Privacy.

1. Who we are

“Chad The Degen”, “we”, “us”, or “the site” refers to the personal brand and educational content business operating at chadthedegen.com, based in Australia. The site is operated by Chad The Degen as a sole trader and is currently small enough to fall under the small-business exemption in the Privacy Act 1988 (Cth). We comply with the Australian Privacy Principles (APPs) as best practice regardless.

2. What we collect

We only collect data when you choose to give it to us, or when our infrastructure necessarily logs it.

Provided directly

• Email address (newsletter signup, course/community waitlists, contact form).
• First name (optional, on most signup forms).
• Source attribution for the form you used (e.g. “newsletter-hero”, “bot-builder-waitlist”) so we know which page led to a signup.
• Contact form content — name, email, optional company name, and your message.
• Payment information, if you purchase a course (handled directly by Stripe — we never see or store your card details).
• Optional testimonials you choose to submit.

Collected automatically

• Server logs from our hosting provider, including IP address, browser user-agent, and request timestamps. Used for rate limiting, abuse prevention, and operational monitoring.
• Aggregated, anonymised page-traffic and conversion analytics. We do not use cross-site trackers or advertising cookies.
• Standard cookies required for the site to function (e.g. session cookies for the admin area and Stripe checkout flow).

3. How we use it

• Sending the newsletter and transactional emails you signed up for.
• Notifying you when waitlisted products (e.g. Bot Builder, Degen Lab) open.
• Replying to contact-form submissions.
• Processing payments and providing course access.
• Operational analytics — understanding which pages convert, which content lands, where to invest effort.
• Preventing spam, abuse, and unauthorised access via rate limiting and standard security controls.
• Complying with our legal obligations — including any reasonable request from Australian regulators or law enforcement.

We do not sell, rent, or trade your data to third parties. We do not use your email address for advertising or remarketing campaigns outside our own newsletter.

4. Third-party services we use

We rely on a small number of trusted service providers to run the site. Each processes data on our behalf under their own privacy policies:

• Beehiiv — newsletter delivery and subscriber management.
• Resend — transactional and contact-form email delivery.
• Stripe — payment processing for courses. Stripe is PCI-DSS compliant; we do not see or store your card details.
• Vercel — site hosting, edge caching, and serverless functions.
• Neon — managed Postgres database for subscriber and content records.
• Upstash — rate-limiting cache.
• Clerk — authentication for the admin area (authors only, not public users).

Several of these providers are based in the United States. By using the site you consent to your data being processed in jurisdictions outside Australia, subject to the protections offered by those providers.

5. Cookies and tracking

We use a minimal cookie set: session cookies required for the admin area, the Stripe checkout flow, and basic anonymised analytics. We do not use third-party advertising cookies, retargeting pixels, or cross-site tracking. We do not sell data to advertising networks. You can configure your browser to block or delete cookies; some site functionality (e.g. checkout) may not work if you do.

6. Data security

We use industry-standard practices to protect your data: HTTPS for all traffic (HSTS preloaded), security response headers (CSP, X-Frame-Options, Permissions-Policy), input sanitisation, rate limiting on sensitive endpoints, and access controls on admin tooling. No system is perfectly secure — if we ever become aware of a data breach affecting your information, we will notify you in line with the Notifiable Data Breaches scheme under the Privacy Act.

7. Data retention

We keep subscriber records for as long as your subscription is active, plus a reasonable buffer for unsubscribe and audit purposes. Contact-form messages are retained in our inbox in line with normal business correspondence. You can request earlier deletion at any time (see “Your rights” below). Payment records are retained for the period required by Australian tax and accounting obligations (typically seven years).

8. Your rights

• Unsubscribe from the newsletter at any time using the link at the bottom of every email.
• Access the personal information we hold about you. Email chad@chadthedegen.com from the address we have on file.
• Correct any data that is inaccurate or incomplete.
• Delete your data, except where we are required to retain it for legal reasons (e.g. tax records for paid purchases).
• Lodge a complaint with us first — we'll do our best to resolve it. If unsatisfied, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

9. Children

The site is intended for adults aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe a minor has submitted data to us, contact us and we will delete it promptly.

10. International users

If you access the site from outside Australia, your data may be transferred to, stored in, and processed in countries other than your own — including Australia and the United States. By using the site you consent to this transfer. If you are in the EU/UK, you may have additional rights under the GDPR; contact us for any specific request.

11. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top reflects the most recent change. Material changes will be highlighted on the site or sent to current subscribers by email. Continued use of the site after an update constitutes acceptance of the updated policy.

12. Contact

Privacy questions, data requests, or complaints can be sent to chad@chadthedegen.com. We aim to acknowledge within 48 hours and resolve substantively within 30 days.