Legal

Privacy Policy

Last updated: April 25, 2026

Plain language summary:

The Clinic collects your email and basic account info to deliver content you signed up for. We don't sell your data. We don't share it with advertisers. We use a small set of standard services (Ghost, Stripe, Discord, Mailgun, Cloudflare) to operate the site. You can request your data or its deletion anytime by emailing the address at the bottom.

1. Who We Are

This Privacy Policy describes how The Clinic ("we," "us," "the Publisher," or "the Site"), operating at theinvestingclinic.com, collects, uses, stores, and protects information about visitors, members, subscribers, and users (collectively, "you"). By using the Site or subscribing to any membership tier, you agree to the practices described below.

This Policy applies to data collected through the Site, our newsletter, our payment system, and any associated community platforms (including our Discord server) operated by the Publisher.

2. What We Collect

We collect only the minimum information needed to operate the Site and provide the services you've signed up for.

When you create an account or subscribe:

  • Email address — required to create an account, send newsletters, and provide member access
  • Name (optional) — first name only, if you choose to provide it
  • Payment information — handled directly by Stripe; we do not store your full card number, CVV, or bank account details on our servers
  • Subscription tier and billing history — to manage your access

Automatically when you visit the Site:

  • IP address — captured by our hosting and security infrastructure (Ghost, Cloudflare)
  • Browser type, device type, and operating system
  • Pages viewed and approximate time spent
  • Referrer URL — the page or source that sent you to our Site
  • Cookies and session tokens — used to keep you logged in and to remember preferences (see Section 6)

If you connect your Discord account:

  • Discord user ID — used to assign your tier role in our community server
  • Discord username — for moderation and identification within the server

We do not collect biometric data, precise GPS location, social security numbers, government-issued ID numbers, health information, or data about minors under 13 (see Section 9).

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your account
  • Process subscription payments and send billing receipts
  • Deliver newsletters, posts, and other content you've subscribed to
  • Assign and manage your Discord community access if you choose to link your account
  • Respond to support requests and communications you send us
  • Detect and prevent fraud, abuse, and security threats
  • Comply with legal obligations and respond to lawful requests from authorities
  • Understand how the Site is used so we can improve content and features

We do not use your information for behavioral advertising, sell it to data brokers, or share it with third parties for their independent marketing purposes.

4. Third-Party Services We Use

We rely on a small set of established service providers to operate the Site. Each of them processes some user data on our behalf, under contractual data-protection terms. Below is the full list, what they do, and where to read their own privacy policies.

Ghost (publishing platform)

Ghost hosts the Site, manages member accounts, and sends newsletter emails. Data processed: email, name, account activity, IP address. Privacy policy: ghost.org/privacy.

Stripe (payment processor)

Stripe processes all subscription payments. Data processed: name, email, payment card information, billing address. We never see or store your full card number. Privacy policy: stripe.com/privacy.

Mailgun (email delivery)

Mailgun delivers our newsletters and transactional emails on Ghost's behalf. Data processed: email address, send/open/click events. Privacy policy: mailgun.com/privacy-policy.

Cloudflare (security and content delivery)

Cloudflare provides DDoS protection, caching, and content delivery for the Site. Data processed: IP address, browser fingerprint, request metadata. Privacy policy: cloudflare.com/privacypolicy.

Discord (community platform)

If you link your Discord account to your subscription, we share your Discord user ID with our Cloudflare-hosted integration to assign tier roles. Linking is optional. Privacy policy: discord.com/privacy.

Analytics (optional)

We may use a privacy-respecting analytics tool (such as Plausible, Fathom, or Google Analytics) to understand aggregate Site traffic patterns. If we use Google Analytics, IP addresses are anonymized before storage. We will update this Policy if we add or change analytics providers.

5. How Long We Keep Your Data

We retain your data only as long as we have a legitimate reason to keep it.

  • Account data — kept while your account is active and for up to 24 months after cancellation, to handle refund disputes, tax records, and support inquiries
  • Newsletter subscription data — kept until you unsubscribe; unsubscribed addresses are retained on a suppression list to honor your preference
  • Billing records — kept for at least 7 years, as required by U.S. tax law
  • Server logs (IP, browser, request data) — kept for up to 90 days for security and abuse prevention
  • Discord linkage records — kept while your subscription is active and deleted within 30 days of cancellation

6. Cookies and Tracking

The Site uses a small number of cookies and similar technologies. We do not use third-party advertising cookies, behavioral tracking pixels, or session replay tools.

Strictly necessary cookies:

  • Authentication tokens — keep you logged in to your member account
  • Session cookies — set by Ghost and Cloudflare to operate the Site securely

Functional / analytics cookies:

  • Used to count visitors and understand which pages are read most. Aggregated, not tied to individual identity.

Most browsers let you block or delete cookies via your browser settings. Blocking strictly-necessary cookies will prevent you from logging in. Blocking analytics cookies has no effect on your access.

7. Your Rights — California (CCPA / CPRA)

If you're a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you the following rights regarding your personal information:

  • Right to know — what personal information we have collected about you, how we use it, and who we share it with
  • Right to delete — request deletion of your personal information, subject to certain exceptions (such as legal record-keeping requirements)
  • Right to correct — request that we correct inaccurate personal information
  • Right to opt out of sale or sharing — we do not sell or share personal information for cross-context behavioral advertising, but you have the right to opt out if our practices ever change
  • Right to limit use of sensitive personal information — we don't collect sensitive personal information as defined under CPRA
  • Right to non-discrimination — we will not deny service, charge a different price, or provide a different quality of service if you exercise any of these rights

To exercise any of these rights, email doc@theinvestingclinic.com with the subject line "California Privacy Request." We will verify your identity and respond within the time period required by law (typically 45 days).

8. Your Rights — European Union and United Kingdom (GDPR / UK GDPR)

If you are located in the European Union, the European Economic Area, or the United Kingdom, the General Data Protection Regulation (GDPR) and UK GDPR give you the following rights:

  • Right of access — receive a copy of the data we hold about you
  • Right of rectification — correct inaccurate or incomplete data
  • Right of erasure ("right to be forgotten") — request deletion, subject to lawful retention obligations
  • Right to restriction of processing — request that we limit how we use your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on our legitimate interests
  • Right to withdraw consent — where we process based on your consent, you can withdraw it at any time
  • Right to lodge a complaint — with your national data protection authority

The legal bases on which we process your data are: contract (to deliver the subscription you've signed up for), consent (for newsletters and optional services), legal obligation (tax and accounting records), and legitimate interests (security, fraud prevention, basic site operation).

To exercise any of these rights, email doc@theinvestingclinic.com.

9. Children's Privacy

The Site is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are under 13, please do not use the Site or submit any information to us. If you are a parent or guardian and believe your child has submitted personal information to us, contact doc@theinvestingclinic.com and we will delete it.

10. Email Communications

When you subscribe, you receive:

  • Transactional emails — account confirmations, billing receipts, password resets, important service notices. These are required to operate your account and cannot be opted out of while your account is active.
  • Newsletter emails — content posts and updates. Every newsletter includes a one-click unsubscribe link in the footer. You can also manage email preferences from your member account page.

We comply with the U.S. CAN-SPAM Act, Canada's CASL, and EU/UK e-privacy rules. We do not send unsolicited marketing emails, and we do not share your email with third parties for their marketing.

11. Data Security

We use industry-standard security measures to protect your data, including TLS encryption in transit, encrypted storage at rest (handled by Ghost and Stripe), least-privilege access controls, and a small number of trusted service providers. No system is perfectly secure, however, and you use the Site at your own risk. If we ever experience a data breach affecting your personal information, we will notify you and the appropriate regulators as required by law.

12. International Data Transfers

The Site is operated from the United States. If you access it from outside the U.S., your data will be transferred to and processed in the United States and other countries where our service providers operate. By using the Site, you consent to this transfer. Where required, we rely on Standard Contractual Clauses or other appropriate safeguards under GDPR and UK GDPR.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. The "Last updated" date at the top of this page reflects the date of the most recent revision. Material changes will be communicated through a notice on the Site or by email to active subscribers.

Your continued use of the Site after changes are posted constitutes acceptance of the updated Policy.

14. Contact

Questions about this Policy or about your personal information can be sent to:

The Clinic
Attn: Privacy
Email: doc@theinvestingclinic.com

For California residents, use the subject line "California Privacy Request." For EU/UK residents, use "GDPR Data Request." This helps us route and respond to your inquiry within the required legal timeframes.

See also: Terms, Disclosures, and Risk Statement · Terms of Service