Legal
Privacy Policy
This Privacy Policy explains how Helmsmen Lab collects, uses, shares, and protects your personal information when you visit helmsmenlab.com, subscribe to our newsletter, or purchase our digital products. We believe in plain language, not legalese.
1. Who we are
Helmsmen Lab is operated by [COMPANY LEGAL NAME], a company organized under the laws of [STATE OF INCORPORATION], with a principal place of business at [COMPANY ADDRESS]. In this policy, "Helmsmen Lab," "we," "us," and "our" refer to that company. "You" refers to the natural person interacting with our website or services.
For the purposes of the EU General Data Protection Regulation (GDPR), the UK GDPR, and similar laws, Helmsmen Lab is the data controller for personal information processed through our website and services.
2. Information we collect
We collect only what we need to deliver, improve, and bill for our services. The categories below describe what we may collect, how we get it, and why.
2.1 Information you provide directly
- Email address — when you sign up for the free guide, our newsletter, or a paid product.
- Name — when voluntarily provided at checkout or in correspondence.
- Billing details — when purchasing a paid product. Card numbers are handled directly by our payment processor (Stripe) and are never stored on our servers.
- Correspondence — the contents of any messages you send to support@helmsmenlab.com or other contact channels.
- Survey or feedback responses — if you choose to participate in optional reader surveys.
2.2 Information collected automatically
- Usage data — pages visited, referrer URL, approximate session duration, and aggregated click events, collected via a privacy-respecting analytics tool (see Section 5).
- Device and connection data — user-agent string, screen size category, language preference, and a coarse country derived from your IP address. We do not store your full IP address in our analytics logs.
- Email engagement — opens and link clicks on emails we send you, when supported by your email client.
2.3 Information we do not collect
We do not knowingly collect sensitive personal data such as health records, biometric identifiers, government IDs, precise geolocation, or sexual-orientation data. Although our content addresses men's wellness topics, we do not require or store any health information about you. Any self-assessment you do as part of our materials is performed locally on your device and is not transmitted to us unless you choose to email it.
3. How we use your information
We use the information we collect for the following purposes:
- To deliver our products and services — send you the free guide, paid materials, access links, and post-purchase emails.
- To process payments — via Stripe, including fraud prevention and tax compliance.
- To send transactional communications — receipts, refunds, login or download links, customer-service replies, important policy updates.
- To send marketing emails — newsletters, educational sequences, occasional product announcements, only after you have opted in. You can unsubscribe at any time using the link in any email.
- To improve our content and products — analyzing aggregated, non-identifying usage patterns to understand what readers find useful.
- To comply with the law — respond to lawful requests, enforce our Terms, and protect our rights or those of others.
We do not sell your personal information, and we do not use your data to train third-party advertising algorithms.
4. Legal bases for processing (EU/UK readers)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, the GDPR requires us to identify a legal basis for each processing activity. We rely on:
- Performance of a contract — to deliver the products you purchased and provide customer support.
- Consent — for marketing emails and any non-essential cookies. You may withdraw consent at any time.
- Legitimate interests — to operate, secure, and improve our website (for example, server logs and aggregated analytics). We balance these interests against your rights and freedoms.
- Legal obligation — to keep tax and accounting records, respond to lawful requests, and meet other statutory duties.
5. Cookies and tracking technologies
We keep cookies to a minimum. Helmsmen Lab uses a self-hosted, cookieless analytics tool (Plausible / Umami) that does not set persistent identifiers and does not track you across websites. The only cookies we may set are strictly necessary, such as a session cookie required for checkout or a preference cookie remembering your consent choice. For details, see our Cookie Policy.
6. How we share information
We share personal information only with the service providers we need to run the business, and only the minimum data each one requires. We never sell or rent your data.
| Recipient | Purpose | Data shared |
|---|---|---|
| Stripe, Inc. | Payment processing, fraud prevention, tax | Name, email, billing address, card data (collected directly by Stripe) |
| ConvertKit / MailerLite | Email delivery and list management | Email, first name, engagement events, tags |
| Amazon Web Services (S3 + CloudFront) | Hosting digital product downloads | IP address (in transit), download timestamps |
| Railway / Hetzner | Website hosting | Server logs, including IP address (rotated) |
| Backblaze B2 | Encrypted backups of business data | Encrypted blobs only |
| Plausible / Umami (self-hosted) | Aggregated, cookieless analytics | Pseudonymized event data, no personal identifiers |
Each provider is contractually bound to use your data only to deliver services to us and to maintain appropriate security. We may also disclose information when required by law, to enforce our Terms, to protect our rights or the safety of others, or in connection with a corporate transaction (merger, acquisition, or sale of assets), in which case we will notify you and you will continue to enjoy the rights described here.
7. Your rights and choices
Subject to applicable law, you have the following rights regarding your personal information:
- Access — ask for a copy of the personal data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure ("right to be forgotten") — request deletion of your personal data, subject to legal retention obligations.
- Portability — receive your data in a structured, machine-readable format.
- Restriction or objection — ask us to pause or stop certain processing, including direct marketing.
- Withdraw consent — for any processing based on consent, without affecting prior lawful processing.
- Lodge a complaint — with your local supervisory authority (for EU/UK readers).
To exercise any of these rights, email legal@helmsmenlab.com. We will respond within thirty (30) days, or sooner where required by law. We may ask for additional information to verify your identity before fulfilling a request, to protect you against impersonation.
8. Data retention
We retain personal information only for as long as needed for the purposes described above, plus any period required by law.
- Newsletter subscribers — until you unsubscribe, then for up to 30 additional days to suppress further sends.
- Customers — for the lifetime of the customer relationship plus a retention period of up to seven (7) years to meet tax and accounting requirements.
- Refunded customers — same retention as customers, since refund records are themselves part of our accounting obligations.
- Support correspondence — up to three (3) years from the last interaction.
- Server logs — up to ninety (90) days, then aggregated and anonymized.
- Analytics data — aggregated and pseudonymized from collection; raw events purged within 12 months.
9. How we protect your data
We use encryption in transit (TLS 1.2+) and at rest for sensitive stores, role-based access controls, audit logging for administrative actions, periodic vulnerability scans, and least-privilege principles when granting access to staff and contractors. Backups are encrypted with keys we control and stored geographically separate from the primary database.
No method of transmission over the internet or method of electronic storage is 100% secure. We work hard to safeguard your information but cannot guarantee absolute security. If we become aware of a personal-data breach affecting you, we will notify you and the relevant authorities without undue delay, as required by law.
10. International data transfers
Helmsmen Lab is based in the United States. If you access our services from outside the United States, your information will be transferred to, stored in, and processed in the United States and in any country where our service providers operate. These jurisdictions may have data-protection laws different from those of your country.
For transfers of personal data from the EEA, the UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (SCCs) and equivalent UK and Swiss safeguards with each subprocessor that requires them. You may request a copy of these safeguards by contacting us.
11. California residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act and the California Privacy Rights Act give you additional rights, including the right to know what personal information we collect about you, the right to delete that information, the right to correct inaccuracies, and the right to opt out of any "sale" or "sharing" of your personal information.
We do not sell personal information and we do not "share" it for cross-context behavioral advertising as those terms are defined under California law. You may exercise your CCPA/CPRA rights by emailing legal@helmsmenlab.com. We will not discriminate against you for exercising any of your rights.
12. Children under 18
Helmsmen Lab is intended for adults aged 18 or older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, please email legal@helmsmenlab.com and we will delete the data promptly. We do not sell products to minors and will refund any purchase identified as made by a minor without their parent or guardian's consent.
13. Changes to this policy
We may update this Privacy Policy from time to time. When we make a material change, we will update the "Effective" and "Last updated" dates at the top of this page and, if the change is significant, notify active customers and subscribers by email at least 14 days before the change takes effect. Continued use of the website after the effective date constitutes acceptance of the revised policy.
14. Contact us
For any question about this Privacy Policy or how we handle your data, please email us. We aim to reply within two business days.
Helmsmen Lab — [COMPANY LEGAL NAME]
[COMPANY ADDRESS]
Privacy and data requests: legal@helmsmenlab.com
Customer support: support@helmsmenlab.com