GO·READY·PREP
Legal

Privacy Policy

Last updated:

1. Who we are

This site, goreadyprep.com, is operated by CleverNRG LLC, a New York limited liability company. This Privacy Policy describes how we collect, use, and share information about visitors and customers.

Contact: [email protected].

2. Information we collect

We try to collect as little as we can while running the business. Specifically:

You give us:

  • Email address. When you sign up for the waitlist, place an order, or use the contact form
  • Name and shipping address. When you place an order
  • Order details. Items ordered, quantity, price, lead time
  • Support thread contents. Anything you write into the contact form

We collect automatically:

  • IP address. Recorded by Cloudflare (our DNS, proxy, and security layer) on each request, used for rate limiting, abuse prevention, and standard security logging
  • Device and browser metadata. User agent string, screen size, language preference (Cloudflare Web Analytics, used for traffic analytics; this is cookieless)
  • Limited request metadata in error reports. Sent to Sentry when an unexpected error occurs (request bodies and IP addresses are scrubbed before transmission for any route handling user input)

We do NOT collect:

  • Payment card numbers or CVV. Payments are processed by Stripe; we never see card details
  • Cross-site tracking. We don't use Google Analytics, Meta Pixel, or any third-party advertising tracker
  • Behavioral profile data. We don't profile you across sessions for advertising

3. Cookies and similar technologies

We use a minimal set of cookies, all functional:

  • Stripe sets one functional cookie at checkout (required for payment session integrity, exempt from consent requirements under GDPR/CCPA)
  • Cloudflare sets a security cookie (cf_clearance, __cf_bm) for bot protection on protected routes

We do not use marketing or analytics cookies. Cloudflare Web Analytics is cookieless. Because we don't use tracking cookies, we don't show a cookie consent banner.

4. How we use information

We use the information described above to:

  • send you the email you've explicitly asked for (waitlist confirmations, gear-guide announcements, order confirmations, shipping notifications, support replies)
  • fulfill your orders and ship them via fulfillment partners
  • diagnose and fix bugs (via Sentry, with PII scrubbed)
  • prevent abuse and fraud (via Cloudflare rate limits and Stripe Radar)
  • respond to your support messages
  • comply with legal obligations (tax, accounting, subpoenas)

5. Service providers we share information with

We share specific information with the following processors so they can perform a function on our behalf. Each is bound by their own privacy obligations.

  • Stripe (privacy), payment processing. Receives card details directly from your browser; we never see them. Receives your name, email, billing address, and the order amount.
  • Resend (privacy), transactional and editorial email delivery. Receives your email address and the contents of any message we send to you.
  • Cloudflare (privacy), DNS, proxy, edge security, inbound email forwarding ([email protected] → operator inbox), Turnstile bot challenges on forms, R2 object storage for product imagery, Web Analytics. Receives request metadata (IP, headers).
  • Sentry (privacy), error monitoring. Receives stack traces and limited request context. Request bodies and IP addresses are scrubbed for any route that handles user input (/api/checkout, /api/stripe, /api/waitlist, /api/unsubscribe, /api/contact, /api/orders).
  • Fulfillment partners. When you place an order, we share your name and shipping address with the warehouse(s) fulfilling that order. We don't share your email with fulfillment partners unless required to deliver a tracking number on their behalf.

We do not sell or rent personal information to third parties for advertising.

6. Email and List-Unsubscribe

Every email we send includes:

  • A List-Unsubscribe header (so Gmail/Apple Mail show a built-in unsubscribe button)
  • A direct unsubscribe link in the footer (signed token, one-click)
  • A reason line ("you're getting this because…") so you know why we have your address

Unsubscribing from the waitlist removes you from gear-guide announcements and any future marketing email. Order confirmations and shipping notifications are transactional and continue if you have an active order.

7. Data retention

We keep:

  • Waitlist subscribers until you unsubscribe or 18 months after the last engagement (open, click, or reply), whichever is first
  • Order records for 7 years (US tax-record retention requirements)
  • Support thread records for 3 years from the last message
  • Sentry error data for 90 days
  • Cloudflare logs per Cloudflare's default retention (30 days)

You can request deletion of your account and personal data by emailing [email protected]; records subject to legal retention will be removed once their retention period expires.

8. Your rights

California residents (CCPA/CPRA): You have the right to know what personal information we collect about you, to request deletion, to correct inaccurate information, to opt out of any "sale" or "sharing" of personal information (we don't sell or share for advertising), and to limit use of sensitive personal information (we don't use sensitive PI). To exercise these rights, email [email protected]. We respond within 45 days.

New York residents (SHIELD Act): You have the right to be notified of any data breach involving your personal information without unreasonable delay. We follow the SHIELD Act's reasonable-security requirements: encryption in transit, access controls on the database, vendor due diligence, and incident response procedures.

EU/UK residents (GDPR/UK GDPR): We don't currently target EU/UK markets and don't intend to be subject to GDPR/UK GDPR. If you're an EU/UK resident who places an order from outside our intended market, you have rights of access, rectification, erasure, restriction, portability, and objection. Email [email protected].

9. Children

The site isn't directed at children under 13. We don't knowingly collect personal information from children. If you believe we've collected information from a child, contact us and we'll delete it.

10. Security

We follow standard security practices: HTTPS everywhere (TLS 1.2+), DKIM/SPF/DMARC on outbound email, encrypted database connections, Cloudflare Access protecting administrative routes, scoped API tokens stored only on the production server. We don't claim our security is perfect; we claim it's reasonable for the data we hold.

11. International transfers

The site and its underlying infrastructure (Cloudflare edge, server in the US) are operated in the United States. Cloudflare and Stripe operate globally and may process data in multiple regions; their privacy notices describe their cross-border transfer mechanisms.

12. Changes

If we change how we collect or use personal information in a way that materially affects you, we'll update the "Last updated" date and notify confirmed waitlist subscribers by email. Continuing to use the site after a change means you accept the updated policy.

13. Contact

For privacy questions, data subject requests, or to opt out of any processing:

[email protected]

CleverNRG LLC New York, USA

Last updated: 2026-05-05