Privacy Policy

Effective date: 4 Jun 2026  ·  Last updated: 4 Jun 2026

The Leanova Method (“Leanova,” “we,” “us,” “our”) respects the privacy of every Warrior. This policy explains how we collect, use, protect, and share your personal information. This policy is designed to comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

1. Information We Collect

We only collect information you actively provide or that is necessary to deliver our service:

• At checkout (via Hotmart): name, email address, billing address, country, and payment information. Payment details are processed and stored by Hotmart as the Merchant of Record — we never see or store your full card number.
• While using the product: progress notes you choose to submit, replies to email coaching, your participation in the Premium Warriors Channel.
• When you contact support: the content of email messages you send us.
• Automatic (web analytics): IP address, browser type, pages visited — collected anonymously and in aggregate via standard server logs and Cloudflare analytics.

2. How We Use Your Information

Your information is used only to:

• Deliver the digital products you purchased (Blueprint PDF, Masterclass videos, etc.)
• Send the 30-day coaching email sequence (a paid product feature)
• Respond to your customer support questions
• Send Warrior testimonials and new product announcements to opted-in customers (you may unsubscribe at any time)
• Comply with legal obligations (tax reporting, fraud prevention) if requested by authorities

We NEVER: sell your data to third parties, send cold emails to purchased lists, or share your data without your consent.

3. Third-Party Service Providers

We use trusted third-party services strictly for operational functions:

• Hotmart Inc. — Merchant of Record. Handles all checkout, payment processing, tax calculation, billing, and refunds. See Hotmart Privacy Policy.
• Cloudflare, Inc. — CDN, DNS, and security protection. See Cloudflare Privacy Policy.
• Twilio SendGrid — delivery of transactional and marketing email. See Twilio Privacy Policy.
• Kit.com (formerly ConvertKit) — email sequence delivery for international customers.
• Telegram — the optional Premium Warriors Channel (you opt in after purchase).
• Google Analytics / Cloudflare Analytics — aggregate, anonymized site usage statistics.

Each provider is bound by their own privacy policies and may only use your data for the purpose of providing their service to us.

4. Cookies and Tracking

Our website uses minimal cookies for basic functionality (session, language preference). We do not use third-party tracking cookies for advertising. We may use a single Facebook Pixel and/or Google conversion pixel solely to measure ad campaign effectiveness for visitors who arrive via paid ads — this data is aggregated and not used for cross-site profiling. Email open-rate and click-through pixels are used in line with standard industry practice for transactional and opt-in marketing email.

5. Your Rights Over Your Personal Data

You have full rights over your personal data, including (under GDPR / CCPA):

• Right to access — request a copy of the data we hold about you
• Right to rectification — request correction of inaccurate data
• Right to erasure (right to be forgotten) — request deletion of your account and data
• Right to object — unsubscribe from marketing email at any time (link in every email)
• Right to data portability — request export of your data in a machine-readable format
• Right to opt out of sale of personal information (CCPA) — note: we do not sell personal information, so this right is automatically respected

To exercise any of these rights, email [email protected] with subject “Data Privacy Request.” We will respond within 30 days (GDPR standard).

6. Data Security

We use industry-standard security practices: HTTPS/TLS-encrypted connections, restricted database access, hashed customer passwords, and need-to-know employee access. Despite this, no system is 100% secure; if a data breach occurs, we will notify affected customers within 72 hours (per GDPR Art. 33).

7. Data Retention

Customer data is retained while the account is active and for 24 months after the last purchase (for audit and support purposes). After that period, data is anonymized or deleted, except where legal obligations require longer retention (e.g., tax records under Indonesian law: 10 years).

8. Children

Leanova services are intended for adults (18+). We do not knowingly collect data from anyone under 18 years of age. If you are a parent and discover your child has provided us data, please contact us for removal.

9. International Data Transfers

Some service providers (Hotmart, Cloudflare, SendGrid) process data in servers located in the United States, European Union, and other regions. These providers maintain GDPR-compliant standards including Standard Contractual Clauses (SCCs). By using our service, you consent to this international data transfer.

10. Changes to This Policy

This policy may be updated from time to time. Material changes will be notified via email to active customers. The “Last updated” date above always reflects the current version.

11. Contact

Questions about this privacy policy?

Email: [email protected]
Web: start.leanova.pro