Privacy policy.

Last updated: May 2026

Plain-English version. What we actually do with your data, in clear language. Lawyer-drafted formal policy will replace this in the same location as part of ongoing legal review; the substance won’t change materially.

What we collect

  • Email address. When you sign up for the free Sardine Reset cheat sheet, the weekly newsletter, or the Inner Circle, we store your email.
  • Payment information. Inner Circle payments are processed by Stripe. We never see your card numbers; we receive a token from Stripe that lets us charge you for your subscription.
  • Skool profile information. Your name, profile picture, and any posts or comments you make in either the free or paid Skool communities, as you submit them to Skool.
  • Optional submissions. Cycle logs, biomarker uploads, testimonials, case study contributions — anything you choose to share with the community. These are voluntary; you control what you post.
  • Anonymous analytics. Page views, referrer, country (not IP). We use Plausible Analytics, which is GDPR-compliant and does not use cookies or track individuals.

What we use it for

  • Delivering the product (sending you the PDF, granting Skool access, processing payments).
  • Sending the emails you opted in to (welcome sequence, weekly newsletter, transactional emails).
  • Improving the site and content based on aggregate, anonymized analytics.
  • Replying to your support requests when you write to us.

What we never do

  • We never sell your data. Period. No data brokers, no advertising networks, no “data partners.”
  • We never share your data with third parties for marketing. The sub-processors below get only what they need to deliver their part of the service.
  • We do not retarget you across the web. No Facebook Pixel, no Google retargeting, no behavioral profiles built outside the site.

Sub-processors

Companies that process your data on our behalf, each scoped to the function it performs:

  • Stripe — payment processing. Stripe is PCI-DSS compliant; we never see card numbers.
  • Beehiiv — email newsletter delivery. Stores your email and email engagement data.
  • Skool — community platform. Stores your community profile and activity per Skool’s own privacy policy.
  • Vercel — website hosting. Receives request logs (IP, user agent) for the duration required for serving the site.
  • Cloudflare R2 — static asset storage (the PDF cheat sheet, etc.).
  • Plausible Analytics — anonymous, cookieless website analytics. No personal data collected.

Data retention

  • Financial records: retained for 7 years (legal requirement under EU and US tax law).
  • Other data: retained as long as your account or subscription is active. Deleted on request, or automatically after 2 years of inactivity.
  • Anonymous analytics: aggregated; no individual records to retain.

Your rights

You have the right to access, correct, export, or delete the personal data we hold about you. Email privacy@sardineprotocol.com with your request. We respond within 30 days.

For EU members: this policy is intended to comply with GDPR. For California members: this policy is intended to comply with the CCPA. If you believe we have not met our obligations, you have the right to lodge a complaint with your local data protection authority (in the EU) or the California Attorney General (US).

Children

Sardine Protocol is for adults. We do not knowingly collect personal data from anyone under the age of 16. If you believe we have, please contact us and we will delete the information.

Changes to this policy

If we make material changes to how we collect, use, or share your personal data, we will email subscribers and update the “last updated” date at the top of this page. Non-material changes (clarifications, formatting) may happen without notification.

Contact

For privacy questions or data requests: privacy@sardineprotocol.com.

See also: Terms of service · Refunds & cancellation