Privacy Policy
What we collect. What we don't. How we protect it. No dark patterns, no data brokers.
1. The short version
We collect only the data needed to deliver your membership: name, email, phone, billing address, payment method (stored on Stripe — never on our servers), and your activity inside the community. We don't sell or share your data with marketers, brokers, or third parties for advertising.
2. What we collect
| Data | Why | Where it lives |
|---|---|---|
| Name, email, phone | Account creation, receipts, support, welcome flow (email + SMS) | Stripe + Supabase |
| Billing address | Bank fraud verification (AVS), tax compliance | Stripe |
| Payment method | Recurring billing | Stripe only — we never see card numbers |
| Community activity | Running the community (posts, comments, DMs, attendance) | Circle (members.aisystemsclub.com) |
| IP address, browser, country | Fraud prevention, debugging checkout failures | Supabase (90-day retention) |
| UTM / referrer | Understanding which channels send paying members | Stripe metadata + Supabase |
3. What we DON'T do
- We don't sell your data to anyone
- We don't share it with advertising networks (no Meta CAPI / Google data feed)
- We don't use third-party trackers beyond Cloudflare's basic edge analytics and (optionally) Meta Pixel for our own conversion attribution
- We don't email-spam you — only transactional (account, billing) and the weekly briefing you opted into
4. The tools we use
Your data passes through these processors. Each has their own privacy practices:
- Stripe — payments + customer records. stripe.com/privacy
- Supabase — our database (hosted in ap-southeast-1, Singapore). supabase.com/privacy
- Cloudflare — hosting + CDN. cloudflare.com/privacypolicy
- Resend — transactional and briefing emails. resend.com/privacy
- Semaphore.co — welcome SMS for Philippine numbers. semaphore.co/privacy
- Circle — the community platform. circle.so/privacy-policy
5. How long we keep your data
- While you're a member: we keep everything needed to run your account
- After cancellation: we delete community posts only if you specifically request it (otherwise the conversations stay so other members' threads still make sense). Billing records are retained for 7 years per tax-compliance norms.
- Server logs (IP, UA, country): 90 days then auto-purged
6. Your rights
You can:
- Request a copy of everything we have on you
- Have your data corrected or deleted (subject to legal retention requirements above)
- Withdraw email consent at any time via the unsubscribe link in any email
- Opt out of SMS by replying STOP to any of our messages
Email admin@aisystemsclub.com for any of these.
7. Security
All data is encrypted in transit (TLS 1.3 via Cloudflare) and at rest (Supabase + Stripe both AES-256). We use the principle of least privilege internally — only Marc and necessary infrastructure services see your data. Stripe holds your card details on PCI-DSS-compliant infrastructure; we never touch card numbers.
8. Cookies
We use:
- Essential cookies — login session, checkout state. Required for the site to work.
- Analytics cookies — Cloudflare's privacy-friendly edge analytics (no third-party data sharing).
- Marketing cookies — Meta Pixel for conversion measurement, only if you visit a paid-traffic landing page.
9. International transfers
Our infrastructure is global: Cloudflare edge, Supabase in Singapore (ap-southeast-1), Stripe in the US. By using ASC you consent to your data being processed in these regions.
10. Changes to this policy
Material changes will be emailed to active members at least 14 days in advance. Last updated date is at the top of this page.
11. Contact
Questions, data requests, or concerns: admin@aisystemsclub.com.