacy.
Before You File

We encourage you to contact us first. We will do our best to resolve your concern promptly and in good faith.

DB Deadband Life

Build your life with intention, move your systems within the deadband.

■ Systems Active

Privacy Policy Terms of Service Contact

© 2026 Deadband Life. All rights reserved.