Privacy Policy - GoToMarketKits

1. Introduction

Your privacy is important to InvisibleHustle LTD ("we," "us," "our," "Company," or "GoToMarketKits"). This Privacy Policy explains how we collect, use, disclose, and otherwise process personal data in connection with our website, products, and services.

This Privacy Policy applies to all users worldwide, regardless of location.

2. Information We Collect

2.1 Information You Provide Directly

When you purchase from GoToMarketKits or interact with our services, we collect:

At Purchase:

• Full name
• Email address
• Payment information (processed via Gumroad; we do not directly store credit card details)
• Country/location (for billing and tax purposes)
• IP address (automatically logged)

Optional:

• Company name
• Phone number (if you contact support)
• Any messages or inquiries you send us

2.2 Information Collected Automatically

When you visit our website, we collect:

• Browser type and version
• Operating system
• Pages visited and time spent
• Referral source (how you found us)
• IP address
• Device type
• Cookies and similar tracking technologies

2.3 Third-Party Information

We receive information from:

• Gumroad: Payment processor (handles billing and delivery)
• Cloudflare: CDN and web analytics
• Email service provider: When you subscribe to our mailing list

3. Legal Basis for Processing (GDPR)

Under GDPR Article 6, we process personal data on the following legal bases:

3.1 Contractual Necessity (Article 6(1)(b))

• Processing your purchase and delivering your Products
• Managing your access to templates and resources
• Providing customer support

3.2 Legitimate Interests (Article 6(1)(f))

• Improving our Products and services
• Preventing fraud and ensuring security
• Analyzing website usage patterns
• Marketing and communications (with your consent)

3.3 Consent (Article 6(1)(a))

• Sending marketing emails (you can opt-out anytime)
• Non-essential cookies (we ask for consent before placing them)

3.4 Legal Obligation (Article 6(1)(c))

• Complying with tax laws and regulations
• Responding to legal requests from authorities

4. How We Use Your Information

We use collected data for:

Essential Services:

• Processing and fulfilling your purchase
• Sending you access to your Products (templates, guides, videos)
• Providing customer support and responding to inquiries
• Sending account-related notifications (purchase confirmation, access instructions)

Business Operations:

• Improving our Products and website
• Detecting and preventing fraud
• Analyzing usage patterns and user behavior
• Maintaining security and preventing abuse

Marketing (with your consent):

• Sending product updates and new releases
• Sharing relevant content and resources
• Occasionally surveying you for feedback
• Notifying you of price changes or promotions

Legal Compliance:

• Complying with tax and accounting requirements
• Responding to legal requests or court orders
• Protecting our legal rights

5. Data Sharing and Disclosure

5.1 We DO NOT Share Personal Data With:

• Marketing agencies or data brokers
• Advertisers or third-party networks
• Social media platforms (without your explicit consent)
• Data brokers or list sellers

5.2 We DO Share Data With:

Service Providers (acting as Data Processors):

• Gumroad – Payment processing and product delivery
• Cloudflare – Website hosting, CDN, and analytics
• Email service provider – Newsletter and notification delivery
• Google Analytics – Website traffic analysis (anonymized data)

Legal Requirements:

• Law enforcement or regulatory authorities (if legally required)
• Courts of law (in response to valid legal orders)
• To protect our legal rights or prevent fraud

5.3 Data Processing Agreements

All service providers who process personal data on our behalf:

• Have signed Data Processing Agreements (DPAs) compliant with GDPR
• Are contractually obligated to protect your data
• Can only use data for specified purposes
• Implement appropriate security measures

6. International Data Transfers

6.1 GDPR Compliance for Non-EU Users

We are registered in the UK (post-Brexit). When you purchase from outside the EU/UK:

• We transfer your data internationally to process payments and deliver services
• Such transfers are necessary for the performance of our contract with you
• We ensure appropriate safeguards are in place

6.2 Transfer Mechanisms

For transfers to countries without "adequate" data protection laws:

• We rely on Standard Contractual Clauses (SCCs) with service providers
• Service providers commit to GDPR-equivalent protections
• You have the right to request information about transfer mechanisms

6.3 Gumroad Processing

Gumroad (our payment processor) may transfer data internationally. By purchasing through Gumroad, you acknowledge and consent to this transfer. See Gumroad's privacy policy: https://gumroad.com/privacy

7. Data Retention

We retain your personal data for:

After the retention period, data is securely deleted or anonymized.

Exception: If there is a legal hold, dispute, or investigation, we may retain data longer as required by law.

8. Your Rights Under GDPR

If you are in the EU, UK, or covered by equivalent data protection laws, you have the following rights:

8.1 Right of Access (Article 15)

You can request a copy of the personal data we hold about you.

8.2 Right to Rectification (Article 16)

You can correct inaccurate or incomplete personal data.

8.3 Right to Erasure (Article 17)

You can request deletion of your data ("right to be forgotten") except where:

• We need it to fulfill your purchase
• We're required by law to retain it
• We have legitimate grounds to keep it

8.4 Right to Restrict Processing (Article 18)

You can ask us to limit how we use your data while we resolve disputes.

8.5 Right to Data Portability (Article 20)

You can request your data in a portable, machine-readable format.

8.6 Right to Object (Article 21)

You can object to:

• Marketing communications (you can also unsubscribe directly)
• Processing based on legitimate interests
• Automated decision-making

8.7 Right to Withdraw Consent (Article 7)

If processing relies on your consent, you can withdraw it anytime (doesn't affect prior processing).

8.8 Right to Lodge a Complaint (Article 77)

You can file a complaint with your local data protection authority:

• UK: Information Commissioner's Office (ICO) – https://ico.org.uk
• EU: Your national DPA – https://edpb.ec.europa.eu/about-edpb/board/members_en

9. How to Exercise Your Rights

To exercise any of the above rights, contact us at:

Email: joel@gotomarketkits.com

Subject Line: "Data Subject Rights Request"

Please include:

• Your full name and email address
• Specific right you're requesting (e.g., "Right of Access")
• Any relevant details

We will respond within 30 days (GDPR requirement). For complex requests, we may take up to 90 days and will notify you of any extension.

We may request additional information to verify your identity before processing your request.

10. Security

10.1 Data Protection Measures

We implement appropriate technical and organizational security measures:

• SSL/TLS encryption for all data in transit
• Secure password hashing for authentication
• Regular security audits and vulnerability assessments
• Restricted access to personal data (need-to-know basis)
• Employee confidentiality agreements
• Data breach response procedures

10.2 No Guarantee of Absolute Security

While we take security seriously, no system is 100% secure. We cannot guarantee absolute protection against all risks, including unauthorized access, loss, or corruption of data.

10.3 Data Breach Notification

In the event of a data breach affecting your personal data:

• We will notify you without undue delay (within 72 hours as required by GDPR)
• We will inform relevant authorities
• Notification will include details of the breach and steps you can take

11. Cookies and Tracking

11.1 What Are Cookies?

Cookies are small text files stored on your device that help us recognize you and improve your experience.

11.2 Cookies We Use

11.3 Cookie Consent

• Essential cookies are automatically active (required for the site to function)
• Analytics and marketing cookies require your consent before placement
• You can manage cookie preferences in your browser settings
• Declining non-essential cookies will not affect your ability to purchase or access Products

11.4 Third-Party Cookies

Third-party services (Cloudflare, Google Analytics) may place their own cookies. We have no control over these; refer to their privacy policies for details.

12. Third-Party Links

Our website may link to external websites not operated by us. This Privacy Policy does not apply to third-party sites.

We are not responsible for:

• Their privacy practices
• Their data collection methods
• Their security measures
• Their content or policies

Always review the privacy policy of any third-party site before sharing personal information.

13. Children's Privacy

Our Products and services are not intended for children under 13 (or the age of digital consent in your jurisdiction).

We do not knowingly collect personal data from children. If we discover a child has provided personal data, we will delete it immediately and notify the parent/guardian.

If you believe a child has provided us with personal data, contact us immediately at joel@gotomarketkits.com.

14. Marketing Communications

14.1 Email Marketing

We may send you marketing emails if you:

• Opt in during purchase or separately
• Subscribe to our mailing list
• Purchase from us (we may send related product updates)

14.2 Opting Out

Every marketing email includes an "Unsubscribe" link. You can:

• Click the unsubscribe link in any email
• Contact us at joel@gotomarketkits.com with "Unsubscribe" in the subject
• Update preferences in your account (if you have one)

We will process your request within 10 days.

14.3 Transactional Emails

We will always send transactional emails (purchase confirmations, access instructions, support responses) regardless of marketing preferences, as these are necessary for business operations.

15. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

15.1 Right to Know

You can request what personal information we collect and how we use it.

15.2 Right to Delete

You can request deletion of your personal data (subject to exceptions).

15.3 Right to Opt-Out

You can opt out of the "sale" of your personal information (we don't sell data, but you can still opt out).

15.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

To exercise CCPA rights, contact us at joel@gotomarketkits.com with "CCPA Request" in the subject.

16. Virginia & Other US State Privacy Laws

We comply with similar privacy laws in other US states:

• Virginia Consumer Data Protection Act (VCDPA)
• Colorado Privacy Act (CPA)
• Connecticut Data Privacy Act (CTDPA)
• Utah Consumer Privacy Act (UCPA)

For requests under these laws, contact us at joel@gotomarketkits.com with your state's law name in the subject.

17. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

• Changes in our data practices
• Legal requirements
• Feedback from users

Changes will be effective immediately upon posting. Your continued use of our website and services after updates constitutes acceptance of the revised Privacy Policy.

We will notify you of material changes via email or prominent notice on our website.

18. Data Protection Officer & Compliance

Company: InvisibleHustle LTD

Registered in: London, United Kingdom

While we are not required to appoint a Data Protection Officer, we comply with GDPR requirements and take data protection seriously.

For data protection inquiries, contact:

Email: joel@gotomarketkits.com

Subject: "Data Protection Inquiry"

19. Contact Us

For questions about this Privacy Policy or how we handle your data:

Email: joel@gotomarketkits.com

Company: InvisibleHustle LTD

Address: London, United Kingdom

We aim to respond to all inquiries within 10 business days.

20. Legal Basis Summary (Quick Reference)

21. Appendix: Glossary

• Personal Data: Any information relating to an identified or identifiable individual
• Processing: Any operation performed on personal data (collection, storage, use, sharing, deletion)
• Data Subject: You (the individual whose data is being processed)
• Data Controller: InvisibleHustle LTD (determines why and how data is processed)
• Data Processor: Service providers who process data on our behalf (Gumroad, Cloudflare, etc.)
• GDPR: EU General Data Protection Regulation (applies to EU/UK and their data)
• Legitimate Interest: Our interest in processing data that is not overridden by your rights
• Data Breach: Unauthorized access, loss, or corruption of personal data