What we collect, how we use it, and your rights.

Stark Method is operated by Stark Method LLC. You can reach us at cs@collinstark.com for any privacy question.

We collect three categories of information:

1. Information you give us — name, email, phone, company, role, and anything you write in a contact form or send us by email. Provided voluntarily when you inquire about Partner engagements, sign up for content, or join a call.
2. Information we collect automatically — pages visited, links clicked, emails opened, IP address, device, browser. Collected through standard analytics, cookies, and email tracking pixels.
3. Information from third parties — when you're introduced via referral or shared connection, we receive the basic professional data they share.

• To respond to inquiries and operate Partner engagements
• To send emails you've subscribed to (you can unsubscribe anytime)
• To improve our website, content, and offers
• To measure which campaigns and pages convert
• To comply with legal obligations (tax records, contract retention, fraud prevention)

We do not sell your data. We do not share it with advertisers. We do not profile you for purposes you didn't agree to.

When you become a Stark Method Partner, we operate systems on your behalf. The data we touch includes your customer lists, content, communications, and analytics across the platforms you've authorized (Klaviyo, Shopify, Gmail, Cloudflare, Supabase, etc.).

You remain the data CONTROLLER for your customers' information. We act as the data PROCESSOR. We sign a Data Processing Agreement (DPA) with every Partner spelling out exactly what we do, how we secure it, and how it gets returned or deleted at the end of the engagement.

Request a copy of the current DPA template at cs@collinstark.com.

We use these service providers to run our business. They receive only the data needed to do their job:

• Klaviyo — email delivery and analytics
• Cloudflare — content delivery and DDoS protection
• Vercel — website hosting
• Supabase — database and authentication
• Google (Gmail, Drive, Calendar) — email, file storage, scheduling
• Frame.io — video review (where applicable)
• Stripe / PayPal — payment processing

Each provider has its own privacy policy. We've reviewed and signed Data Processing Agreements where required.

• Active Partner data: for the duration of the engagement
• Past Partner data: retained for 30–90 days after off-boarding per contract, then deleted
• Prospect / lead data: up to 2 years if no engagement, then deleted
• Email subscribers: until you unsubscribe
• Financial / tax records: 7 years per IRS requirements
• Analytics / behavior data: up to 24 months in identifiable form, then aggregated

You can:

• Access — request a copy of every piece of data we hold on you
• Correct — fix anything that's wrong
• Delete — ask us to wipe your data entirely (subject to legal retention windows)
• Port — get your data in a machine-readable format to take elsewhere
• Object — tell us to stop processing for specific purposes
• Unsubscribe — every email has an unsubscribe link; works one-click

Email cs@collinstark.com with the subject "Privacy request" and we'll respond within 30 days.

For EU residents: you also have the right to lodge a complaint with your local Data Protection Authority. For California residents: see our CCPA disclosure section below.

We use a small number of cookies and tracking pixels:

• Essential cookies — let the site work (login, language)
• Analytics cookies — let us see which pages get read and which links get clicked (our own first-party tracker — see the Tracker component on every page)
• Email tracking pixels — let us see open and click rates on emails you've subscribed to

We don't use third-party advertising trackers. We don't sell cookie data.

We protect your data with:

• HTTPS / TLS encryption in transit
• Encryption at rest on all databases
• Row-level access controls on every table holding personal data
• Daily encrypted backups
• Rotated keys and limited access roles
• Incident response plan with 24-hour notification window

We can't promise breaches are impossible. We can promise we've put the right defenses in place and that we'll tell you fast if something goes wrong.

Our services are not directed at anyone under 16. We don't knowingly collect data from children. If you believe we have, email cs@collinstark.com and we'll delete it.

We may update this policy as the business evolves. Material changes will be flagged at the top of the page and emailed to anyone on our list. The "Last updated" date always reflects the current version.

Questions, complaints, requests — all to: cs@collinstark.com