Legal
Privacy
We collect what the forms ask for, store it with the processors named below, and sell none of it.
What we collect
- Newsletter: your email address when you subscribe.
- Booking: the name, email, and three qualifier answers you enter to book a call, handled through Cal.com.
- Plans and leads: the contact details and selections you submit when you generate a plan, ask us to email it to you, or ask to talk it through.
- Dashboard: if you sign in, your email address and a session record. We use passwordless sign-in links; we never ask for or store a password.
- Payments: processed by Stripe. We receive a confirmation and the plan it relates to, never your card number.
- Email you send us: whatever you choose to put in it.
What we do with it
We use your information to run the service you asked for: send the essays you subscribed to, book and prepare for your call, build and price your plan, sign you in, take payment, and reply to you. We do not sell your information, and we do not share it for anyone else's advertising.
Analytics
We use Google Analytics to count page views and key events in aggregate so we can understand how the site is used. It sets first-party analytics cookies in your browser. We do not attach analytics to your name or email, and we do not use it for advertising.
Cookies
We set a sign-in session cookie on the dashboard, but only after you sign in. Google Analytics sets first-party analytics cookies to measure aggregate usage. The Cal.com and Stripe embeds set their own cookies scoped to their own frames when you use them. That is the entire cookie surface.
Who processes your data
We use a small, named set of processors. Each handles only what its job requires.
| Processor | What it handles |
|---|---|
| Beehiiv | Newsletter list and delivery. Receives your email when you subscribe. |
| Cal.com | Call booking. Receives the name, email, and qualifier answers you enter to book. |
| Stripe | Payments. Handles card details directly; we never see or store your card number. |
| Brevo | Transactional email (sign-in links, plan and booking confirmations, our own notifications). |
| Google Analytics | Aggregate site analytics (page views and key events) to understand traffic. |
| Cloudflare | Hosting, content delivery, and Turnstile spam protection on forms. |
How long we keep it
We keep subscriber and lead records for as long as you stay subscribed or in conversation with us, and as long as we need them for our own records. Newsletter subscriptions log only a one-way hash of your email for our internal counts, not the address itself. Sign-in links expire in fifteen minutes and are single-use; sessions and expired tokens are pruned automatically. Ask us to delete your data and we will, except where we are required to keep a record (for example, a payment receipt).
Your choices
Unsubscribe from any newsletter with the link in its footer. To see, correct, or delete the information we hold about you, email hello@oftencited.com and we will handle it.
Security
Data is stored on Cloudflare's infrastructure and reached only through our application, never directly. Sign-in tokens are stored hashed, never in the clear. Secrets and API keys are held as encrypted environment bindings, never in our code.
Changes and contact
If this policy changes materially, we will update the date above. The operating entity behind OftenCited and its registered address are available on request. Questions about your data go to hello@oftencited.com.