Privacy Policy
This document explains how Nailonomics collects, uses, and protects your personal information. Nailonomics respects your privacy and only uses your data to serve you.
1. Information we collect
1.1 When you place an order
- Email (you enter at checkout)
- Name (optional, from your card)
- Shipping address (Combo $197 only, for the physical book)
- Payment information (processed entirely by Stripe; Nailonomics never sees or stores card numbers)
1.2 When you log in and read
- Email and hashed password (PBKDF2, never stored in plain text)
- Session ID (HMAC-signed cookie, limited to one device at a time)
- IP address and User-Agent (for new-device detection and rate limiting)
- Reading progress (current chapter, used to resume from last position)
- Activity log (login, chapter views, password changes; last 30 events)
1.3 When you submit the Checklist form
- Email and source tag (20-Errors Checklist)
1.4 Automatically (all visitors)
- Cloudflare Analytics: page views, country, browser. No cookies, no personalization.
- Google Tag Manager / Analytics: aggregate behavior (marketing pages only; not on book.nailonomics.com).
2. Where your data is stored
| System | Data | Purpose |
|---|---|---|
| Cloudflare D1 (US) | Email, password hash, sessions, reading progress, activity log | Account and reader operation |
| Stripe (US) | Payment information, invoices, cards | Transactions, fraud prevention, disputes |
| GoHighLevel + Mailgun (US) | Email, name, tags | Transactional emails (order, password reset, alerts) |
| Cloudflare Pages / CDN | IP, request logs (24h) | Security and performance |
3. How we use your data
- Authenticate your account and grant access to the book
- Send transactional email (order confirmation, password reset, new-device alerts)
- Detect account sharing and abnormal access
- Improve the product based on aggregate analytics (no personalization)
- Send book updates and supplementary content via email (you can opt out anytime)
4. What we do NOT do
- We do not sell data to third parties
- We do not share email lists with other businesses
- We do not retarget via Facebook/Google Pixel on book.nailonomics.com
- We do not store credit card numbers (Stripe handles them)
- We do not read your password (only the hash is stored)
5. Cookies and tracking
Cookies we set
- nailo_session: HTTP-only, HMAC-signed cookie, valid 30 days, used to maintain login (essential; cannot be disabled if you want to read the book)
Third-party cookies
- Stripe: sets cookies on their checkout page for fraud prevention
- Google Tag Manager: marketing pages only (nailonomics.com); not on the book reader
6. Your rights
You have the right to:
- View all data we hold about you (visit your account page or email us)
- Change your password and email at any time
- Delete your account (email [email protected]; we delete within 7 days, except transaction records required for US tax law)
- Opt out of marketing email (unsubscribe link at the bottom of every email)
- Request a copy of your data (CSV/JSON, delivered within 14 days)
7. California residents (CCPA)
Under the California Consumer Privacy Act, CA residents have additional rights: request a list of data collected in the past 12 months, request deletion, and "do not sell" (Nailonomics does not sell data, so this is always honored).
8. Children
The product is intended for adult business owners. We do not knowingly collect data from children under 13.
9. Security
Data is stored in Cloudflare D1 with automatic at-rest encryption. Passwords are hashed with PBKDF2 (100,000 iterations + random salt). Session cookies are signed with HMAC-SHA256. All traffic uses enforced HTTPS. No system is perfectly secure, but we apply industry best practices.
10. Changes to this policy
When this policy changes materially, we will notify customers by email. The current version is always available at this URL.
11. Contact
Privacy questions or data deletion requests: [email protected].
Nailonomics · Austin Nguyen · Houston, TX