Privacy Policy
What we collect, what we don't, and what you can ask us to delete.
Last updated: May 9, 2026 (v0.1.32 — added 5 new lead-magnet captures, Stripe Connect Direct merchant-of-record clarification, ask-the-studio widget disclosure, Make.com forwarding gate) · Vantage Digital LLC, Texas, United States
This policy covers vantagedigital.dev, our products (Cadence, Wealth Command, Operator OS Playbook), and the email + Stripe + AI infrastructure that powers them. We're a small Texas studio. We try to write this in language an actual human can read — and to mean it. The short version is in the box below; the full text is everything underneath.
1. Information we collect
- Contact information you give us: name, email, business name, and any details you submit through forms (intake, contact, founding-coach signup, calculator lead capture, Wealth Command + Operator OS waitlists).
- Optional self-supplied context (foreground enrichment): on certain forms (Coach Revenue & Retention Calculator, App Install Conversion Checklist, Cohort Retention Playbook, Book Audit, Ask the Studio widget) we ask optional dropdown fields like "current platform," "coaching niche," "biggest pain right now," "suspected churn cause." These are collected only when you choose to fill them in — we don't infer them from cookies, IP, or third-party databases. Used to segment our nurture emails to be more relevant. We do not use any cookie-based or IP-based reverse-enrichment vendors (Clearbit Reveal, RB2B, Apollo, ZoomInfo, FullEnrich, etc.) — that's a permanent standing rule.
- Calculator results + checklist scores: when you submit your email at the end of one of our lead magnets, we capture your specific results (e.g., your projected annual savings from the revenue calculator, your install-conversion score from the checklist, your cohort decay numbers from the retention playbook). This is so we can email you a tailored breakdown — not a generic newsletter. The captured results are tied to your email, stored in our Neon Postgres leads table, and accessible only to the studio's admin token-gated dashboard.
- Ask-the-Studio widget submissions: the floating chat-bubble widget on calculator pages captures your email + name + question text when you submit. Same processing pathway as the calculator captures — Brevo for email response, Neon for the leads table. We read every question. Reply within 24 business hours on weekdays.
- Optional Make.com automation forwarding: when activated (governed by the
MAKE_LEAD_WEBHOOK_URL environment variable on Netlify), captured leads are also forwarded to Make.com to fire source-page-specific Brevo nurture sequences. Make.com is a sub-processor under the same DPA terms. If you opt out of marketing emails, the forwarding still occurs but nurture sequences won't fire. Disabling Make forwarding entirely is also possible by clearing the env var.
- Referral attribution: if you arrive via a referral link (e.g.,
?ref=CODE from another customer's link), we store that code in your browser's localStorage for 30 days and submit it on your behalf if you sign up. Used to credit the referring customer with one free month per the /refer program.
- Account & product data (Cadence / Wealth Command): what you create inside the products you use — programs, client rosters, brand settings, financial inputs, AI plan generations, profile pictures (optional, opt-in). This is the data the product needs to actually work.
- Rate-limit telemetry: Cadence enforces per-account caps on expensive operations (e.g., AI plan generation: 10 forced regenerations / hour / user). To do this we record timestamps + bucket name in a
rate_limits table tied to your account, retained until the rate-limit window passes. No content is logged.
- Payment information: Stripe handles all card/bank data on its own infrastructure. We never see, store, or process raw card numbers; we receive only customer IDs and subscription metadata.
- Stripe Connect Direct (Cadence merchant-of-record clarification): Cadence uses Stripe Connect Direct exclusively for coach-to-client payment routing. This means coaches receiving payments through Cadence are themselves the merchant of record on every client transaction — funds flow directly from the client's payment method into the coach's own Stripe account. Vantage Digital LLC never receives, holds, or has access to coach-to-client transaction funds. Stripe's standard processing fee (currently 2.9% + 30¢) applies; we add zero markup. The structural breakdown is at /stripe-connect-direct-vs-platform-merchant. This affects who has the legal seller-of-record status for tax (1099-K filing), dispute resolution, and chargeback handling — that's the coach, not us.
- HELM manual-first commitment (formal policy): HELM does not connect to your bank, brokerage, retirement, or credit card accounts via Plaid, Yodlee, MX, Finicity, or any other aggregator service — and we will not add such integration without an explicit, separately-disclosed opt-in flow. All wealth data in HELM is entered manually by the operator (or imported via CSV files the operator generates and uploads). We hold zero credentials for any third-party financial institution under any circumstances. This is an architectural commitment, not a configurable setting. It will not change via product update without a corresponding privacy policy update first.
- Aggregate traffic counts (no third-party trackers): Netlify parses our server logs to give us page-view counts, top pages, and rough geographic distribution. This happens entirely on Netlify's infrastructure — no client cookies are set, no third-party scripts run, no fingerprinting occurs. The data is aggregated and not tied to individual visitors.
- Cookies + local storage (necessary): session state, referral-attribution code (30-day expiry), and minor UI preferences (theme, dismissed-modal flags). First-party only. These are required for the site to function. We set zero analytics or advertising cookies.
2. How we use the information
- Respond to your inquiries and provide the products and services you request.
- Operate Cadence and Wealth Command — generate AI plans, sync data across your devices, deliver the experience you signed up for.
- Send transactional emails (welcome, password reset, payment receipts, important account notices). These cannot be unsubscribed because they're not marketing.
- Send nurture and marketing emails — only if you opted in. Every marketing email has an unsubscribe link that works.
- Improve the site and product (when consent has been granted to analytics).
- Comply with legal obligations and respond to valid legal requests.
What we don't do with it: we don't sell your personal information to data brokers. We don't use AI inputs (the prompts that go to Anthropic) to train any third-party models. We don't share your roster, client lists, or coaching content with anyone beyond the sub-processors below.
3. Cookies, pixels, and tracking
We do not load any third-party analytics, advertising, or social-media tracking scripts on this site. No Google Analytics. No Meta Pixel. No LinkedIn Insight tag. No retargeting cookies. Zero requests fire to googletagmanager.com, connect.facebook.net, or any equivalent endpoint when you load a page here. You can verify this in your browser's Network tab.
What we do use:
- Netlify server-side analytics — Netlify parses HTTP request logs on its own infrastructure to give us aggregate page-view counts, top pages, and rough geographic distribution. No client-side script runs. No cookie is set. The data is aggregated, not visitor-identifying, and never leaves Netlify.
- First-party cookies (necessary only) — session state, referral-attribution code (30-day expiry), and UI preferences (theme, dismissed-modal flags). These are required for the site to function. We do not set any analytics or advertising cookies.
Browsers signaling Global Privacy Control (GPC) are honored automatically — though there is nothing additional to opt out of, since we don't load any trackers in the first place.
4. How we share information — the actual sub-processor list
We do not sell personal information. We share the minimum necessary data with the following sub-processors, each contractually limited to processing only what their service requires:
- Netlify, Inc. (United States) — site hosting, edge functions, basic server logs.
- Neon, Inc. (United States) — Postgres database storing customer + coach product data.
- Brevo (Sendinblue SAS) (France) — transactional + nurture email delivery, list management.
- Stripe, Inc. (United States) — payment processing, subscription billing, refunds.
- Anthropic, PBC (United States) — AI inference for plan generation, accessed via the Netlify AI Gateway. AI inputs are processed for response generation and are not used to train Anthropic's models per their commercial terms.
- Legal authority — if compelled by law, court order, or governmental authority. We will tell you about any such request unless legally prohibited.
Where personal data of EU/UK/Swiss residents is transferred outside their jurisdiction, transfers are governed by Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum where required.
5. How long we keep things
- Contact + inquiry data: up to 3 years from your last interaction, then deleted on a rolling basis.
- Product data (Cadence / Wealth Command): retained while your account is active. After cancellation, we keep it for 30 days to support reactivation, then permanently delete unless you specifically request earlier deletion.
- Payment records: 7 years for tax + accounting compliance (US IRS retention rules), even after account closure. Financial records may also be required for fraud prevention and chargeback dispute purposes.
- Email lists: until you unsubscribe, then we suppress your address (we keep the suppression record itself per CAN-SPAM but do not send to you again).
- Analytics data: Google's default GA4 retention (typically 14 months) when consented. Aggregate non-personal traffic data may be kept longer.
You may request earlier deletion at any time at hello@vantagedigital.app. Deletion requests are honored within 30 days unless legal retention obligations apply (in which case we'll explain which records we must keep and for how long).
6. Your rights
Depending on where you live, you have at minimum the following rights — and many of these we honor for everyone, regardless of jurisdiction, because that's the bar we want to hold ourselves to:
- Right to know & access: request a copy of the personal data we hold about you.
- Right to correct: tell us if something is wrong and we'll fix it.
- Right to delete: ask us to erase your personal data ("right to be forgotten" in GDPR/UK-GDPR; "right to delete" under CCPA).
- Right to opt out of marketing: unsubscribe from email anytime; reject analytics + advertising cookies via the consent banner or footer "Manage cookies" link.
- Right to portability: request your data in a structured, machine-readable format (JSON or CSV).
- Right to non-discrimination: exercising any of these rights doesn't affect your service or pricing.
California residents (CCPA / CPRA)
You have the right to know what personal information we collect, the right to delete personal information, the right to correct inaccurate personal information, and the right to opt out of "sale" or "sharing" of personal information. We do not sell personal information. Use the "Do Not Sell or Share My Personal Information" link in the site footer to opt out of any "sharing" of personal information for cross-context behavioral advertising.
EU / UK / Swiss residents (GDPR, UK-GDPR)
The lawful bases we rely on are: consent (analytics, marketing email, advertising cookies), contract (delivering the products you've subscribed to), and legitimate interest (operating the business, fraud prevention, security). You have the right to withdraw consent, lodge a complaint with your local supervisory authority, and have your data transferred to another controller.
To exercise any of these rights, email hello@vantagedigital.app. We respond within 30 days (occasionally extended to 60 for complex requests, with notice).
7. Security
We use HTTPS for all site and product traffic, encrypt data at rest in our database, and follow least-privilege access controls for the small team that maintains the systems. Stripe handles payments on PCI-compliant infrastructure. Anthropic and Netlify hold SOC 2 Type II attestations. That said, no system is unbreakable. If we ever experience a data breach affecting your information, we will notify you and applicable regulators within the timeframes required by law (72 hours under GDPR; without unreasonable delay under most US state laws).
Cadence is not HIPAA-compliant and is not a healthcare provider. If you are a coach whose clients include individuals covered by HIPAA, please review our security page and consult your own counsel before storing protected health information in the product.
7a. Consumer health data & biometric information
When clients connect a wearable, log workouts, record body weight, enter recovery / readiness / HRV / sleep, or scan meals, Cadence processes consumer health data. We treat this category with extra care:
- Explicit opt-in: Health-data collection only happens after the client takes an affirmative action — connecting a wearable, manually entering a number, scanning a meal. We never auto-collect health data in the background.
- Purpose limitation: Health data is used to (a) display the client's own progress to themselves, (b) share with the coach they signed up to work with, (c) feed our AI to generate the personalized workout / meal plans the client paid for. We never sell, rent, license, or share health data with third parties for advertising, analytics, or any unrelated purpose.
- No data brokers, ever. We do not sell health data to anyone, under any circumstances.
- Sub-processor list: Health data may pass through Anthropic (AI inference, no training on customer data per Anthropic's enterprise terms), Neon (Postgres database storage), Netlify (hosting / functions), and Supabase (auth). All are SOC 2 Type II attested. Full list at /trust.
- Right to delete: You can delete all your health data at any time from Settings → Export & delete my data. Deletion is permanent within 30 days across primary storage and backups.
- Right to know: You can export everything we hold about you (Settings → Export my data) in machine-readable JSON.
- Retention: Health data is retained as long as your account is active. After cancellation, we retain for 90 days for billing reconciliation, then permanently delete unless you request earlier deletion.
- Children: We do not knowingly collect health data from anyone under 18. Coaches working with minors must obtain verified parental consent and disclose Cadence's processing.
Washington My Health My Data Act (RCW 19.373): Washington residents have the additional right to withdraw consent for the collection, sharing, or sale of consumer health data, and to have us delete their consumer health data on request. Contact hello@vantagedigital.app with the subject line "MHMDA Request" — we respond within 45 days.
Nevada SB 370 / Connecticut PHIA / Maryland MODPA: Same rights apply for residents of these states.
What this is NOT: Cadence is a coaching tool. The data we collect is not medical records. We are not a covered entity, business associate, healthcare provider, diagnostic tool, or medical device. Nothing in Cadence — including AI-generated workout or meal plans — constitutes medical advice, diagnosis, or treatment. If you have a medical condition, consult a licensed healthcare provider before starting any new training or nutrition program.
7b. Consumer financial data (HELM)
When operators use HELM to organize accounts, holdings, transactions, tax lots, equity grants, real estate positions, private investments, document uploads, or beneficiary information, we process consumer financial data. We treat this category with extra care:
- Manual-first by design: HELM does not connect to your bank or brokerage via Plaid or any aggregator unless and until you explicitly opt in. Most operators use HELM with manual entry or CSV imports — no live credentials are ever stored.
- Purpose limitation: Financial data is used to (a) display your own positions to you, (b) generate weekly educational insight digests via Claude, (c) answer your own data questions through the AI Q&A feature, (d) compute net worth and goal projections. We never sell, rent, license, or share your financial data with third parties for advertising, analytics, or any unrelated purpose.
- No data brokers, ever. We do not sell financial data to anyone, under any circumstances.
- Sub-processors: Financial data may pass through Anthropic (AI inference, no training on customer data per Anthropic's enterprise terms), Neon (Postgres database), Netlify (hosting / functions), Supabase (auth), and Stripe (subscription billing only — no transaction data flows to Stripe). All are SOC 2 Type II attested. Full list at /trust.
- Document vault encryption: Files uploaded to HELM's document vault (K-1s, statements, tax returns, deeds, trust docs, wills) are encrypted client-side before upload. The encryption key never leaves your device — we operate as zero-knowledge for vault contents.
- Right to delete: You can delete all your financial data at any time from Settings → Export & delete my data. Deletion is permanent within 30 days across primary storage and backups.
- Right to know: You can export everything we hold about you (Settings → Export my data) in machine-readable JSON.
- Retention: Financial data is retained as long as your account is active. After cancellation, we retain for 90 days for billing reconciliation, then permanently delete unless you request earlier deletion.
- MFA available: Multi-factor authentication is available for all HELM accounts and recommended for any account holding above-threshold sensitive data.
Gramm-Leach-Bliley Act (GLBA) alignment: HELM is a software tool, not a "financial institution" as defined in GLBA. We are not subject to GLBA's covered-entity requirements. However, we voluntarily adopt GLBA-aligned safeguards: administrative, technical, and physical safeguards designed to protect the security, confidentiality, and integrity of consumer financial information.
NY DFS Part 500 (Cybersecurity Regulation) alignment: HELM is not a regulated financial institution under NY DFS jurisdiction. We voluntarily align our security program with NY DFS Part 500 best practices: encryption at rest and in transit, MFA, access controls, audit logging, and incident response.
What HELM is NOT: HELM is a software tool. HELM is not a registered investment advisor (RIA), broker-dealer, fiduciary, CPA, tax advisor, insurance agent, or custodian. HELM does not provide individualized investment, tax, legal, or insurance advice. HELM does not custody money, execute trades, or move funds. Insights, summaries, and reports surfaced in HELM are educational observations of data you provide — they are not, and must not be construed as, investment recommendations. Past performance is not indicative of future results. Before acting on any pattern, opportunity, or scenario surfaced by HELM, consult a licensed investment advisor, CPA, or other qualified professional.
8. Third-party links
Pages on vantagedigital.dev may link to third-party websites (competitors on /vs/ pages, vendors on /security, etc.). We don't control those sites' privacy practices and aren't responsible for them. Always read the privacy policy of any site you visit.
9. Children's privacy
Our products are directed to professional adults (coaches, financial operators, business owners). We do not knowingly collect personal information from anyone under 13. If you believe we may have inadvertently collected information from a child under 13, contact us immediately at hello@vantagedigital.app and we will delete it.
Coaches using Cadence with minor clients: you are responsible for obtaining the consent of a parent or legal guardian before collecting any personal data of a minor in your roster, and for compliance with COPPA (US), GDPR-K (EU/UK), and applicable state laws. The Cadence terms reflect this responsibility.
10. Changes to this policy
We may update this Privacy Policy from time to time. Significant changes (new categories of data collected, new sub-processors, expanded data sharing) will be communicated via email to active customers and noted in the public . The "Last updated" date at the top of this page changes whenever any text on this page changes. Continued use of the site or services after a change constitutes acceptance of the updated policy.