This Privacy Policy explains how Yaroslav Lengerd, an individual doing business as “Lengerd” (“Lengerd”, “we”, “us”, or “our”) collects, uses, shares, and protects personal data when you use the website lengerd.com and the related services (the “Services”). It also describes your rights and how to exercise them.
This Policy should be read together with our Terms of Service. By using the Services, you acknowledge the practices described here.
1. Who We Are (Data Controller)
The data controller responsible for your personal data is:
Lengerd (Yaroslav Lengerd)
Email: info@lengerd.com
For any privacy question or to exercise your rights, contact us at info@lengerd.com.
2. Scope
This Policy applies to personal data we process about visitors, subscribers, and customers of the Services. It does not apply to third-party websites or services we link to, which have their own privacy policies.
3. Personal Data We Collect
We collect only the data we need to operate the Services. We do not ask for, and you should not submit, sensitive data such as health, medical, or special-category information.
3.1 Data you provide to us
- Email address — when you subscribe, request a protocol, or make a purchase.
- Name / first name — if you choose to provide it.
- Subscription preferences — the topics and lists you choose to receive (e.g., articles, protocol updates, artifacts).
- Communications — the content of messages you send us (e.g., support emails).
3.2 Order and payment data
- When you make a purchase, we and our payment provider process an order identifier, product purchased, amount, currency, and payment status. Payment itself (including any cryptocurrency or card details) is handled by our payment provider — we do not receive or store your full payment credentials.
3.3 Data collected automatically
- Technical and usage data — such as IP address, browser and device type, referring pages, and interactions with the Services, collected through our hosting and analytics provider.
- Access and security data — to protect paid content and enforce per-account device limits, we process your IP address and browser user-agent to generate a device “fingerprint” and detect unauthorized sharing or abuse.
- Cookies — see Section 7.
4. How We Collect Data
We collect data: (a) directly from you, when you submit a form, subscribe, purchase, or contact us; and (b) automatically, through cookies and similar technologies and through our hosting, analytics, and payment providers when you use the Services.
5. Purposes and Legal Bases for Processing
Where the EU/UK General Data Protection Regulation (“GDPR”) applies, we rely on the following legal bases:
| Purpose | Data used | Legal basis |
|---|---|---|
| Provide access to protocols, books, and other products you request or buy | Email, name, order data, access tokens | Performance of a contract (Art. 6(1)(b)) |
| Process and confirm payments | Email, order data | Performance of a contract (Art. 6(1)(b)) |
| Send marketing and content emails you subscribed to | Email, name, preferences | Consent (Art. 6(1)(a)) |
| Protect paid content, enforce device limits, prevent fraud and abuse, secure the Services | IP address, user-agent, device fingerprint, access logs | Legitimate interests (Art. 6(1)(f)) |
| Measure and improve performance and usage of the Services | Technical/usage and analytics data | Legitimate interests (Art. 6(1)(f)) |
| Comply with legal obligations and respond to lawful requests | As relevant | Legal obligation (Art. 6(1)(c)) |
Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms. You may object to such processing as described in Section 11. Where we rely on consent, you may withdraw it at any time.
6. Marketing Communications
If you subscribe, we send emails through our communications provider (Customer.io) based on the topics you selected. You can unsubscribe at any time using the link in any email or by managing your preferences via the account/preferences page, or by emailing info@lengerd.com. Withdrawing consent does not affect the lawfulness of processing before withdrawal, and does not stop service-related (transactional) messages such as purchase confirmations and access links.
7. Cookies and Similar Technologies
We use a minimal set of cookies and technologies:
- Strictly necessary / functional cookies. We set
vault_tokenandvault_verified_*cookies (both HTTP-only and secure) solely to verify your access to protected content and to keep you signed in to protocols you are entitled to. These are essential to provide a service you request and are exempt from consent requirements. - Analytics. We use Vercel Web Analytics and Vercel Speed Insights to understand aggregate usage and performance (such as page views and Core Web Vitals). This analytics is privacy-friendly and does not use cookies for cross-site tracking or build advertising profiles.
- No advertising or third-party tracking cookies. We do not use cookies for advertising, retargeting, or selling data.
You can control or delete cookies through your browser settings; blocking strictly necessary cookies may prevent access to paid content.
8. How We Share Data (Service Providers / Sub-Processors)
We do not sell your personal data. We share it only with trusted service providers who process it on our behalf to operate the Services, under appropriate agreements:
- Customer.io — email delivery and subscription management. Privacy policy: customer.io/legal/privacy-policy
- OxaPay — payment processing (including cryptocurrency). Privacy policy: oxapay.com/privacy-policy
- Vercel — website hosting, content delivery, and privacy-friendly analytics. Privacy policy: vercel.com/legal/privacy-policy
We may also disclose data where required to comply with law, enforce our Terms of Service, protect our or others’ rights, safety, and property, or in connection with a business transfer (such as a merger or sale of assets).
9. International Data Transfers
We and our service providers may process and store data in countries outside your own, including the United States, which may have different data-protection laws. Where we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland to a country without an adequacy decision, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK Addendum where applicable) implemented by our service providers. You may request more information about these safeguards by contacting us.
10. Data Retention
We keep personal data only as long as necessary for the purposes described in this Policy:
- Subscriber/marketing data — until you unsubscribe or ask us to delete it, after which it is removed or anonymized within a reasonable period.
- Order and transaction records — for as long as needed to provide access and to meet legal, accounting, and tax obligations.
- Security and access logs — for a limited period needed to protect the Services.
When data is no longer needed, we delete or anonymize it.
11. Your Rights
11.1 If you are in the EEA, UK, or Switzerland (GDPR), you have the right to: access your data; rectify inaccurate data; erase your data (“right to be forgotten”); restrict processing; data portability; object to processing based on legitimate interests or to direct marketing; and withdraw consent at any time. You also have the right to lodge a complaint with your local data-protection supervisory authority.
11.2 If you are in California (CCPA/CPRA) or another U.S. state with similar laws, you have the right to: know what personal information we collect and how it is used and shared; access and delete your personal information; correct inaccurate information; and opt out of the “sale” or “sharing” of personal information. We do not sell or share personal information as those terms are defined under California law. We will not discriminate against you for exercising your rights.
11.3 How to exercise your rights. Email info@lengerd.com with your request. We may need to verify your identity before acting. We respond within the timeframes required by applicable law (generally within one month under GDPR). These rights may be subject to legal limitations and exceptions.
12. Data Security
We use reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, or alteration, including encryption in transit, access controls, and HTTP-only secure cookies. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
13. Children’s Privacy
The Services are intended only for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, contact us at info@lengerd.com and we will delete it.
14. Changes to This Policy
We may update this Policy from time to time. The “Last updated” date above shows when it last changed. Material changes will be communicated by reasonable means (such as posting on the Services or by email). Your continued use of the Services after changes take effect constitutes acceptance of the updated Policy.
15. Contact
For privacy questions or to exercise your rights:
Lengerd
Email: info@lengerd.com
This Privacy Policy is provided in the English language, which is the controlling language.