v1 — Working draft. Recommended for legal review before significant client volume.
1. What We Collect
We collect the following data when you use our services:
- Contact information — name, email address, business name, phone (if provided)
- Intake form responses — business details you submit for audits and service engagements
- Payment information — processed by Stripe; we do not store card numbers on our systems
- Service data — client lists, DM exports, booking data, and other materials you provide for campaign execution
- Website analytics — standard Cloudflare analytics (no personal tracking cookies)
2. How We Use Your Data
- To deliver services — your intake data and service materials are used to produce the deliverable you purchased
- To process payments — via Stripe
- To communicate with you — about your engagement, deliverables, and follow-up
- To improve our services — aggregate, anonymized patterns (e.g., "beauty businesses average X% open rates on reactivation campaigns") may inform our methodology. We never share identifying client data publicly.
3. AI Processing
Your data is processed by AI systems as part of service delivery. Specifically:
- Claude API (Anthropic) — your intake data and service materials are sent to the Claude API for analysis, report generation, and campaign creation. Anthropic's data usage policy applies to API calls: as of this writing, Anthropic does not train models on API data.
- DeerFlow — our self-hosted research framework. Runs on our own infrastructure (DigitalOcean, local Docker). Your data does not leave our controlled environment during DeerFlow processing.
- Supabase — database hosting for SplitLedger. Data is stored in Supabase-managed PostgreSQL with row-level security.
We do not use your data to train AI models. We do not share your data with third-party AI providers beyond what is necessary to deliver your purchased service (i.e., Claude API calls).
4. Where Data Is Stored
| Data Type | Storage | Retention |
|---|---|---|
| Contact info & intake forms | Airtable (encrypted at rest) | Duration of engagement + 12 months |
| Payment records | Stripe | Per Stripe's retention policy |
| Service materials (client lists, DM exports) | DYOE Way controlled infrastructure | Duration of engagement + 30 days, then deleted |
| Deliverables (reports, campaigns) | Delivered to client; our copies retained 12 months | 12 months |
| Website analytics | Cloudflare | Per Cloudflare's retention policy |
5. Who Has Access
Your data is accessed by:
- DYOE Way (sole operator) — sole operator with access to all client data
- Stripe — payment processing only
- Anthropic (Claude API) — data in transit during API calls for service delivery
- Cloudflare — website hosting and analytics
- Formspree — intake form submissions (in transit to email)
We do not sell, rent, or share your data with data brokers, advertisers, or any third party not listed above.
6. Your Rights
You have the right to:
- Access — request a copy of the data we hold about you
- Correction — request we correct inaccurate data
- Deletion — request we delete your data (subject to legal retention requirements)
- Portability — receive your data in a standard format
To exercise any of these rights, email info@dyoeway.org. We respond within 30 days.
7. Cookies
dyoeway.org does not set tracking cookies. We use Cloudflare's built-in analytics, which does not use cookies or collect personal data. If this changes, this page will be updated.
8. Children
Our services are designed for business operators. We do not knowingly collect data from anyone under 18. If you believe we have, contact us and we will delete it immediately.
9. Changes
We may update this policy. Material changes will be posted here with an updated effective date.
10. Contact
Privacy questions: info@dyoeway.org