Privacy Policy

Last updated: May 24, 2026

This describes what we collect when you visit practiceletter.org or buy the Practice Launch Pack, what we do with it, and what rights you have. We collect the minimum we need to deliver the product and run the business.

What we collect

When you visit the site, we collect only what your browser sends automatically — IP address, browser type, and the page you're viewing. We don't run third-party analytics or advertising trackers. We don't use cookies except as required by Stripe's hosted checkout page.

When you buy the Practice Launch Pack, we collect:

• Email address — to deliver the download link and any updates you're entitled to.
• Name (if provided at checkout) — to personalize the delivery email and order records.
• Payment information — handled entirely by Stripe. We never see your card number. We receive only the order amount, currency, and a Stripe transaction reference.
• Purchase history — order ID, date, product, amount, and refund status.

Why we collect it

We collect this information to deliver the product you bought, to send updates you're entitled to during your 12-month update window, to process refunds if you request one, and to keep accurate financial records for tax purposes.

We do not sell, rent, or share your information with third parties for marketing purposes. We do not maintain a marketing email list. The only emails you receive from us are the delivery email and update notifications during your update window.

Who we share it with (processors)

We use the following service providers to operate the business. Each receives only the information they need for their specific function:

• Stripe — processes your payment. Receives your card information directly (we don't see it). Stripe's privacy policy: stripe.com/privacy
• Resend — sends the delivery email and any update emails. Receives your email address and the message content. Resend's privacy policy: resend.com/legal/privacy-policy
• Cloudflare R2 — stores and delivers the ZIP file via signed URLs. Receives only the encrypted asset; no personal information.
• Neon Postgres — stores your order record (email, name, purchase metadata). Hosted on Neon's serverless Postgres platform. Neon's privacy policy: neon.com/privacy-policy
• Vercel — hosts the website and serverless functions. May log basic request information (IP, user agent, request path) for debugging and abuse prevention. Vercel's privacy policy: vercel.com/legal/privacy-policy
• Namecheap — registers the domain. Does not see any customer data.

How long we keep it

Order records are kept indefinitely for accounting, tax, and product-update purposes. You can request deletion at any time (see "Your rights" below); we will delete identifying information after the relevant retention obligations have lapsed (typically 7 years for tax records).

Your rights (CCPA / GDPR / general)

Regardless of where you live, you have the right to:

• Know what information we have about you
• Receive a copy of that information in a portable format
• Correct any inaccurate information
• Request deletion of your information (subject to legitimate retention obligations)
• Opt out of any marketing communications (we don't send any, but the right exists in principle)

California residents have these specific rights under the California Consumer Privacy Act (CCPA / CPRA):

• Right to know. What categories of personal information we collect and what we do with it (see "What we collect" and "Why we collect it" above).
• Right to delete. Request deletion of your personal information, subject to permitted exceptions.
• Right to correct. Request correction of inaccurate personal information.
• Right to non-discrimination. We will not deny service, charge different prices, or provide a lower-quality product because you exercised a privacy right.
• Right to opt out of sale or sharing. We do not sell your personal information and do not share it for cross-context behavioral advertising, so there is nothing to opt out of.

To exercise any of these rights, email support@practiceletter.org from the email address associated with your purchase. We will respond within 45 days (CCPA standard).

Security

We protect your information with industry-standard practices: HTTPS everywhere, encrypted database connections, scoped credentials for each processor, and minimum data retention. No system is perfectly secure, but we take this seriously. If we ever experience a data breach affecting your information, we will notify you within 72 hours of discovery via the email you provided at purchase.

Children

The Service is intended for licensed mental-health professionals. We do not knowingly collect information from anyone under 18. If you believe we have collected information from a minor, contact us and we will delete it.

Changes

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be announced via email to existing customers within their update window.

Contact

Questions about this policy or your information? Write to support@practiceletter.org.