Privacy Policy

Dividend Growth Machine LLC (“DGM”, “we”, “us”, “our”)
Effective date: October 31, 2025 • Last updated: October 31, 2025

This Privacy Policy explains how we collect, use, disclose, and protect information about visitors and users of our websites, web applications, dashboards, analytics, emails/newsletters, and related services (the “Services”). It applies to anyone who visits or uses the Services, whether or not they create an account.

By using the Services, you acknowledge this Privacy Policy. If you do not agree, do not use the Services.

1) Who we are & how to contact us

Controller: Dividend Growth Machine LLC
Postal: 6741 Black Oak W Ct / Avon, IN, USA
Privacy email: nathan@dividendgrowthmachine.com
Data Protection Officer (DPO): Not appointed. You can reach our privacy team at the email above.

2) Scope & third-party services we rely on

This Policy covers the Services we operate and control. Some features rely on third parties we do not control (for example: Lemon Squeezy as merchant-of-record for payments; Patreon/YouTube memberships; email delivery; analytics/hosting; error monitoring). Their privacy policies govern their handling of data. Where they act as independent controllers (e.g., Lemon Squeezy, Patreon, YouTube), they determine their own purposes and means of processing.

3) Notice at collection: what we collect, why, and how long we keep it

We collect the categories below from you, from your device/browser, and from service providers. We retain data only as long as needed for the stated purposes or as required by law. Illustrative retention periods are shown; actual retention follows the criteria in §9.

Category (examples)	Sources	Purposes of use	Typical retention
Identifiers (name, email, username, IP address, device IDs)	You; device; service providers	Account creation, login, security, support, legal compliance, communications	Life of account + up to 3 years
Commercial info (plan, transactions, refund/cancel status)	You; Lemon Squeezy	Billing, fraud prevention, support, tax compliance	Transaction + 7 years (tax/audit)
Usage data (pages viewed, feature use, timestamps, referral)	Device/SDKs; logs	Operate and improve Services, security/abuse detection, analytics	12–24 months (then aggregated/de-identified)
Device/technical data (browser, OS, screen, cookies)	Device/SDKs	Performance, debugging, session management, authentication	12–24 months
User content (messages you send us, feedback)	You	Support, product improvement, recordkeeping	Life of account + up to 3 years
Inferences (basic preferences derived from use)	Analytics	Personalize product experience, quality improvement	12–24 months
Sensitive personal information	We do not seek SPI. See §4.	—	—

We do not collect payment card numbers; checkout is handled by Lemon Squeezy.

4) No regulated/sensitive data

Do not upload health information (HIPAA), payment card data (outside the processor’s checkout), government-issued IDs, children’s data, or other sensitive personal data not required by the Services. We are not a HIPAA business associate.

5) How we use information (purposes)

Provide the Services (accounts, dashboards, rankings, downloads, newsletters).
Authenticate and secure (fraud/abuse prevention, debugging, incident response).
Process transactions (via Lemon Squeezy) and maintain billing records.
Communicate (service notices, policy changes, product updates; marketing with your consent or as permitted).
Improve and develop the Services (analytics, A/B testing, feature tuning).
Comply with law and enforce our Terms of Service (including investigations).
De-identify or aggregate for statistics and product improvement.
We do not use personal information to make automated decisions that produce legal or similarly significant effects.

Withdrawal of consent (consequences). Where we rely on consent (e.g., non-essential cookies/analytics/marketing), you may withdraw it at any time via Cookie Settings or by contacting us. Withdrawal does not affect prior processing and may limit features that rely on the withdrawn processing (e.g., personalization, certain email updates).

6) Disclosures to third parties

We disclose personal information to:

Service providers/processors acting on our instructions (hosting, storage, email, logging/security, analytics, customer support).
Payment/Merchant of Record: Lemon Squeezy acts as independent controller for checkout, tax/VAT, fraud screening, and receipts.
Membership platforms: Patreon and YouTube for memberships you initiate there.
Professional advisors (legal/accounting) and authorities where required by law or to protect rights, safety, and security.
Business transfers (merger, acquisition, asset sale).

We do not allow processors to use your data for their own marketing. We do not sell personal information for money.

6A) Law-enforcement & government requests

We disclose personal information to law-enforcement or government authorities only in response to valid and facially sufficient legal process (e.g., subpoena, court order, or search warrant) or where we believe disclosure is necessary to prevent imminent harm. We contest overbroad or unlawful requests. Where legally permitted, we provide advance notice to affected users before producing data.

7) Selling/Sharing & targeted advertising

California (CPRA). We do not “sell” personal information for monetary consideration. If we ever engage in “sharing” for cross-context behavioral advertising (e.g., ad-retargeting cookies), we will provide a “Do Not Sell or Share My Personal Information” link and honor the Global Privacy Control (GPC) signal.
Colorado/Connecticut/Virginia/Utah. If we engage in targeted advertising or certain profiling, we will offer the required opt-out and disclosures.
Today. Our default configuration is analytics-only and product improvement; if this changes to include adtech, we will update this Policy, the cookie banner, and controls.

8) Your choices & privacy rights

Email & marketing

Opt out of marketing emails using the unsubscribe link in any message. Transactional/account notices will still be sent.

Cookies & tracking

Manage non-essential cookies via Cookie Settings (/cookie-settings) and your browser. Where required, we obtain consent before setting non-essential cookies and we honor GPC.

US state privacy rights (summary)

Depending on your state (e.g., CA, CO, CT, VA, UT), you may have rights to access, delete, correct, portability, and to opt out of sale/share/targeted advertising.

Submit a request: email nathan@dividendgrowthmachine.com with your account email and request type.
Verification: we may require email verification or additional information.
Response time: 45 days (extendable as permitted).
Appeal (CO/CT/VA): If we deny your request, email us with “Appeal” in the subject. If unresolved, you may contact your state attorney general.

EU/UK (GDPR/UK GDPR) rights and timelines

If you are in the EU/UK, you may have rights to access, rectification, erasure, restriction, portability, and objection (including to direct marketing and processing based on legitimate interests).

We respond within one month of receipt (extendable by two months for complex/numerous requests).
Contact: nathan@dividendgrowthmachine.com.

9) Data retention

We retain personal information only as long as necessary for the purposes in §5, to comply with legal/tax/accounting obligations, to resolve disputes, and to enforce agreements. When we no longer need personal information, we delete or de-identify it. We periodically review retention by category (see §3 table) and document our schedules.

10) Security

We use reasonable administrative, technical, and physical safeguards appropriate to the nature of the data (e.g., encryption in transit, access controls, logging, least-privilege). No method is 100% secure. You are responsible for maintaining the security of your devices, credentials, and network.

11) Data location & international transfers

Data location. We primarily store and process personal information in the United States (and in other locations where our service providers operate, as listed in Annex A).

EU/EEA/UK transfers. If you access the Services from the EU/EEA/UK, your personal data may be transferred to the United States. Where required, we use Standard Contractual Clauses (SCCs) and complementary measures with processors. Our legal bases (GDPR) are contract performance, legitimate interests (operate, secure, improve), legal obligation, and consent where applicable (e.g., non-essential cookies).

12) Children’s privacy

The Services are not directed to children. We do not knowingly collect personal information from persons under 18. If you believe a child has provided personal information, contact nathan@dividendgrowthmachine.com and we will delete it.

13) Do Not Track

Your browser may send Do Not Track (DNT) signals. At this time, we do not respond to DNT. We do honor Global Privacy Control (GPC) as described in §§7–8.

14) Links to other sites

Our Services may include links to third-party sites or embedded content. Those sites are not under our control, and their privacy practices apply. Review their policies for details.

15) Business transitions

If we are involved in a merger, acquisition, reorganization, or sale of assets, personal information may be transferred as part of that transaction, subject to this Policy.

16) Changes to this Policy

We will post updates here with a new “Last updated” date. If we make material changes, we will provide a prominent notice (e.g., in-app banner or email). Your continued use after the effective date constitutes acknowledgment.

17) How to contact us

Questions or requests about this Policy or your personal information:
Email: nathan@dividendgrowthmachine.com`
Postal: Dividend Growth Machine LLC, 6741 Black Oak W Ct / Avon, IN, USA

18) California (CPRA) disclosures

Categories collected (past 12 months): Identifiers; Commercial information; Internet/usage data; Geolocation (coarse, from IP); Inferences.
Sources: You; your devices; processors; transaction processors (Lemon Squeezy).
Purposes: See §5.
Disclosures: We disclose to service providers/processors (§6). We do not sell personal information for money. We do not share personal information for cross-context behavioral advertising unless explicitly stated and controllable via a Do Not Sell or Share link.
Sensitive Personal Information: Not used or disclosed for additional purposes requiring a right to limit.
Non-discrimination: We will not discriminate against you for exercising your rights, though some features may require certain data to function.

19) Cookie/Tracking notice (summary)

We use essential cookies (security, session, load balancing) and non-essential cookies (analytics, product improvement).

On first visit where required, we show a cookie banner that allows Accept All / Reject All / Save Preferences, links to Cookie Settings, and references this Policy.
You can change preferences anytime via Cookie Settings (/cookie-settings) and through your browser.

20) Cross-references & incorporation

This Policy is referenced by and incorporated into our Terms of Service.
For customers that require it, we offer a Data Processing Addendum (DPA) (including SCCs where applicable). Contact nathan@dividendgrowthmachine.com.

Annex A – Service providers and subprocessors (illustrative; keep current on your site)

Maintain this as a living list or link to a hosted page you can update without republishing the whole Policy.

Provider	Role	Data categories	Location	Transfer mechanism
Supabase	Hosting, authentication, database	Identifiers, usage, account metadata	USA/EU (as configured)	DPA + SCCs (if applicable)
Lemon Squeezy	Merchant of record, payments, tax/VAT	Identifiers, transaction metadata	USA/EU/UK	Independent controller (see their policy)
Email service (e.g., Postmark/Mailgun/SES)	Transactional email	Identifiers, service notices	USA/EU	DPA + SCCs (if applicable)
Error monitoring/logging (e.g., Sentry)	Diagnostics	Usage/technical data	USA/EU	DPA + SCCs (if applicable)
Analytics (privacy-centric)	Product analytics	Usage/inferences	As configured	DPA + SCCs (if applicable)

Publish checklist (implementation)

Footer: Terms of Service • Privacy Policy • Do Not Sell or Share (if applicable) • Cookie Settings.
Checkout/Sign-up: “By creating an account, you agree to the Terms of Service and acknowledge the Privacy Policy,” with both links visible.
Cookie banner: respect GPC; provide Reject All in jurisdictions that require it.
Requests log: track incoming privacy requests, verification, and dispositions.
Keep Annex A aligned with your actual vendors. If you later add adtech, update §§7–8, the banner, and this Annex.