Privacy Policy

How we collect, use, share, and protect personal information for members inside the Tradeline Authority Vault, along with your choices and privacy rights.

Members-Only Vault
Applies after purchase + login
Last updated: November 2025

Quick Summary (Plain English)

We collect only what’s needed to create your account, process payments, run the Vault, and support you.
Payments are processed by Gumroad (our current provider). We never see or store full card numbers.
We log Vault activity (e.g., lessons viewed, downloads) to secure the platform and improve content.
We do not sell your personal information. Limited sharing with service providers only.
You can access, update, or delete certain data, control marketing, and exercise state/international privacy rights.

Scope & Controller

This Privacy Policy applies to personal information processed when you purchase access on Gumroad and use the Tradeline Authority Vault after login. The data controller for Vault operations is Tradeline Authority (“we,” “us,” “our”).

If you submit a form on our public site (e.g., contact or support), the Forms (Fluent Forms) & Technical Data section also applies.

What We Collect

Account & Profile — name, email, password (hashed), company, role.
Billing — purchase history and non-sensitive billing tokens from Gumroad (brand/last4/expiration). We do not store full PAN/CVV.
Vault Activity — pages viewed, progress, search queries, downloads, quiz attempts, timestamps, IP/device info (for security and analytics).
Forms & Submissions — content you send (e.g., contact or support messages) plus entry metadata such as IP address, browser/version, device/OS, referrer/source URL, page path, and submission time. See Forms for details.
Support & Communications — emails, tickets, chat messages, call notes.
Files You Upload — documents you attach in tools or support (you control what you upload).
Cookies & Similar Tech — essential session cookies; optional analytics/marketing cookies (see Cookies & Tracking).

Forms (Fluent Forms) & Technical Data

When you submit a form on our site, we collect the information you provide and certain technical details captured automatically by our WordPress forms system (Fluent Forms), including your IP address, browser and version, device/OS type, referrer/Source URL, page path, and date/time of submission. We use this information to deliver what you requested, prevent spam and abuse, secure our site, troubleshoot issues, and maintain records.

Service providers. Form entries are stored in WordPress and may be processed by our web host, CDN/security (e.g., Cloudflare), and email delivery provider solely to operate the site.
Anti-spam. Our forms may use bot-protection services (e.g., Google reCAPTCHA or hCaptcha), which collect device and usage data subject to their own privacy policies.
GDPR legal bases (EEA/UK). Legitimate interests (site security, fraud/spam prevention, responding to your request) and, where applicable, performance of a contract.
Retention. Form entries and related logs are retained for up to 24 months unless needed longer to comply with legal obligations or protect our services.

Cookies & Tracking

Essential — required for login, session continuity, and CSRF protection.
Analytics — to understand usage and improve content (we use aggregated reports).
Preferences — remember settings like dark mode or playback speed.

You can control cookies in your browser. Blocking essential cookies may sign you out or limit features. We do not “sell” or “share” data for cross-context behavioral advertising. If we ever introduce optional analytics/marketing cookies, you’ll have a clear choice to opt in where legally required.

How We Use Information

Provide the Vault — create and maintain accounts, authenticate sessions, deliver lessons, tool access, and certificates. Legal basis: contract/legitimate interests.
Payments & Invoicing — process transactions through Gumroad, prevent fraud, handle refunds/chargebacks. Basis: contract/legal obligation.
Support — respond to requests, fix issues, and customize guidance. Basis: contract/legitimate interests.
Improve & Secure — product analytics, QA, abuse and intrusion monitoring. Basis: legitimate interests.
Communications — account/transactional emails; optional product updates (you can unsubscribe). Basis: contract/consent where required.
Compliance — meet legal, tax, and audit requirements. Basis: legal obligation.

Data Retention

Account & purchasesWhile account is active + up to 7 years (tax/audit)
Support tickets & emails3 years from last interaction
Vault analytics (aggregated)26 months (then de-identified)
Access logs & security events12–24 months (shorter where feasible)
Forms & entry metadataUp to 24 months (spam/security & troubleshooting)
Uploaded filesYou may delete; backups roll off on a schedule

Your Choices & Rights

Access/Update — edit profile details from your account or contact us.
Delete — request deletion of your account and eligible data (some records kept as required by law).
Marketing — unsubscribe from non-transactional emails at any time.
Verification — we may ask for reasonable information to confirm your identity before fulfilling requests.

To exercise rights, email info@reportprimarytradelines.com.

US State Privacy Notices (including California)

Right to Know/Access/Correction/Deletion — you may request access to, correction of, or deletion of personal information we maintain, subject to exceptions.
Sensitive data — we do not use sensitive personal information to infer characteristics.
Sale/Sharing — we do not “sell” personal information or “share” it for cross-context behavioral advertising; honoring Global Privacy Control (GPC) is therefore not applicable to advertising here.
Authorized agents — if you use an agent, we may require proof of authorization and your verification.
Non-discrimination — we will not discriminate against you for exercising your privacy rights.
Financial incentives — we do not offer programs that require you to waive privacy rights.
“Shine the Light” (CA Civ. Code §1798.83) — we do not disclose personal information to third parties for their direct marketing.

Security

We use administrative, technical, and physical safeguards (TLS in transit, access controls, least-privilege, monitoring, and regular backups). Payments are handled through Gumroad, which is responsible for PCI DSS compliance. No method is 100% secure; please use a strong unique password and enable device protections. If we learn of a breach affecting you, we will notify you as required by law.

International Transfers

Data may be processed in the United States. Where required, we rely on Standard Contractual Clauses or comparable safeguards for transfers.

Children

The Vault is for adults and professional learners. We do not knowingly collect data from children under 13 (or under 16 in certain regions). If you believe a child has provided personal information, contact us to remove it.

External Links & Third-Party Sites

We sometimes link to external sites (e.g., government resources and Gumroad for receipts/account changes). These are governed by those sites’ policies. Links open in a new tab. Returning from an external page may require you to sign back in if your Vault session expires.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects about you.

Changes to This Policy

We’ll post updates here and adjust the “Last updated” date above. Material changes may also be announced in-app or via email.

Contact Us

Questions or privacy requests: info@reportprimarytradelines.com · Tradeline Authority, Privacy Team, Your Mailing Address.

Educational Notice: The Vault provides education and tools, not legal advice. For legal questions, consult qualified counsel.