Privacy Policy
Privacy-first by design. Every free assessment runs entirely in your browser. We never receive your assessment answers. We collect email and purchase data only when you explicitly provide them — and only to deliver what you asked for.
1. What we collect, and what we do not
The table below is exhaustive. Anything not listed here, we do not collect.
| Data | When collected | Where stored |
|---|---|---|
| Email address | If you opt in to receive a free guide after taking a free assessment. | Our email-service provider (see §3 Sub-processors). |
| Purchase information (name, email address, billing country, order reference) | When you purchase a paid edition. | Lemon Squeezy, our payment provider, who acts as Merchant of Record (see §3). |
| Support correspondence | When you email support@sylvanassurance.com. | Our email inbox at the same provider. |
| Aggregate website traffic counts (page views, country at country level, no individual identification) | On every page request. | Cloudflare's server-side traffic analytics. No JavaScript injection. No cookies. |
What we explicitly do not collect:
- Free-assessment answers. Every free assessment runs entirely in your browser. Your answers are scored locally and displayed to you. They are never transmitted to us or to any third party.
- Behavioural analytics. We do not use Google Analytics, Mixpanel, Heap, FullStory, Hotjar, or any equivalent client-side analytics tool.
- Tracking cookies. The site sets no advertising or behavioural-tracking cookies. The only cookies set are strictly-necessary cookies for the payment-provider checkout flow.
- Cross-site tracking. We do not embed pixels, web beacons, or scripts that would allow third parties to track you across other sites.
- Sensitive categories. We do not collect biometric data, government-issued identifiers, racial or ethnic origin, religious beliefs, political opinions, trade-union membership, sexual-orientation data, criminal-record data, or health data.
- Data about children. Our services are not directed at and not knowingly used by individuals under the age of 16.
2. How we use the data we do collect
- Email address (free-guide flow). To deliver the free guide you requested and to send a 5-email lifecycle sequence about the related product. You may unsubscribe at any time using the link in any of those emails.
- Purchase information. To complete the purchase, deliver the product files, send transactional confirmations, send a 5-email post-purchase onboarding sequence, and provide product support.
- Support correspondence. To respond to your support request.
- Aggregate traffic counts. To understand which pages are visited (in aggregate, never per-individual) so we can improve the site.
We do not use any of this data for advertising. We do not sell any of this data. We do not share any of this data with parties other than the sub-processors listed in §3, who process it strictly on our behalf.
3. Sub-processors
We use a small set of third-party services to operate the business. Each is named below with the data they process on our behalf and their compliance status.
| Sub-processor | Purpose | Data processed |
|---|---|---|
| Lemon Squeezy | Payment processing and fulfilment, as Merchant of Record (handles US sales tax, EU and UK VAT, AU and CA GST). | Purchase information (name, email, billing country, order reference). |
| An email-service provider (currently selected from MailerLite, ConvertKit, or Klaviyo — to be confirmed at launch) | Sending free-guide emails, lifecycle sequences, and support replies. | Email address, optional first name (for buyer flows only), and email engagement events (opens, clicks, unsubscribes). |
| Cloudflare | Content delivery, DDoS protection, and server-side aggregate traffic analytics. | Request data (Internet Protocol address, user agent, referrer, country at country level). Retained only in aggregate for the purpose of trending; no per-individual identification. |
If we change sub-processors, we will update this policy and announce the change in a release note on the corporate site. Material changes that affect existing customers are communicated to those customers by email.
4. Your rights
Depending on where you live, you may have one or more of the following rights:
- Right of access. Request a copy of the personal data we hold about you.
- Right of rectification. Request correction of inaccurate or incomplete data.
- Right of erasure ("right to be forgotten"). Request deletion of your data, subject to legal-retention exceptions.
- Right of restriction. Request that we limit how we process your data.
- Right of data portability. Request a machine-readable copy of the data you have provided.
- Right to object. Object to processing based on legitimate interests or for direct marketing.
- Right to withdraw consent. Where processing is based on consent, you can withdraw it at any time. Withdrawing consent does not affect processing carried out before withdrawal.
- Right to lodge a complaint. If you are in the European Economic Area, the United Kingdom, or Switzerland, you can lodge a complaint with your local data-protection supervisory authority. If you are in California or another US state with comparable rights, you can contact your state attorney general.
To exercise any of these rights, email support@sylvanassurance.com. We respond to verified rights requests within 30 days (sooner where required by applicable law).
5. International transfers
Sylvan Assurance, LLC is based in Vermont, in the United States. Our sub-processors operate from a mix of US and EU regions. Where personal data of European Economic Area, United Kingdom, or Swiss data subjects is transferred outside those regions, transfers rely on the European Commission's Standard Contractual Clauses (or the equivalent UK International Data Transfer Agreement / Swiss-US Data Privacy Framework), and we conduct transfer impact assessments where required by applicable law.
6. Retention
- Lead-magnet subscribers. Email address retained until you unsubscribe, plus a small suppression-list entry afterwards to honour your unsubscribe request.
- Buyers. Purchase information retained for the duration of the customer relationship plus seven years afterwards for accounting and tax purposes.
- Support correspondence. Retained for two years after the most recent message in the thread, then deleted.
- Aggregate traffic counts. Cloudflare retains aggregate traffic statistics for 30 days at the high-resolution level and indefinitely at the monthly-summary level.
7. Security
We protect your data through technical and organisational measures appropriate to the risk, including:
- Transport Layer Security (HTTPS) for all data in transit between your browser and our infrastructure.
- Multi-Factor Authentication on every administrative account that touches your data, with hardware-key support preferred and Short Message Service codes explicitly disabled.
- Encryption at rest at the storage layer of every sub-processor.
- Documented incident-response procedures, with breach notification to affected individuals without undue delay where required by applicable law (within 72 hours of awareness for European Economic Area data subjects under the General Data Protection Regulation).
8. Cookies
The corporate website at sylvanassurance.com sets no advertising or behavioural-tracking cookies. The only cookies present are strictly-necessary cookies set by the payment provider (Lemon Squeezy) during checkout. Those cookies are essential to complete a purchase; they are not used for tracking outside the checkout flow.
9. Changes to this policy
If we change this policy materially, we will:
- Update the document version and the effective date at the bottom of this page.
- Publish a brief release note explaining the change at the top of this page for 30 days.
- Notify subscribers and customers by email where the change materially affects their rights.
10. Contact
For any privacy question, request, or complaint, email support@sylvanassurance.com. A real person reads every email.
If your question concerns a specific paid edition, mention the edition by name (for example, "TrustReady — Solo Edition") and your order reference, if you have one, so we can respond accurately.
Document version 1.0 — effective upon first publication. This is the umbrella Privacy Policy for the Sylvan Assurance, LLC corporate website and all paid editions. Where any per-product Privacy Notice document is in effect, the substantive content is the same; this umbrella version is the single source of truth.