Privacy Policy

Last Updated: November 20, 2025
Effective Date: November 20, 2025

Global Solo OS ("we", "us", or "our") operates the website https://globalsolo.global (the "Website" or "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our Website and use our Services. By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service. --- ## Table of Contents 1. [Information We Collect](#1-information-we-collect) 2. [How We Use Your Information](#2-how-we-use-your-information) 3. [Legal Basis for Processing (GDPR)](#3-legal-basis-for-processing-gdpr) 4. [Third-Party Service Providers](#4-third-party-service-providers) 5. [International Data Transfers](#5-international-data-transfers) 6. [Data Retention](#6-data-retention) 7. [Your Privacy Rights](#7-your-privacy-rights) 8. [Cookies and Tracking Technologies](#8-cookies-and-tracking-technologies) 9. [Payment Processing](#9-payment-processing) 10. [Children's Privacy](#10-childrens-privacy) 11. [Data Security](#11-data-security) 12. [Changes to This Privacy Policy](#12-changes-to-this-privacy-policy) 13. [Contact Us](#13-contact-us) --- ## 1. Information We Collect ### 1.1 Information You Provide Directly We collect information that you voluntarily provide when using our Service: **Account and Profile Information:** - Name - Email address - Company name (optional) - Country/region **Assessment Data:** - Global Solo Assessment responses - Calculated scores and results - Business structure information **Purchase Information:** - Billing name - Email address for receipts - Product/service selection - Note: Payment card information is collected and processed by our payment processors (Stripe and Lemon Squeezy) and is NOT stored on our servers. **Communications:** - Customer support inquiries - Email correspondence - Newsletter subscriptions - Feedback and survey responses ### 1.2 Information Collected Automatically When you access our Website, we automatically collect certain information: **Usage Data:** - Pages visited and content viewed - Time spent on pages - Click patterns and navigation paths - Referral source (how you found us) - Entry and exit pages **Device Information:** - IP address - Browser type and version - Operating system - Device type (desktop, mobile, tablet) - Screen resolution - Language preferences **Location Data:** - Country and city (derived from IP address) - Timezone - Note: We do not collect precise geolocation data. **Cookies and Similar Technologies:** - See our [Cookie Policy](/legal/cookie-policy) for detailed information ### 1.3 Information from Third Parties We may receive information about you from third-party sources: **Payment Processors:** - Transaction confirmation - Payment status - Refund status **Marketing Platforms:** - Email engagement metrics (opens, clicks) - Subscription status **Analytics Providers:** - Aggregated usage statistics - Conversion data --- ## 2. How We Use Your Information We use the collected information for the following purposes: ### 2.1 Service Provision - Create and manage your account - Process assessment submissions - Deliver purchased products (guides, services) - Provide customer support - Send transactional emails (receipts, confirmations) ### 2.2 Service Improvement - Analyze usage patterns and trends - Identify technical issues - Conduct user research - Improve Website functionality - Develop new features ### 2.3 Marketing and Communications - Send newsletters (with consent) - Share product updates and announcements - Provide relevant content recommendations - Send promotional offers (with consent) ### 2.4 Legal and Security - Prevent fraud and abuse - Enforce our Terms of Service - Comply with legal obligations - Protect our rights and property - Respond to legal requests ### 2.5 Analytics and Research - Measure marketing campaign effectiveness - Understand user demographics - Track conversion funnels - Generate business insights --- ## 3. Legal Basis for Processing (GDPR) For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data based on the following legal grounds: ### 3.1 Consent (Article 6(1)(a)) - Email marketing and newsletters - Analytics cookies - Marketing cookies - Optional data collection **You can withdraw consent at any time** via unsubscribe links, cookie settings, or by contacting us. ### 3.2 Contractual Necessity (Article 6(1)(b)) - Account creation and management - Order processing and fulfillment - Customer support - Transactional communications ### 3.3 Legitimate Interests (Article 6(1)(f)) - Website analytics and improvement - Fraud prevention and security - Network and information security - Internal administrative purposes ### 3.4 Legal Obligation (Article 6(1)(c)) - Tax and accounting records - Responding to legal requests - Regulatory compliance --- ## 4. Third-Party Service Providers We use trusted third-party service providers to help us operate our business. These providers have access to your personal information only to perform specific tasks on our behalf and are obligated to protect your information. ### 4.1 Database and Infrastructure **Supabase (Supabase, Inc.)** - **Purpose:** Application database, user authentication, file storage - **Data Stored:** User profiles, assessment data, session information, uploaded files - **Location:** United States (EU region available) - **Privacy Policy:** https://supabase.com/privacy - **Data Processing Agreement:** Available - **Compliance:** GDPR, SOC 2 Type II ### 4.2 Payment Processors **Stripe (Stripe, Inc.)** - **Purpose:** Credit/debit card payment processing - **Data Collected:** Payment card information, billing address, transaction details - **Location:** United States and European Union - **Privacy Policy:** https://stripe.com/privacy - **Compliance:** PCI-DSS Level 1, GDPR, SOC 2 Type II - **Data Processing Agreement:** Stripe Data Processing Addendum **Lemon Squeezy (Lemon Squeezy LLC)** - **Purpose:** Alternative payment processing, international payments - **Data Collected:** Payment information, billing details, order data - **Location:** United States - **Privacy Policy:** https://www.lemonsqueezy.com/privacy - **Compliance:** GDPR compliant - **Data Processing Agreement:** Available on request **Important:** We do NOT store payment card information on our servers. All payment data is collected and processed directly by Stripe and Lemon Squeezy using secure, PCI-compliant systems. ### 4.3 Analytics Providers **PostHog (PostHog, Inc.)** - **Purpose:** User behavior analytics, session recording, funnel tracking - **Data Collected:** Page views, click events, user interactions, session recordings - **Location:** United States - **Privacy Policy:** https://posthog.com/privacy - **Compliance:** GDPR, SOC 2 Type II - **Note:** Session recordings mask all form inputs by default **Google Analytics 4 (Google LLC)** - **Purpose:** Website traffic analysis, conversion tracking - **Data Collected:** Page views, session duration, referral sources, demographics - **Location:** Global (Google infrastructure) - **Privacy Policy:** https://policies.google.com/privacy - **Compliance:** GDPR, Privacy Shield (EU-US framework) - **Note:** IP anonymization enabled ### 4.4 Email Marketing **Resend (Resend, Inc.)** - **Purpose:** Email delivery, transactional emails - **Data Collected:** Email address, name, email engagement - **Location:** United States - **Privacy Policy:** https://resend.com/legal/privacy-policy - **Data Processing Agreement:** Available - **Compliance:** GDPR compliant --- ## 5. International Data Transfers ### 5.1 Transfer Mechanisms Some of our service providers are located in the United States and other countries outside your jurisdiction. When we transfer personal data internationally, we ensure appropriate safeguards are in place: **For EEA/UK Users:** - Standard Contractual Clauses (SCCs) approved by the European Commission - Data Processing Agreements with all processors - Technical and organizational security measures - Privacy Shield principles (where applicable) **For Swiss Users:** - Swiss-US Privacy Shield (where applicable) - Standard Contractual Clauses **For California Users:** - CCPA-compliant data processing agreements ### 5.2 Data Transfer by Service | Service | Location | Safeguard | |---------|----------|-----------| | Supabase | US (EU option) | SCCs, DPA | | Stripe | US & EU | SCCs, DPA, Privacy Shield | | Lemon Squeezy | US | DPA | | PostHog | US | SCCs, DPA, SOC 2 | | Google Analytics | Global | Privacy Shield, DPA | | Resend | US | DPA, SCCs | --- ## 6. Data Retention We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. ### 6.1 Retention Periods **Account Data:** - Active accounts: Duration of account existence + 30 days after closure - Inactive accounts (no login for 2 years): Deleted after notification **Assessment Data:** - Stored indefinitely for account holders - Guest submissions: 90 days **Transaction Records:** - 7 years (tax and accounting requirements) **Marketing Data:** - Until consent withdrawn or 2 years of inactivity **Analytics Data:** - PostHog: 7 years (configurable) - Google Analytics: 14 months (configurable) - Supabase: Indefinite (for internal analytics) **Support Communications:** - 3 years from last interaction ### 6.2 Deletion Process When data reaches its retention limit: 1. Automated deletion from active systems 2. Removal from backups within 90 days 3. Anonymization of analytics data 4. Permanent destruction (unrecoverable) --- ## 7. Your Privacy Rights Depending on your location, you have specific rights regarding your personal information. ### 7.1 Rights Under GDPR (EEA/UK Users) **Right to Access (Article 15)** - Request a copy of your personal data - Receive information about processing activities **Right to Rectification (Article 16)** - Correct inaccurate personal data - Complete incomplete information **Right to Erasure / "Right to be Forgotten" (Article 17)** - Request deletion of your personal data - Exceptions: Legal obligations, legitimate interests **Right to Restriction of Processing (Article 18)** - Limit how we use your data - Temporary suspension of processing **Right to Data Portability (Article 20)** - Receive your data in machine-readable format (JSON, CSV) - Transfer data to another service **Right to Object (Article 21)** - Object to processing based on legitimate interests - Opt-out of marketing at any time **Right to Withdraw Consent (Article 7(3))** - Withdraw consent for analytics, marketing - No impact on prior lawful processing **Right to Lodge a Complaint** - Contact your local data protection authority - EU: https://edpb.europa.eu/about-edpb/board/members_en ### 7.2 Rights Under CCPA (California Users) **Right to Know:** - Categories of personal information collected - Sources of information - Business purposes for collection - Third parties with whom we share data **Right to Delete:** - Request deletion of personal information - Exceptions: Legal obligations, contract performance **Right to Opt-Out:** - Opt-out of sale of personal information - **Note:** We do NOT sell personal information **Right to Non-Discrimination:** - Equal service and pricing regardless of privacy choices ### 7.3 How to Exercise Your Rights **Data Access, Deletion, or Portability Requests:** 1. Email us at help@globalsolo.global 2. Submit your request with verification details 3. Verify your identity (required for security) 4. Receive response within 30 days (GDPR) or 45 days (CCPA) **Marketing Opt-Out:** - Click "Unsubscribe" in any marketing email - Update preferences in your account settings - Email: help@globalsolo.global **Cookie Preferences:** - Use our Cookie Consent banner - Visit Cookie Settings (link in footer) - Configure browser settings **Contact Us:** - Email: help@globalsolo.global - Subject: "Privacy Rights Request" - Include: Your name, email, specific request --- ## 8. Cookies and Tracking Technologies We use cookies and similar technologies to enhance your experience, analyze usage, and deliver personalized content. For detailed information about our cookie practices, please see our [Cookie Policy](/legal/cookie-policy). **Cookie Categories:** - **Essential:** Required for Website functionality (always active) - **Analytics:** Usage tracking and performance measurement (requires consent) - **Marketing:** Personalized content and campaign tracking (requires consent) **Manage Cookie Preferences:** - Use our Cookie Consent banner (first visit) - Click "Cookie Settings" in the footer - Configure browser settings --- ## 9. Payment Processing ### 9.1 How Payments Work When you make a purchase on our Website: 1. You enter payment information on our checkout page 2. Data is transmitted directly to Stripe or Lemon Squeezy (not stored by us) 3. Payment processor securely processes the transaction 4. We receive only: - Transaction confirmation (success/failure) - Order details (product, amount, customer name/email) - Transaction ID (for refunds and support) **We never see or store your full payment card number.** ### 9.2 Payment Processor Selection **Stripe** is used for: - US-based customers - EU customers - Most international customers - Subscription payments **Lemon Squeezy** is used for: - Customers in specific regions (Pakistan, India, Nigeria) - Alternative payment methods - International transactions requiring local payment options ### 9.3 Refunds and Disputes Refund requests are processed through the original payment processor: **For Stripe Payments:** - Refunds issued to original payment method - Processing time: 5-10 business days **For Lemon Squeezy Payments:** - Refunds according to Lemon Squeezy terms - Processing time: 7-14 business days See our [Refund Policy](/legal/refund) for complete details. --- ## 10. Children's Privacy ### 10.1 Age Requirement Our Service is intended for individuals 18 years of age or older. We do not knowingly collect personal information from children under 18. **Age Verification:** - Users must be 18+ to create an account - Agreement to Terms of Service confirms age requirement - No active age verification system (business service context) ### 10.2 If We Learn of Child Data Collection If we become aware that we have collected personal information from a person under 18: 1. We will delete the information immediately 2. We will not use the information for any purpose 3. We will not disclose the information to third parties **Parents/Guardians:** If you believe your child has provided us with personal information, please contact us immediately at help@globalsolo.global. ### 10.3 COPPA Compliance Our Service is not directed to children under 13, and we do not knowingly collect information from children under 13 as defined by the Children's Online Privacy Protection Act (COPPA). --- ## 11. Data Security We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. ### 11.1 Security Measures **Technical Safeguards:** - TLS/SSL encryption for data in transit - AES-256 encryption for data at rest - Secure cookie attributes (HttpOnly, Secure, SameSite) - Regular security audits and penetration testing - Automated vulnerability scanning **Organizational Safeguards:** - Access controls and authentication - Employee confidentiality agreements - Regular security training - Incident response procedures - Data breach notification protocols **Infrastructure Security:** - Firewalls and intrusion detection - DDoS protection - Regular backup procedures - Disaster recovery plans ### 11.2 Third-Party Security All third-party processors we use maintain industry-standard security certifications: - SOC 2 Type II compliance - ISO 27001 certification - PCI-DSS compliance (payment processors) - Regular third-party security audits ### 11.3 Data Breach Notification In the event of a data breach that affects your personal information: **GDPR (EEA/UK):** - Notification to supervisory authority within 72 hours - Notification to affected users without undue delay - Details: Nature of breach, likely consequences, mitigation measures **CCPA (California):** - Notification to affected users in accordance with California Civil Code - Details: Types of information compromised, steps taken, contact information **General:** - Email notification to affected users - Public disclosure if required by law - Assistance with protective measures --- ## 12. Changes to This Privacy Policy ### 12.1 Updates and Modifications We may update this Privacy Policy from time to time to reflect: - Changes in our practices - New features or services - Legal or regulatory requirements - Industry best practices ### 12.2 Notification of Changes **Material Changes:** - "Last Updated" date revised at top of policy - Email notification to registered users - Prominent notice on Website - Request for renewed consent if required by law **Minor Changes:** - Updated "Last Updated" date - No direct notification for non-material changes ### 12.3 Your Acceptance **By continuing to use the Service after changes become effective, you accept the updated Privacy Policy.** If you do not agree with changes, you should: 1. Stop using the Service 2. Delete your account 3. Request deletion of your personal data --- ## 13. Contact Us ### 13.1 Privacy Inquiries For questions, concerns, or requests regarding this Privacy Policy or our data practices: **Email:** help@globalsolo.global **Subject Line:** "Privacy Inquiry" **Response Time:** Within 48 hours (business days) ### 13.2 Data Protection Officer For GDPR-related inquiries or to exercise your rights: **Email:** help@globalsolo.global **Subject Line:** "Data Protection Request" ### 13.3 Supervisory Authorities **EU/EEA Users:** You have the right to lodge a complaint with your local data protection authority: - List of EU Data Protection Authorities: https://edpb.europa.eu/about-edpb/board/members_en **UK Users:** - Information Commissioner's Office (ICO): https://ico.org.uk/ - Phone: 0303 123 1113 **California Users:** - California Attorney General: https://oag.ca.gov/ - Privacy Rights Hotline: 1-916-210-6276 --- ## Jurisdiction and Governing Law **Governing Law:** This Privacy Policy is governed by the laws of the State of Delaware, United States, without regard to its conflict of law provisions. **International Users:** While we operate under US law, we comply with GDPR, CCPA, and other applicable international data protection regulations for users in respective jurisdictions. **Dispute Resolution:** See our [Terms of Service](/legal/terms) for dispute resolution procedures. --- ## Effective Date This Privacy Policy is effective as of **November 20, 2025**. --- **Acknowledgment:** By using our Service, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. For questions or concerns, please contact us at help@globalsolo.global.