Privacy Policy

1. Introduction

The Oldford Company LLC ("Company," "we," "us," or "our") is committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible manner. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our websites, use our applications, engage with our services, or otherwise interact with us.

This Privacy Policy applies to all websites and digital services operated by The Oldford Company LLC, including but not limited to:

• ScottOldford.com — our primary brand and educational platform
• OnlineBusinessOwner.com — our online business education and resource hub
• All related subdomains, microsites, mobile applications, and digital properties
• Our AI-powered business tools (including the SOX AI suite of 25+ tools)
• Our newsletters, podcasts, community platforms, and membership programs
• Digital courses, coaching and mentorship programs, and consulting services
• Assessment tools, diagnostic instruments, and personalized recommendation engines
• Ebooks, digital downloads, media content, and all other digital offerings

By accessing or using any of our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

We encourage you to read this Privacy Policy carefully and in its entirety. If you have any questions or concerns about our privacy practices, please contact us using the information provided in the "Contact Us" section at the end of this document.

This Privacy Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage. We encourage you to review the privacy policies of any third-party services you access through our platforms.

2. Information We Collect

We collect information in several ways to provide you with the best possible experience across our ecosystem of services. The types of information we collect depend on how you interact with our websites, applications, and services.

2.1 Information You Provide Directly

When you interact with our services, you may voluntarily provide us with personal information. This includes, but is not limited to, the following categories:

Account Registration

When you create an account on any of our platforms, we collect your name, email address, and password (stored in encrypted form). You may also provide a username, profile photo, professional title, company name, and biographical information.

Purchase and Transaction Information

When you purchase our courses, coaching programs, memberships, or other products and services, we collect billing information including your name, billing address, and payment method details. Important: We do not store your full credit card numbers, CVV codes, or complete payment card details. All payment transactions are processed through trusted third-party payment processors, including Fanbasis, Stripe and PayPal, which maintain their own privacy policies and security standards (PCI-DSS compliant).

Profile Information

You may choose to provide additional profile information such as your business type, industry, revenue range, years in business, goals, challenges, and other professional details to help us personalize your experience and recommendations.

Assessment and Diagnostic Responses

When you participate in our business diagnostics, quizzes, assessments, or evaluation tools, we collect your responses, scores, and results. This includes data provided to our AI-powered diagnostic assessments designed to evaluate your business health, readiness, and opportunities for growth.

AI Tool Interactions

When you use our AI-powered tools, including the AI Business Mentor, the SOX AI suite (25+ business tools), and other AI features, we collect the prompts, queries, inputs, and content you provide to these tools, as well as the AI-generated outputs and your feedback on those outputs.

Communications

We collect information from your communications with us, including emails, support tickets, live chat transcripts, phone call records, direct messages, and any other correspondence. This helps us respond to your inquiries and improve our customer support.

Community Participation

When you participate in our community forums, discussion boards, comment sections, live sessions, webinars, group coaching calls, or other interactive features, we collect the content you post, share, or communicate, including text, images, audio, and video contributions.

Survey and Feedback Responses

If you respond to our surveys, feedback forms, polls, or reviews, we collect the information you provide, including satisfaction ratings, suggestions, testimonials, and open-ended responses.

Newsletter Signup Information

When you subscribe to any of our newsletters (serving 100,000+ subscribers across our ecosystem), we collect your email address, name, and any preferences or interests you specify during signup. We may also collect information about how you interact with our newsletter content.

2.2 Information Collected Automatically

When you access or use our services, we automatically collect certain information about your device and usage patterns. This information helps us improve our services, personalize your experience, and maintain security.

Device Information

We collect information about the device you use to access our services, including your Internet Protocol (IP) address, browser type and version, operating system, device type (desktop, mobile, tablet), screen resolution, device identifiers, and language preferences.

Usage Data

We collect information about how you interact with our services, including the pages you visit, the features you use, the time and duration of your visits, click patterns, scroll depth, navigation paths, search queries, content viewed, courses accessed, lessons completed, and engagement metrics.

Location Data

We collect general geographic location information inferred from your IP address. We do not collect precise GPS location data unless you explicitly grant permission (e.g., for location-based features).

Referral Data

We collect information about how you arrived at our websites, including the referring URL, search engine and search terms used, advertising campaign identifiers, social media referral sources, and affiliate tracking parameters.

Log Data

Our servers automatically record certain information in log files, including access times, pages viewed, error logs, HTTP status codes, and data transferred. This data is used for system administration, security monitoring, and service optimization.

2.3 Information from Third Parties

We may receive information about you from third-party sources and combine it with the information we collect directly. Third-party sources include:

• Social Media Platforms: If you log in to our services using social media credentials (e.g., Google, Facebook, LinkedIn, Apple), we may receive your name, email address, profile picture, and other information you have made publicly available on those platforms.
• Payment Processors: Our payment partners (Stripe, PayPal) may provide us with transaction confirmations, partial payment details, billing addresses, and fraud risk assessments.
• Analytics Providers: Third-party analytics services provide us with aggregated and individual usage data, demographic insights, interest categories, and behavioral patterns.
• Advertising Partners: Our advertising networks may provide conversion data, audience insights, lookalike audience information, and ad performance metrics.
• Public Databases and Directories: We may supplement our records with publicly available information from business directories, social media profiles, government records, and other public sources.

3. How We Use Your Information

We use the information we collect for the following purposes, all of which are aimed at providing you with the best possible experience and maintaining the security and integrity of our services:

• Providing and Improving Our Services: To deliver the products, services, and content you have requested; to maintain, operate, and improve our websites, applications, and platforms; and to develop new features, tools, and offerings.
• Processing Transactions: To process your purchases, manage your subscriptions, send invoices, issue refunds, and communicate transaction-related information such as order confirmations, receipts, and renewal notices.
• Personalizing Your Experience: To tailor the content, recommendations, and features presented to you based on your preferences, interests, usage history, assessment results, and business profile.
• Powering AI Features: To personalize AI-generated responses in our AI Business Mentor and SOX AI tools; to improve the accuracy and relevance of our AI-powered recommendations; and to provide contextualized coaching and business guidance through our AI systems.
• Marketing Communications: To send you marketing messages, promotional offers, product announcements, and educational content, subject to your consent and opt-out preferences. We will not send marketing emails without your prior consent or an existing business relationship.
• Newsletters and Educational Content: To deliver our newsletters, educational emails, course updates, podcast notifications, and other content you have subscribed to receive.
• Customer Support: To respond to your inquiries, troubleshoot problems, manage your account, and provide technical and customer support.
• Analytics and Service Improvement: To analyze usage trends, measure the effectiveness of our marketing campaigns, understand how users engage with our content, and identify areas for improvement.
• Fraud Prevention and Security: To detect, prevent, and address fraud, unauthorized access, security breaches, and other potentially prohibited or illegal activities.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests; to enforce our Terms of Service and other agreements; and to protect our rights, privacy, safety, or property.
• Research and Development: To conduct research and development of new products, features, and services; to test improvements to existing features; and to develop new AI capabilities and tools.
• Community Management: To moderate our community forums, facilitate discussions, enforce community guidelines, and foster a safe and productive environment for our members.
• AI Model Training and Development: To train, develop, improve, and enhance our artificial intelligence and machine learning models, algorithms, and tools using data collected from your interactions with our services.
• Creating Aggregated Insights and Data Products: To create aggregated insights, benchmarks, industry reports, and data products derived from user data and behavior patterns across our ecosystem.
• Data Monetization: To monetize data through licensing, selling, or sharing with third parties for advertising, marketing, analytics, and commercial purposes.
• Targeted Advertising and Profiling: To build user profiles for targeted advertising and personalized marketing across our ecosystem and third-party platforms.
• Business Partner Sharing: To share with business partners, sponsors, and advertisers for co-marketing and commercial purposes.
• Product Development from User Data: To develop and license new products, tools, and services based on aggregated user data and behavior patterns.

4. Cookies and Tracking Technologies

4.1 What Are Cookies

Cookies are small text files that are placed on your device (computer, smartphone, or tablet) when you visit a website. Cookies are widely used to make websites work efficiently, to improve user experience, and to provide reporting information to website operators. In addition to cookies, we also use similar tracking technologies such as web beacons (also known as pixel tags or clear GIFs), local storage, and similar technologies.

Cookies set by the website operator are called "first-party cookies." Cookies set by parties other than the website operator are called "third-party cookies." Third-party cookies enable third-party features or functionality, such as analytics, advertising, and social media integration.

4.2 Types of Cookies We Use

Essential / Strictly Necessary Cookies

These cookies are required for the basic functionality of our websites and cannot be switched off in our systems. They are typically set in response to actions you take, such as logging in, setting privacy preferences, filling in forms, or making purchases. These cookies enable core functionality including session management, security features (CSRF protection), load balancing, and shopping cart functionality. Without these cookies, our services cannot function properly.

Performance / Analytics Cookies

These cookies collect information about how visitors use our websites, including which pages are visited most often, how visitors navigate between pages, page load times, error messages received, and general usage patterns. We use Google Analytics and similar tools to collect this data. All information collected by these cookies is aggregated and therefore anonymous. This data helps us optimize our website performance, identify usability issues, and understand content engagement.

Functional Cookies

Functional cookies enable our websites to provide enhanced functionality and personalization. They remember your preferences, such as language settings, font sizes, region, and other customizations. They may also remember choices you have made (such as your username for faster login, or content preferences) to provide a more personalized experience. If you do not allow these cookies, some or all of these personalized features may not function properly.

Marketing / Advertising Cookies

These cookies are used to deliver advertisements and marketing messages that are relevant to your interests. They track your browsing activity across websites to build a profile of your interests and show you relevant ads on other sites. These cookies include the Facebook Pixel (Meta Pixel) for retargeting and conversion tracking, as well as cookies from advertising networks. They also measure the effectiveness of our advertising campaigns, including click-through rates, conversion rates, and return on ad spend.

4.3 Third-Party Cookies

We allow certain third parties to place cookies and similar technologies on our websites. These third parties include:

• Google: Google Analytics (website usage analysis), Google Ads (advertising and conversion tracking), Google Tag Manager (tag management), and Google Optimize (A/B testing).
• Meta / Facebook: Facebook Pixel (retargeting and conversion tracking), Conversions API (server-side event tracking), and Facebook social plugins.
• Email Marketing Platforms: Our email service providers place cookies and tracking pixels to measure email open rates, click-through rates, and subscriber engagement.
• Video Platforms: YouTube and Vimeo may place cookies when their embedded video players are loaded on our pages, to track video views and provide video playback functionality.
• Social Media Widgets: Social media sharing buttons and embedded content from platforms such as Facebook, Twitter/X, LinkedIn, and Instagram may place cookies to enable sharing functionality and track social interactions.
• Data Brokers and Data Management Platforms: We allow data brokers and data management platforms to place cookies on our websites to collect information about your browsing behavior, interests, and demographics for data enrichment and commercial purposes.
• Programmatic Advertising Networks: We participate in programmatic advertising networks that place cookies to facilitate real-time bidding and automated ad placement across the internet.
• Cross-Device and Cross-Site Tracking: We and our partners use tracking technologies for cross-device and cross-site tracking for advertising purposes, including building advertising profiles that may be shared with or sold to third-party advertisers.

Data collected through cookies and tracking technologies may be sold to or shared with third-party advertisers, data brokers, analytics companies, and marketing partners for their own commercial purposes. We participate in advertising networks that may combine information collected on our sites with information from other sources to deliver targeted advertising.

4.4 Cookie Duration

The cookies we use can be categorized by their lifespan:

• Session Cookies: These temporary cookies are erased when you close your browser. They are used to maintain your session state as you navigate between pages during a single visit.
• Persistent Cookies: These cookies remain on your device for a set period of time or until you manually delete them. They are used to remember your preferences, recognize you on return visits, and track usage over time. Typical retention periods range from 30 days to 2 years, depending on the cookie's purpose. Analytics cookies are generally retained for up to 26 months, while advertising cookies are typically retained for up to 13 months.

4.5 Managing Cookies

You have several options for managing and controlling cookies:

• Browser Settings: Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all cookies, accept only first-party cookies, or notify you when a cookie is being set.
• Cookie Preferences Tool: We provide a cookie management tool on our websites that allows you to selectively enable or disable non-essential cookies.
• Google Analytics Opt-Out: You can opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout.
• Facebook Ad Settings: You can manage your Facebook advertising preferences at https://www.facebook.com/adpreferences.
• Industry Opt-Out Tools: You can opt out of many third-party advertising cookies through the Network Advertising Initiative or the Digital Advertising Alliance.

Impact of Disabling Cookies: Please note that disabling or deleting cookies may affect the functionality of our services. Some features may not work correctly, you may need to re-enter information more frequently, and your user experience may be degraded. Essential cookies cannot be disabled as they are necessary for our websites to function.

4.6 Do Not Track / Global Privacy Control

Some browsers offer a "Do Not Track" (DNT) feature that sends a signal to websites requesting that they not track the user's browsing activity. There is currently no universally accepted standard for how companies should respond to DNT signals.

Global Privacy Control (GPC): We honor Global Privacy Control (GPC) signals. When we detect a valid GPC signal from your browser, we treat it as a request to opt out of the sale or sharing of your personal information, as applicable under the California Consumer Privacy Act (CCPA) and similar laws. We will process GPC signals as legally required in your jurisdiction.

5. Artificial Intelligence and Data Processing

Our ecosystem extensively leverages artificial intelligence to provide personalized business guidance, educational content, and productivity tools. This section describes how we use AI technologies, what data is involved, and your rights regarding AI-processed data.

5.1 How We Use AI

We deploy AI-powered features and tools across our platforms, including:

• AI Business Mentor: An AI-powered coaching and mentorship tool that provides personalized business advice, strategic guidance, and actionable recommendations based on your inputs, business profile, and goals.
• SOX AI Suite (25+ Business Tools): A comprehensive suite of over 25 AI-powered business tools designed to assist with marketing, copywriting, strategy development, content creation, financial analysis, customer avatar development, and other business functions.
• Diagnostic Assessments: AI-enhanced diagnostic tools that analyze your business metrics, responses, and data to generate personalized assessments, scores, and recommendations for business improvement.
• Content Personalization: AI algorithms that analyze your interests, behavior, and engagement patterns to recommend relevant courses, resources, articles, and content across our ecosystem.
• Customer Support Chatbots: AI-powered chatbots and virtual assistants that provide immediate answers to common questions, guide you through our platforms, and escalate complex inquiries to human support agents.
• Email and Content Optimization: AI tools that help optimize email subject lines, content delivery timing, newsletter personalization, and content recommendations to improve engagement and relevance.
• Proprietary AI Model Training: Training and developing proprietary AI models using user interactions, data, and feedback to improve our products and services.
• Commercial AI Products: Creating commercial AI products and services from aggregated user data, including benchmarking tools, predictive models, and analytics platforms.
• Licensing AI-Derived Insights: Licensing AI-derived insights, models, and data products to third parties for their commercial use.

5.2 Data Used by AI

Our AI systems may process the following types of data:

• User Inputs and Prompts: The questions, prompts, text, data, and other content you submit to our AI tools, including conversations with the AI Business Mentor and inputs to the SOX AI suite.
• Assessment Responses: Your answers to diagnostic questions, quiz responses, and evaluation inputs used to generate personalized assessments and recommendations.
• Usage Patterns: Information about how you interact with our platforms, including pages visited, features used, courses completed, and engagement metrics, to personalize content recommendations.
• Aggregated and Anonymized Data: De-identified data from across our user base may be used to improve AI model performance, develop new AI features, and enhance the accuracy of our AI-generated recommendations. This data cannot be used to identify individual users.

All data categories listed above may be used for AI model training, development, and improvement. Data may be used to train both proprietary and third-party AI models that we partner with or license technology from.

5.3 AI Data Handling

The following describes our practices regarding the handling of AI-related data:

• Monetization of AI Interaction Data: We may monetize, license, sell, or share AI interaction data, including anonymized or aggregated versions of your prompts, queries, and AI-generated outputs, with third parties for commercial, research, and development purposes.
• Consent to AI Training: By using our AI tools, you consent to The Oldford Company LLC using your AI interactions, inputs, outputs, and related data to train, develop, improve, and enhance our proprietary AI models, as well as third-party AI models we partner with. This includes sharing your data with AI service providers who may use it to improve their models and services.
• Data Collection and Retention for Business Purposes: We collect and retain AI interaction data as needed for our business purposes, including training, product development, commercial licensing, and improving our services.
• Real-Time Generation: AI outputs are generally generated in real-time in response to your inputs. While we may store interaction histories to provide continuity and context across sessions, AI outputs may not be stored permanently and may be subject to periodic deletion.
• Deletion of AI History: You may request deletion of your AI interaction history at any time by contacting us at the email address provided in the "Contact Us" section. Upon receiving a verified request, we will delete your AI interaction records within 45 days, subject to any legal retention obligations. Please note that data that has already been used to train AI models cannot be un-trained or removed from those models, and previously generated aggregated insights or derivative works will not be affected by individual deletion requests.
• Derivative Works: We may create derivative works, benchmarks, insights, and data products from your AI interactions and license or sell these to third parties.

5.4 Third-Party AI Providers

We may use third-party AI services to power certain features within our ecosystem. These providers may include, but are not limited to, OpenAI, Anthropic, Google, and other AI technology companies.

• Data shared with third-party AI providers is governed by their respective privacy policies and by our data processing agreements (DPAs) with those providers.
• Data shared with third-party AI providers may be used by those providers to train, improve, and enhance their general-purpose and specialized AI models. By using our AI-powered tools, you acknowledge and consent to this data sharing and use.
• We conduct due diligence on AI providers' data handling practices, security measures, and compliance certifications before integrating their services into our platforms.
• We regularly review our AI provider relationships to ensure ongoing alignment with our business objectives and applicable legal requirements.

5.5 Automated Decision-Making

Certain features of our services may involve automated processing of your data to make decisions or produce outputs that affect you. This includes:

• Profiling for Personalization: We may use automated analysis of your data to create profiles that inform content recommendations, product suggestions, and personalized coaching advice.
• Diagnostic Scoring: Our assessment tools use automated algorithms to generate scores, ratings, and classifications based on your responses.
• Risk Assessment: We may use automated tools to assess fraud risk, payment risk, or account security risk.

Your Rights Regarding Automated Decisions:

• You have the right to opt out of automated decision-making that produces legal or similarly significant effects on you.
• You have the right to request human review of any decision made solely by automated means.
• You may request an explanation of the logic involved in any automated decision-making process that significantly affects you.
• To exercise these rights, please contact us using the information provided in the "Contact Us" section.

6. How We Share Your Information

We may sell or share your personal information with third parties for commercial purposes, including but not limited to: advertising networks and partners, data brokers and data management platforms, business partners and sponsors, analytics and research companies, and other entities for their own marketing and commercial purposes.

In addition to selling and sharing your personal information as described above, we may also share your information in the following circumstances:

Categories of Third Parties We Share With

We may sell, share, or disclose your personal information to the following categories of third parties:

• Advertising and marketing partners
• Data brokers and aggregators
• Business partners and sponsors
• AI model training partners
• Research institutions
• Analytics companies
• Service providers (as described below)

Service Providers

We share information with trusted third-party service providers who perform services on our behalf, including web hosting and cloud infrastructure providers, email marketing platforms, payment processors (Stripe, PayPal), AI technology providers, analytics services (Google Analytics), customer support platforms, content delivery networks, and cybersecurity providers. These providers are contractually obligated to use your information only for the purposes of providing services to us and to maintain appropriate security measures.

Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, sale of assets, or other business transaction involving The Oldford Company LLC, your personal information may be transferred as part of the transaction. We will notify you via email and/or a prominent notice on our websites of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal requests, including subpoenas, court orders, search warrants, or requests from law enforcement or government agencies. We may also disclose information to protect our rights, property, or safety, or the rights, property, or safety of others.

With Your Consent

We may share your information with third parties when you have given us your explicit consent to do so. For example, you may authorize us to share your information with a specific partner or integration.

Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. This data may be shared with partners, advertisers, researchers, and the public for any purpose without restriction.

Affiliates and Related Companies

We may share your information with affiliates and related companies within The Oldford Company ecosystem for purposes consistent with this Privacy Policy, including joint service offerings, cross-platform personalization, and internal business operations.

6A. Data Monetization

We may monetize personal information and usage data by selling, licensing, or sharing it with third parties for their own commercial purposes. This section describes our data monetization practices.

Categories of Data That May Be Monetized

The following categories of data may be sold, licensed, or shared for commercial purposes:

• Identifiers (name, email address, IP address, account IDs)
• Browsing history and website usage data
• Usage data and engagement metrics
• AI interaction data (prompts, queries, outputs)
• Assessment and diagnostic results
• Purchase history and commercial information
• Inferences about preferences, interests, and behavior patterns
• Geolocation data (general location derived from IP address)

How We Monetize Data

We may monetize your data in the following ways:

• Selling personal information to data brokers, advertisers, and marketing companies
• Licensing aggregated datasets and insights to business partners and research institutions
• Sharing data with advertising partners to deliver targeted ads across the internet
• Creating and selling data products, benchmarks, and industry reports
• Providing data to AI training partners for model development

Your Right to Opt Out

You can opt out of the sale of your personal information by contacting us at legal@scottoldford.com with the subject line "Do Not Sell My Personal Information." We will process your opt-out request within 15 business days.

Aggregated and de-identified data may be sold or shared without restriction and without opt-out rights, as it cannot reasonably be used to identify you.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. The specific retention periods depend on the type of data and the context in which it was collected.

Criteria for Determining Retention Periods: When determining retention periods, we consider the amount, nature, and sensitivity of the personal information; the potential risk of harm from unauthorized use or disclosure; the purposes for which we process the data; whether we can achieve those purposes through other means; and applicable legal, regulatory, tax, accounting, or other requirements.

When personal information is no longer needed for any purpose and no legal retention requirement applies, we will securely delete or anonymize the information. Anonymized data may be retained indefinitely for research and analytical purposes.

8. Data Security

We take the security of your personal information seriously and implement a combination of technical, administrative, and physical safeguards to protect your data against unauthorized access, alteration, disclosure, or destruction.

Technical Measures

Our technical security measures include: encryption of data in transit using TLS/SSL protocols; encryption of sensitive data at rest using industry-standard encryption algorithms (AES-256); secure server infrastructure with firewall protection and intrusion detection systems; regular security assessments and vulnerability scanning; secure coding practices and code review processes; multi-factor authentication for administrative access; and automated security monitoring and alerting.

Organizational Measures

Our organizational security measures include: role-based access controls ensuring employees can only access data necessary for their job functions; regular employee training on data protection, privacy best practices, and security awareness; confidentiality agreements for all employees and contractors who handle personal data; vendor security assessments before engaging third-party service providers; and regular review and updating of our security policies and procedures.

Incident Response

We maintain an incident response plan to address potential data breaches. In the event of a security incident that results in unauthorized access to, or disclosure of, your personal information, we will notify affected individuals and relevant regulatory authorities as required by applicable law, investigate the incident and take measures to mitigate harm, and implement corrective actions to prevent recurrence.

No Absolute Guarantee: While we strive to protect your personal information using commercially reasonable measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee the absolute security of your data. Any transmission of personal information is at your own risk.

Your Role in Security: We encourage you to take steps to protect your own information by using strong, unique passwords; enabling two-factor authentication where available; keeping your login credentials confidential; logging out of your account after use, especially on shared devices; and promptly notifying us if you suspect any unauthorized access to your account.

9. Your Privacy Rights

We respect your rights regarding your personal information. Depending on your location and applicable laws, you may have the following rights:

9.1 Rights for All Users

Regardless of your location, we provide all users with the following rights:

• Right to Access: You may request a copy of the personal information we hold about you.
• Right to Correction: You may request that we correct any inaccurate or incomplete personal information we hold about you.
• Right to Deletion: You may request that we delete your personal information, subject to certain exceptions (such as legal retention requirements or fraud prevention).
• Right to Opt Out of Marketing: You may opt out of receiving marketing communications at any time by clicking the "unsubscribe" link in our emails, updating your communication preferences in your account settings, or contacting us directly.
• Right to Withdraw Consent: Where we rely on your consent to process your personal information, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us at the email address provided in the "Contact Us" section. We will respond to your request within 45 days.

9.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business or commercial purposes for collecting or selling the information, and the categories of third parties with whom we share the information.
• Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.
• Right to Opt Out of Sale/Sharing: You have the right to opt out of the "sale" or "sharing" of your personal information. To opt out, email legal@scottoldford.com with the subject line "Do Not Sell My Personal Information." You may also opt out via our cookie preference tools or by sending a Global Privacy Control (GPC) signal from your browser.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to only what is necessary. To exercise this right, contact us at legal@scottoldford.com with the subject line "Limit Use of Sensitive Personal Information."
• Right to Opt Out of Automated Decision-Making: You have the right to opt out of any automated decision-making technology, including profiling, that produces legal or similarly significant effects.
• Authorized Agent: You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization (such as a signed written authorization or power of attorney).

9.3 EU/EEA/UK Residents (GDPR)

If you are located in the European Union (EU), European Economic Area (EEA), or the United Kingdom (UK), you have additional rights under the General Data Protection Regulation (GDPR) and the UK GDPR.

Legal Bases for Processing

We process your personal data based on one or more of the following legal bases:

• Consent: Where you have given us explicit consent to process your personal data for a specific purpose (e.g., subscribing to our newsletter, opting in to marketing communications).
• Contractual Necessity: Where processing is necessary for the performance of a contract with you (e.g., providing purchased courses, processing payments, managing your account).
• Legitimate Interest: Where processing is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not overridden by your fundamental rights.
• Legal Obligation: Where processing is necessary to comply with a legal obligation to which we are subject (e.g., tax reporting, responding to lawful requests).

Your GDPR Rights

In addition to the rights listed in Section 9.1, EU/EEA/UK residents have the right to:

• Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format, and transmit it to another controller.
• Restrict Processing: Request restriction of processing of your personal data in certain circumstances.
• Object to Processing: Object to processing based on legitimate interests or for direct marketing purposes.
• Lodge a Complaint: Lodge a complaint with a data protection supervisory authority in your country of residence.

International Data Transfers

Your personal data may be transferred to and processed in the United States, where our primary servers are located. We ensure appropriate safeguards for such transfers through Standard Contractual Clauses (SCCs) approved by the European Commission, supplementary measures as required, and compliance with the EU-US Data Privacy Framework where applicable.

9.4 Other Jurisdictions

Canadian Residents (PIPEDA)

If you are a resident of Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) or substantially similar provincial legislation. These rights include the right to access your personal information, the right to challenge its accuracy and have it amended, and the right to withdraw consent for collection, use, or disclosure of your information. You may also file a complaint with the Office of the Privacy Commissioner of Canada.

Other Applicable Laws

We are committed to complying with applicable privacy and data protection laws in all jurisdictions where we operate or where our users are located. If you believe you have additional rights under the laws of your jurisdiction, please contact us and we will evaluate your request in accordance with applicable law.

10. International Data Transfers

The Oldford Company LLC is based in the United States. If you access our services from outside the United States, please be aware that your information may be transferred to, stored in, and processed in the United States, where our servers are located and our central database is operated.

The data protection and privacy laws of the United States may differ from the laws of your country of residence. By using our services, you consent to the transfer of your information to the United States and to the processing of your information in the United States in accordance with this Privacy Policy.

We implement the following safeguards for international data transfers:

• Standard Contractual Clauses (SCCs): For transfers from the EU/EEA/UK, we use Standard Contractual Clauses approved by the European Commission and the UK Information Commissioner's Office, supplemented by additional safeguards as necessary.
• Data Privacy Framework: We comply with the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework, as applicable.
• Adequacy Assessments: We conduct transfer impact assessments to evaluate the level of data protection in the recipient country and implement supplementary measures where necessary.
• Encryption: All data transferred internationally is encrypted in transit using TLS/SSL protocols.

11. Children's Privacy

Our services are intended for a general audience of business professionals and are not directed at children under the age of 13 (or under the age of 16 in certain jurisdictions, including the EEA/UK).

We do not knowingly collect, use, or disclose personal information from children under 13 (or 16 where applicable). If we become aware that we have collected personal information from a child under the applicable age threshold without verified parental consent, we will take steps to promptly delete that information.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at the email address provided in the "Contact Us" section. We will investigate and promptly delete any such information.

12. Email and Communication Preferences

We send several types of communications to our users:

Transactional Communications

These include order confirmations, payment receipts, account verification emails, password reset links, subscription renewal notices, service updates, and other communications directly related to your use of our services. You cannot opt out of transactional communications while your account is active, as they are essential to providing our services.

Marketing Communications

These include promotional emails, product announcements, special offers, educational content, webinar invitations, and other marketing messages. You can opt out of marketing communications at any time by: clicking the "unsubscribe" link at the bottom of any marketing email; updating your email preferences in your account settings; or contacting us at the email address provided in the "Contact Us" section. We will process your opt-out request within 10 business days.

Newsletter Communications

Our newsletters deliver educational content, industry insights, business strategies, and curated resources. Each newsletter includes an unsubscribe link. You may subscribe to or unsubscribe from individual newsletters without affecting other subscriptions.

SMS / Text Message Communications

If you have opted in to receive SMS or text message communications from us, you can opt out at any time by replying "STOP" to any text message, updating your communication preferences in your account settings, or contacting us directly. Standard message and data rates may apply.

13. Third-Party Links and Services

Our websites and services may contain links to third-party websites, applications, and services that are not operated or controlled by The Oldford Company LLC. These may include links to social media profiles, partner websites, recommended tools and resources, affiliate links, embedded content (such as YouTube videos or podcast players), and other external resources.

We are not responsible for the privacy practices, content, or security of any third-party websites or services. The inclusion of a link does not imply endorsement of the linked site or service. We strongly encourage you to review the privacy policy and terms of service of any third-party website or service before providing any personal information or engaging with that site or service.

Social Media Features and Widgets: Our services may include social media features such as sharing buttons, embedded feeds, and "like" or "follow" buttons for platforms including Facebook, Instagram, Twitter/X, LinkedIn, YouTube, and TikTok. These features may collect your IP address, the page you are visiting, and may set cookies to enable the feature to function properly. These social media features are governed by the respective platform's privacy policy.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational, legal, or regulatory reasons. When we make changes, we will update the "Last Updated" date at the top of this Privacy Policy.

Material Changes: For material changes that significantly affect how we collect, use, or share your personal information, we will provide at least 30 days' prior notice before the changes take effect. This notice will be provided via email to the address associated with your account and/or through a prominent notice on our websites.

Non-Material Changes: For minor, non-material changes (such as typographical corrections, formatting updates, or clarifications that do not change the substance of the policy), we may update the policy without prior notice.

Your continued use of our services after the effective date of any changes to this Privacy Policy constitutes your acceptance of those changes. If you do not agree with the updated Privacy Policy, you should discontinue your use of our services and contact us to request deletion of your account and personal information.

We encourage you to periodically review this Privacy Policy to stay informed about how we protect your information. Previous versions of this Privacy Policy are available upon request.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us using the information below:

How to Submit Data Requests

To submit a request to access, correct, delete, or port your personal information, or to exercise any of your privacy rights described in this Privacy Policy, please email us at legal@scottoldford.com with the subject line "Privacy Request." In your request, please include your full name, the email address associated with your account, a description of the right you wish to exercise, and any additional details that may help us locate and process your request.

How to Opt Out of the Sale of Personal Information

To opt out of the sale of your personal information, email legal@scottoldford.com with the subject line "Do Not Sell My Personal Information." You may also send a Global Privacy Control (GPC) signal from your browser.

Verification

To protect your privacy and security, we may need to verify your identity before processing your request. Verification may involve confirming information we have on file or providing additional documentation.

Response Timeframe

We will acknowledge receipt of your request within 10 business days and will respond to your request within 45 days of receipt. If we require additional time to fulfill your request (for example, due to the complexity or volume of requests), we will notify you of the extension within the initial 45-day period. The extension will not exceed an additional 45 days (90 days total from the date of your original request). We will explain the reason for the extension in our notification.

Complaints

If you are not satisfied with our response to your request, you have the right to lodge a complaint with the appropriate data protection authority in your jurisdiction. For EU residents, a list of data protection authorities is available on the European Data Protection Board website. For California residents, you may contact the California Attorney General's office.