CROSSGEN.AIRegister Now
Privacy Policy

Privacy Policy.Plain language. California law. What we collect, why we collect it, and how to make us delete it.

Last updated May 10, 2026

1. Plain-language summary

We do not put third-party analytics or advertising trackers on this site. We collect what you give us in the registration form, the marketing-source query parameters in the URL, and what Stripe shares with us when you pay. We do not sell or share your personal information. California residents have specific rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and those rights are honored here regardless of whether the statutory revenue thresholds apply to us.

2. Categories of personal information we collect

Identifiers: your name, email address, and IP address.

Customer records: your company name and optional job title.

Commercial information: the cohort seat you purchased, the price you paid, and the date of purchase.

Internet or other electronic network activity: the pages you viewed on this site, the referring URL, your browser's user agent, and the date and time of the visit.

Marketing source: the utm_source, utm_medium, and utm_campaign parameters that appeared in your URL when you arrived, if any.

Payment confirmation: the transaction reference, amount, and timestamp Stripe returns to us after a successful charge. Stripe holds the card data. We never see it and never store it.

3. Sources we collect it from

Directly from you, through the registration form or any email you send us.

Automatically from your browser when you load the site, in standard server access logs.

From Stripe, when you complete a purchase, limited to the payment confirmation fields above.

4. Why we collect it (business and commercial purposes)

To deliver the cohort to you: name, email, company, title.

To send you the calendar invite, the purchase confirmation, and operational messages about your cohort: email.

To understand which marketing channels work: the marketing-source parameters.

To satisfy tax, accounting, and recordkeeping obligations: the payment record.

To operate and secure the site: server access logs.

5. Sale, sharing, and behavioral advertising

We do not sell your personal information. We do not share it for cross-context behavioral advertising. We do not enrich it against third-party data brokers. We do not load Google Analytics, Meta Pixel, LinkedIn Insight, TikTok Pixel, or any other client-side advertising or analytics tracker.

In the twelve months preceding this update, we have not sold or shared the personal information of any consumer for any purpose. We have no plans to.

6. Sensitive personal information

We do not collect government identifiers (driver's license, passport, Social Security number), precise geolocation, biometric data, health data, racial or ethnic origin, religious beliefs, union membership, the contents of your private communications, or any other category the CPRA classifies as sensitive personal information. Payment-card data is sensitive, but Stripe holds it. Stripe never returns the full card number to us, and we never store it.

7. Who we share it with (service providers)

Stripe, for payment processing. Stripe's handling of your data is governed by Stripe's privacy policy.

Our transactional email provider, for sending the calendar invite and the purchase confirmation.

Our hosting provider, where the site, its database, and its logs run.

Each service provider is bound by contract to use the data only for the purpose we engaged them for. None of them is authorized to sell or share the data.

8. How long we keep it

Marketing-source parameters and server access logs: 90 days, then deleted.

Registration data (name, email, company, title): 7 years from the date of purchase, to satisfy tax and accounting requirements. Then deleted.

Payment records: 7 years from the date of purchase, for the same reason.

Email content we have sent you: 2 years.

If you ask us to delete your data before a retention window closes, we will delete what we are legally allowed to delete and keep only the records that tax and accounting law require us to keep.

9. Where it lives and how it is protected

Registration data lives in our internal database, encrypted at rest. It is replicated to our internal CRM and teaching systems so we can deliver the cohort.

Payment-card data lives on Stripe's systems.

Access logs and email send records live with the providers named above.

We use standard administrative, technical, and physical safeguards to protect personal information against unauthorized access, alteration, disclosure, or destruction.

10. Your California privacy rights

If you are a California resident, the CCPA, as amended by the CPRA, gives you the following rights:

Right to know. You can ask us to tell you what categories of personal information we have collected about you, the sources, the business and commercial purposes, the categories of third parties we shared it with, and the specific pieces of personal information we hold.

Right to delete. You can ask us to delete the personal information we collected from you, subject to a narrow set of statutory exceptions (most relevant here: records we are required to keep for tax and accounting purposes).

Right to correct. You can ask us to correct inaccurate personal information.

Right to opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising, so there is currently nothing to opt out of. If we ever change that, we will say so on this page and offer an opt-out before we do.

Right to limit the use of sensitive personal information. We do not collect sensitive personal information, so this right does not currently apply.

Right to data portability. You can ask us to send you your personal information in a structured, machine-readable format.

Right to non-discrimination. We will not deny you service, charge you a different price, or provide a different quality of service because you exercised any of these rights.

11. How to exercise your rights

Email sean@crossgen-ai.com from the email address tied to your registration. Tell us which right you want to exercise. We acknowledge requests within 10 business days and respond substantively within 45 days, usually sooner. The CCPA permits one 45-day extension if a request is complex. We will tell you in writing if we need one.

We may need to verify your identity before acting on a request. For someone registered for the cohort, verification is typically a confirmation reply from the email address on file. For requests outside that loop, we will ask for enough information to reasonably confirm you are who you say you are, and no more.

You may designate an authorized agent to make a request on your behalf. The agent must provide signed written authorization from you, and we may still ask you to verify your identity directly.

12. Do Not Track and Global Privacy Control

Some browsers send a Do Not Track signal or a Global Privacy Control signal. We do not engage in cross-context behavioral advertising and we do not sell personal information, so there is no tracking or sale for these signals to opt you out of. If our posture ever changes, we will treat the Global Privacy Control signal as a valid opt-out request, as required by California regulation.

13. Cookies and similar technologies

The public landing page does not set tracking cookies. A small number of strictly necessary, session-scoped cookies may be used to keep your registration form in sync between the page you are on and the payment confirmation. If we add an optional newsletter signup, a logged-in portal, or any feature that uses cookies for any other purpose, we will update this page before doing so.

14. Shine the Light

Under California Civil Code section 1798.83, California residents may request, once per calendar year, information about personal information we have disclosed to third parties for those third parties' own direct marketing purposes in the prior calendar year. We do not disclose personal information to any third party for that purpose, so the response to any such request is: none.

15. Children

The cohort is for adults. We do not knowingly collect personal information from anyone under the age of 16. If you believe a child has provided personal information to us, write to sean@crossgen-ai.com and we will delete it.

16. Data breach notification

If a security breach affecting your personal information occurs, we will notify you in the most expedient time possible and without unreasonable delay, consistent with California Civil Code section 1798.82, allowing for any reasonable hold required by law enforcement and any time reasonably necessary to determine the scope of the breach and restore the integrity of the system. The notice will describe what happened, what categories of data were involved, and what steps we are taking.

17. Governing law

This Privacy Policy is governed by the laws of the State of California, without regard to its conflict-of-laws rules. Disputes about this policy are subject to the same governing-law and venue provisions as our Terms of Service.

18. Changes to this policy

We may update this policy. Material changes are announced to registered participants by email. The version applicable to a given visit is the version published on the date of that visit. Prior versions are available on request.

19. Contact

Privacy questions, data-rights requests, and anything else covered by this policy: sean@crossgen-ai.com.