Privacy Policy

How we handle your data.

Plain English. No dark patterns. Last updated May 5, 2026.

The short version

  • We never sell your data. Not to advertisers, not to brokers, not to anyone. Ever.
  • We only use what you give us for ourselves — to reply to you, to personalize what we show you on the site and in email, and to send you the occasional marketing email (think: the next cohort opens, a new tool, a piece of writing). Roughly once a month, often less.
  • You can ask what we have, ask us to delete it, ask us to fix it, or unsubscribe — any time. Email [email protected] and a real human will respond.

Who we are

This site is run by Vincent DiPaola, doing business as teamvince, a sole proprietor based in Brooklyn, NY. We're the data controller for everything described below.

What we collect

From the forms you fill out on /consult, /coaching, /harness, and /waitlist:

  • Your name and email (always)
  • Where applicable: company, role, team size, the kind of help you're looking for, what's stuck, the idea you want help on, and a Loom-consent flag if you opt in to a 60-second Loom take on your idea
  • UTM parameters, the page that referred you, and a Cloudflare Turnstile token (so we know you're not a bot)

Automatically, when you visit any page:

  • Anonymous page-view analytics via PostHog. We run PostHog in identified_only mode, which means we don't attach a name to your sessions until you submit a form. Until then it's a random distinct-id.
  • Standard server-side request data: IP address, user agent, the page you came from. We use this only for spam/abuse handling, and we don't keep it tied to a profile.

What we don't collect:

  • Payment card details — Stripe handles those. We never see them.
  • Precise location. Country-level analytics is the most we'd ever know.
  • Anything we don't ask you for on a form. There are no hidden trackers.

Why we collect it

  • To reply to you when you reach out about consulting, coaching, the course, or the harness.
  • To send the welcome email — for example, the harness starter zip when you grab the lead magnet, or cohort logistics when you sign up for the course or the waitlist.
  • To personalize what you see. If you've already grabbed the harness, we don't push it at you again. If you signed up for the waitlist, we send you the next-cohort email before the public.
  • To send the occasional marketing email — roughly once a month, often less. New cohort, new tool, new writing. Every email has a one-click unsubscribe.
  • To keep spammers out — that's the Cloudflare Turnstile token.

Who else sees it

We use a small set of third parties to make the site run. Each one only sees what they need to do their job:

  • Supabase — stores form submissions in our intake_submissions table. Hosted in the US.
  • Resend — sends transactional emails (welcome, replies) and the occasional marketing email.
  • PostHog — anonymous-by-default product analytics. US instance (us.i.posthog.com).
  • Cloudflare Turnstile — bot challenge that runs on the forms.
  • Google Fonts — serves the typefaces (Inter, Playfair Display, JetBrains Mono). Google may log the request your browser makes to fetch the font files.
  • Gamma.app — embedded slide decks on a few pages. Gamma's scripts load when you view those pages.
  • Stripe — handles checkout for paid services. Their privacy policy applies at the checkout step.
  • GitHub — hosts the open-source repos we link to. Visiting them is governed by GitHub's terms.

We do not share your data with anyone for advertising, retargeting, profiling, or resale. Not now, not ever.

How long we keep it

  • Form submissions: we keep them while you're a relevant lead, customer, or alum. If you ask us to delete them, we delete them.
  • Analytics: per PostHog's defaults — generally up to a year, then aggregated.
  • Marketing list: until you unsubscribe. Unsubscribing removes you from future emails immediately.
  • Email threads: we keep email threads in our inbox the way any business does. If you'd like a thread purged, ask.

Your rights

You can ask us to:

  • Tell you what we have on you
  • Correct anything that's wrong
  • Delete it (we will, unless we're required to keep something for tax or legal reasons)
  • Stop sending you marketing email — every email has an unsubscribe link, but you can also just ask
  • Send you a copy of what we have, in a portable format

Email [email protected]. We aim to respond within a few business days. If you're in the EU, UK, or California, you have these rights under your local law as well — same email, same response.

Cookies and similar tech

What gets set on your browser when you visit:

  • A PostHog distinct-id cookie (anonymous until you submit a form)
  • Cloudflare Turnstile cookies during a bot challenge on the forms
  • Standard browser storage from Google Fonts and Gamma when those load

No third-party advertising cookies. No cross-site tracking pixels. No retargeting. You can clear cookies or block them in your browser at any time; the site will still work.

Kids

The site isn't aimed at anyone under 16. Please don't send us a child's information.

Security

The site runs over TLS. Form submissions are stored in Supabase with row-level security. The only Supabase key in client code is the publishable one, which is scoped to insert-only on the intake table. Nothing's perfectly secure, but we treat your data carefully and we'd rather store less than more.

Changes to this policy

We may update this policy. The "last updated" date at the top is the source of truth. If a change materially affects how we use your data, we'll email anyone on our list before it takes effect.

Contact

Questions, requests, anything — email [email protected].

See also: Terms & Conditions.