Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

When you interact with our Services, you may provide:

• Account Information: name, email address, password, and business information when creating an account
• Assessment Data: business operations data, revenue information, team size, and operational challenges submitted through the Operator Assessment
• Course and Membership Data: progress through B3 courses, quiz and test results, implementation plans, and completion records via The Operator Hub
• Payment and Billing Information: credit card details, billing address, and subscription details for The Operator Hub and The Operator Academy
• Communications: emails, support requests, community messages, feedback, and Office Hours session notes
• Grant Applications: business details, financials, implementation plans, and performance data submitted when applying for Academy grant funding
• User-Generated Content: any content you post in community forums, comment sections, or other interactive areas

1.2 Information Collected Automatically

When you access our Services, certain information is collected automatically:

• Device and Technical Data: IP address, browser type and version, operating system, device identifiers, screen resolution
• Usage Data: pages viewed, time spent on each page, links clicked, navigation paths, and referring URLs
• Analytics Data: aggregated behavioral data collected via Google Analytics (G-Z4DC1V02CJ) including session duration, bounce rate, and traffic sources
• Cookies and Similar Technologies: session identifiers, preference storage, and tracking pixels (see Section 4)
• General Location Data: country and region inferred from IP address. We do not collect precise GPS location.

1.3 Information from Third Parties

We may receive information from third-party services integrated with our platform, including our assessment platform (ScoreApp), payment processors (Stripe), email service providers (ConvertKit), and social media platforms when you interact with our content. We handle all third-party data in accordance with this Privacy Policy.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Providing, operating, and maintaining our website and Services
• Processing your membership subscriptions and payments for The Operator Hub and The Operator Academy
• Delivering course content, tracking your progress, and issuing completion records
• Personalizing content and recommendations based on your assessment results and learning history
• Sending transactional communications such as receipts, course access, and account updates
• Sending educational and marketing communications including the Notebook of a COO newsletter and new episode notifications. You can opt out at any time.
• Evaluating grant applications and communicating with grant recipients
• Analyzing usage patterns to improve the Services and create new content
• Preventing fraud, unauthorized access, and abuse of the Services
• Complying with applicable laws and regulations
• Enforcing our Terms of Service and other agreements

3. How We Share Your Information

We do not sell your personal information. We may share your information only in the following limited circumstances:

3.1 Service Providers

We share information with trusted third-party vendors who perform services on our behalf and are contractually bound to protect your data, including: Stripe (payment processing), ScoreApp (assessment delivery), ConvertKit (email marketing), Google Analytics (analytics), Kajabi (course platform hosting), and Make.com and related automation tools.

3.2 Legal Requirements

We may disclose your information when required by law or when we reasonably believe disclosure is necessary to comply with legal process, protect the rights or safety of our users or the public, enforce our Terms of Service, or prevent fraud or security threats.

3.3 Business Transfers

If Notebook of a COO is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

3.4 With Your Explicit Consent

We may share your information with third parties when you have given us your explicit consent, for example if you agree to be featured as a grant recipient success story. You may withdraw consent at any time by contacting us.

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies. The types we use include:

• Strictly Necessary Cookies: required for the website to function. These cannot be disabled.
• Analytics Cookies: help us understand how visitors use the site. We use Google Analytics for this purpose. Analytics data is aggregated and anonymized.
• Preference Cookies: remember your settings, language preferences, and choices.
• Marketing Cookies: measure the effectiveness of our marketing campaigns.

You can control cookies through your browser settings and by opting out of specific tracking. For Google Analytics opt-out, visit tools.google.com/dlpage/gaoptout.

5. Data Security

We implement industry-standard technical and organizational security measures including SSL/TLS encryption for all data transmission, encrypted storage of passwords and sensitive account data, payment data handled exclusively by PCI-compliant processors (Stripe, we do not store full card numbers), access controls limiting data access to personnel who require it, and regular review of data collection and storage practices.

However, no method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law. Active accounts are retained for the duration of your membership. Closed accounts: basic records may be retained for up to 7 years for legal, tax, and accounting purposes. Payment records are retained as required by financial regulations. Grant recipient records are retained for up to 5 years post-grant.

7. Your Privacy Rights

Depending on your location and applicable law, you may have rights to access, correct, delete, or receive a portable copy of your personal information; opt out of marketing emails at any time using the unsubscribe link in any email; object to processing for direct marketing; or request restriction of processing in certain circumstances.

To exercise any of these rights, email us at privacy@notebookofacoo.com. We will respond within 30 days. We may need to verify your identity before processing your request.

8. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@notebookofacoo.com and we will promptly delete that information.

9. International Data Transfers

Notebook of a COO is based in the United States. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using our Services, you consent to the transfer and processing of your information as described in this Privacy Policy. We implement appropriate safeguards, including standard contractual clauses where required, to ensure your information is protected during international transfers.

10. Third-Party Links and Services

Our Services may contain links to third-party websites and platforms, including our podcast on Spotify and Apple Podcasts, our YouTube channel, and social media platforms. We are not responsible for the privacy practices of these third parties. This Privacy Policy does not apply to any third-party sites or services. We encourage you to review the privacy policies of any third-party services you interact with through our content.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we have collected and disclosed, the right to delete your personal information, the right to correct inaccurate information, and the right to non-discrimination for exercising your CCPA rights.

We do not sell personal information. You do not need to opt out. To exercise your California privacy rights, submit a verifiable consumer request to privacy@notebookofacoo.com. We will respond within 45 days as required by law.

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) or applicable local laws. Our legal bases for processing your data include performance of a contract (delivering Services you have purchased), legitimate interests (improving our Services, fraud prevention), compliance with legal obligations, and your consent (for marketing communications).

You have the right to withdraw consent at any time without affecting the lawfulness of prior processing. You also have the right to lodge a complaint with your local data protection supervisory authority. To exercise your GDPR rights, contact privacy@notebookofacoo.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page with a new "Last Updated" date, and for significant changes, we will send a notification to your registered email address. Your continued use of the Services after changes are posted constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy team: