Privacy Policy

Last updated: May 2026

We keep this simple: we collect only what we need, we don't sell your data, and we're transparent about how we use it.

What we collect

When you create an account or purchase a membership, we collect your name and email address. Payment information is handled entirely by Stripe we never see or store your full card number. Stripe gives us a confirmation of the transaction and a customer ID we use to manage your subscription.

When you use DesignPass, we collect standard usage data: which sessions you've attended or watched, when you logged in, and basic device information like browser type. This helps us understand what's working and fix what isn't.

How we use it

We use your information to provide access to DesignPass to verify your membership, send you session reminders, and communicate important updates about the service. We use your email to send you information about upcoming sessions and occasional product announcements. You can opt out of marketing emails at any time by clicking unsubscribe in any email we send. You can't opt out of transactional emails (like receipts and login links) while you have an active account those are necessary for the service to work.

We don't use your data to train AI models, build advertising profiles, or sell to third parties. Full stop.

Third-party services

We use a small number of trusted services to run DesignPass:

Stripe handles all payment processing. When you purchase a membership, you're interacting with Stripe's infrastructure directly. Their privacy policy covers how they handle your payment data.

Cloudflare powers our video delivery. Session recordings are served through Cloudflare's network, which means your IP address and basic request information passes through their systems.

Email provider We use a transactional email service to send receipts, session reminders, and account-related messages. Your email address is stored with this provider solely for the purpose of sending you these messages.

We don't share your data with any other third parties without your explicit consent, except where required by law.

Cookies

We use only essential cookies the kind that are strictly necessary to run the service. This includes a session cookie that keeps you logged in and a cookie that remembers your preferences. We don't use advertising cookies, tracking pixels, or analytics cookies that profile your behavior across the web.

Data retention

We keep your account data for as long as you have an active membership. If you cancel, we retain your data for 90 days in case you want to come back or need records for your own purposes, after which we delete it from our active systems. Some information may remain in backups for up to 12 months, after which it's purged entirely.

Your rights

You can ask us to show you the data we hold about you, correct any inaccuracies, or delete your account and associated data entirely. To make any of these requests, email us at hi@joincofi.com. We'll respond within 30 days.

If you're in the EU or UK, you have additional rights under GDPR, including the right to data portability and the right to object to processing. We'll honor these regardless of where you're located it's just the right thing to do.

Security

We take reasonable measures to protect your information encrypted connections, secure infrastructure, and limited access to personal data within our team. No system is perfectly secure, but we're diligent about it.

Changes to this policy

If we make material changes to this policy, we'll let you know by email before the changes take effect. The date at the top of this page shows when it was last updated.

Questions

Privacy questions? Email us at hi@joincofi.com. We're a small team and we take these questions seriously.