PRIVACY POLICY

Last Updated: March 29, 2026

Skipthink LLC, d/b/a Skipthink.AI, ("Skipthink," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you purchase, access, or use our AI-generated digital products and services.

We have designed our services to minimize the personal data we collect. We do not use tracking cookies, we do not build advertising profiles, and we do not sell your personal information to third parties.

This Privacy Policy is incorporated into and forms part of our Terms of Service. By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

1. INFORMATION WE COLLECT

1.1. Information You Provide Directly

We collect only the minimum information necessary to deliver our products and services:

• Email address (for product delivery and account management)

• Billing location (country and, for US customers, state/territory)

• Order history and delivery records

• Account credentials (stored in hashed form)

• Customer support communications

Typically, this is limited to:

• (a) Email Address: We collect your email address for the purpose of delivering purchased digital products, sending transactional communications (order confirmations, product delivery, and essential service updates), and enabling you to retrieve previously purchased products. Your email address is stored in hashed form (using SHA-256) in our order database. The raw email address is retained only temporarily in an encrypted communication queue for the purpose of sending transactional emails, and is automatically deleted after delivery confirmation plus 30 days.

• (b) Billing Location: We collect your billing country and, for customers in the United States, your billing state or territory. This information is used to determine which privacy and consumer protection laws apply to your purchase and for aggregate geographic analytics. Billing location data is associated with your hashed email identifier, not your name or raw email address.

• (c) Order History and Delivery Records: We maintain records of your purchases (products ordered, dates, amounts) and delivery status (delivery timestamps, download records). This information enables you to re-access previously purchased products by providing your email address, which we hash and match against our order records.

• (d) Account Credentials: If you create an account, we store a hashed version of your password. We never store passwords in plain text.

• (e) Communications: If you contact us via email or our AI-powered support system, we retain the content of those communications to resolve your inquiry.

1.2. Information Collected Automatically

• (a) Analytics Data: We use Plausible Analytics, a privacy-focused, cookieless analytics service operated by Plausible Insights OÜ (Estonia). Plausible collects only aggregate, non-personally-identifiable data such as page views, referral sources, browser type, country-level geographic data, and custom conversion events (for example, which pricing tier a visitor selected, whether an order was submitted) that contain no personal information. No individual user profiles are created. No cookies, localStorage, fingerprinting, or other persistent identifiers are placed on your device. Plausible identifies "visitors" via a server-side hash of IP address and user agent that rotates daily and is never shared back to your browser. Plausible's processing is governed by their privacy policy at https://plausible.io/privacy.

• (b) Server Logs: Our servers automatically record limited technical information when you access our services, including IP address (anonymized within 24 hours), request timestamps, and the pages or resources you access. These logs are used solely for security monitoring and are automatically purged after 30 days.

1.3. Information We Do NOT Collect

We want to be explicit about what we do not collect:

• We do NOT collect payment card numbers, bank account details, or financial account information. All payment processing is handled entirely by our payment processor, Stripe, on their servers. Your payment data never touches our systems.
• We do NOT knowingly collect personal information from individuals under the age of 18. Our services are not directed at children, and we do not offer accounts or products designed for minors.
• We do NOT collect biometric data, government-issued identification numbers, health information, or other categories of sensitive personal data.
• We do NOT use tracking cookies, advertising pixels, social media trackers, or fingerprinting technologies.

2. HOW WE USE YOUR INFORMATION

We use the limited information we collect for the following purposes:

• (a) Product Delivery: To deliver purchased digital products to your email address or account.

• (b) Order Re-access: To enable you to retrieve and re-download previously purchased products by matching your provided email address against hashed order records.

• (c) Transactional Communications: To send order confirmations, delivery notifications, and essential service updates related to your purchases.

• (d) Customer Support: To respond to your inquiries submitted through our AI-powered support system or via email.

• (e) Regulatory Compliance Determination: To use your billing country and state to determine which privacy and consumer protection laws apply to your transactions.

• (f) Service Improvement: To analyze aggregate, non-identifiable usage patterns through Plausible Analytics to improve our products and services.

• (g) Security: To detect and prevent fraud, abuse, and unauthorized access to our systems.

• (h) Legal Compliance: To comply with applicable laws, regulations, and legal processes.

• (i) Dispute Resolution: To use information as may be reasonably necessary in connection with resolving disputes, enforcing our Terms of Service, or protecting the rights, property, or safety of Skipthink LLC, our customers, or the public.

We do NOT use your information for:

• Targeted advertising or behavioral profiling
• Sale or rental to third parties
• Automated decision-making that produces legal or similarly significant effects

3. AI-GENERATED CONTENT DISCLOSURE

Our products consist of AI-generated digital content. While we employ quality review processes, the content is produced using artificial intelligence systems. Your use of our products and any data you provide in connection with product customization or generation requests may be processed by AI systems to fulfill your order. We do not use your personal data or content to train our AI models.

For full details on how AI is used in our products, including our quality assurance processes, accuracy disclaimers, and EU AI Act compliance, please refer to our separate AI-Generated Content Disclosure document.

4. LEGAL BASES FOR PROCESSING (GDPR)

For individuals in the European Economic Area (EEA), the United Kingdom, and Switzerland, we process personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

• (a) Performance of a Contract (Article 6(1)(b)): Processing your email address and account information is necessary to deliver the digital products you purchase and to manage your account.

• (b) Legitimate Interests (Article 6(1)(f)): We process limited technical data (anonymized server logs, aggregate analytics) for security monitoring and service improvement. We have assessed that these interests do not override your fundamental rights and freedoms, given the minimal and non-identifying nature of the data processed.

• (c) Legal Obligation (Article 6(1)(c)): We may process data when required to comply with applicable laws, such as tax reporting obligations or lawful government requests.

• (d) Consent (Article 6(1)(a)): Where we rely on consent (for example, for optional marketing communications, if offered), you may withdraw consent at any time by contacting us at info@skipthink.com.

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals.

5. DATA SHARING AND THIRD PARTIES

We share your information only in the following limited circumstances:

• (a) Payment Processor: Stripe processes all payments as our payment processor. They receive your payment and billing information directly. Their processing of your data is governed by their own privacy policy. We receive from Stripe a transaction identifier, the product purchased, your email address, billing country, and (for US customers) billing state or territory.

• (b) Service Providers: We may use the following third-party service providers who process data on our behalf under contractual data processing agreements:

• Stripe (payment processing)

• Cloud hosting providers (for product delivery infrastructure)

• Email delivery services (for transactional emails)

• Plausible Analytics (cookieless website analytics; Plausible Insights OÜ, Estonia)

• (c) Legal Requirements: We may disclose your information if required to do so by law, in response to valid legal process (such as a court order or subpoena), or to protect the rights, property, or safety of Skipthink LLC, our customers, or the public.

• (d) Dispute Resolution: We may use and disclose your information as reasonably necessary to investigate, resolve, or defend against disputes, claims, or legal proceedings involving Skipthink LLC or its services.

• (e) Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before your information becomes subject to a different privacy policy.

We do NOT sell, rent, or trade your personal information to third parties for their marketing purposes. We have not sold personal information in the preceding 12 months.

6. INTERNATIONAL DATA TRANSFERS

Skipthink LLC is based in the United States. If you access our services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For transfers of personal data from the EEA, UK, or Switzerland to countries that have not received an adequacy decision from the European Commission, we rely on:

• (a) Standard Contractual Clauses (SCCs) approved by the European Commission, incorporated into our agreements with service providers.

• (b) Where applicable, other lawful transfer mechanisms recognized under Chapter V of the GDPR.

By using our services, you acknowledge that your information may be transferred internationally as described in this section.

7. DATA RETENTION

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy:

• (a) Account Data (email, hashed credentials): Retained for the duration of your account and for 90 days after account deletion to allow for reactivation.

• (b) Hashed Email Identifiers: Retained indefinitely in order records to enable product re-download. Because these identifiers cannot be reversed to obtain the original email address, they do not constitute directly identifiable personal data.

• (c) Raw Email Addresses: Stored temporarily in an encrypted communication queue solely for sending transactional emails. Automatically deleted after delivery confirmation plus 30 days.

• (d) Billing Location Data (country, state): Retained alongside order records for 7 years from the date of transaction to comply with tax and regulatory requirements.

• (e) Order History and Delivery Records: Retained for 7 years from the date of transaction to comply with tax and financial reporting obligations and to enable product re-download.

• (f) Support Communications: Retained for 2 years from the date of the last communication in the support thread, then automatically deleted.

• (g) Server Logs (anonymized): Retained for 30 days, then automatically purged.

• (h) Analytics Data: Aggregate analytics data collected by Plausible Analytics does not contain personal data and may be retained indefinitely. Because Plausible does not store identifiers on your device, no per-user retention applies.

After the applicable retention period, personal data is securely deleted or anonymized so that it can no longer be associated with you.

8. YOUR RIGHTS UNDER GDPR (EEA, UK, AND SWITZERLAND RESIDENTS)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the GDPR:

• (a) Right of Access (Article 15): You may request a copy of the personal data we hold about you.

• (b) Right to Rectification (Article 16): You may request correction of inaccurate or incomplete personal data.

• (c) Right to Erasure (Article 17): You may request deletion of your personal data, subject to legal retention obligations.

• (d) Right to Restriction of Processing (Article 18): You may request that we restrict processing of your personal data under certain circumstances.

• (e) Right to Data Portability (Article 20): You may request a copy of your personal data in a structured, commonly used, and machine-readable format.

• (f) Right to Object (Article 21): You may object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.

• (g) Right to Withdraw Consent (Article 7(3)): Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

• (h) Right to Lodge a Complaint: You have the right to lodge a complaint with your local supervisory authority (data protection authority).

To exercise any of these rights, contact our Data Protection Officer at info@skipthink.com. We will respond to your request within 30 days, as required by applicable law. We may request verification of your identity before processing your request.

9. YOUR RIGHTS UNDER CCPA (CALIFORNIA RESIDENTS)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• (a) Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the business purpose for collection, and the categories of third parties with whom it is shared.

• (b) Right to Delete: You may request deletion of your personal information, subject to certain exceptions (such as legal retention requirements).

• (c) Right to Correct: You may request correction of inaccurate personal information.

• (d) Right to Opt Out of Sale or Sharing: We do not sell or share (as defined by the CCPA) your personal information. There is no need to opt out, but you may still submit a request to confirm this.

• (e) Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise your CCPA rights, contact us at info@skipthink.com with the subject line "CCPA Request." We will verify your identity and respond within 45 days, as required by law.

Categories of personal information collected in the preceding 12 months:

• Identifiers (email address, hashed email identifier)
• Commercial information (purchase history, order history, delivery records)
• Geolocation data (billing country, billing state or territory)
• Internet or electronic network activity (aggregate analytics, anonymized server logs)

We have not sold personal information in the preceding 12 months and do not intend to do so.

10. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS 1.2 or higher)
• Encryption of sensitive data at rest
• Access controls limiting data access to authorized personnel
• Regular security assessments and monitoring
• Secure deletion procedures for expired data

While we take reasonable measures to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

11. DATA PROTECTION OFFICER

We have designated a Data Protection Officer (DPO) who can be contacted for any questions or concerns regarding this Privacy Policy or our data processing practices.

Skipthink LLC
d/b/a Skipthink.AI
1910 Thomes Avenue
Cheyenne, WY 82001
Email: info@skipthink.com

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• (a) Update the "Last Updated" date at the top of this Privacy Policy.
• (b) Notify you via email (if we have your email address) at least 30 days before the changes take effect.
• (c) Post the updated Privacy Policy on our website.

Your continued use of our services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

13. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Skipthink LLC
d/b/a Skipthink.AI
1910 Thomes Avenue
Cheyenne, WY 82001
Email: info@skipthink.com
Data Protection Officer: info@skipthink.com

For GDPR-related inquiries, please contact our Data Protection Officer directly at info@skipthink.com.

For CCPA-related requests, please email info@skipthink.com with the subject line "CCPA Request."