Privacy Policy
Last updated: May 13, 2026
01Who runs this site
This site is operated by Michael Dishmon, a sole proprietor based in the USA. When this policy says “I” or “me,” that’s Michael. There’s one person behind this, and that person is accountable for how your data is handled.
02What I collect and why
Here’s a straightforward list of the data I collect, and the reason for each piece.
Name and email
Collected when you fill out the contact form, create an account, or purchase a product. Used to respond to your message, manage your account, and deliver what you bought.
Payment information
Processed entirely by Stripe. I never see or store your card number. Stripe handles PCI compliance. I receive a confirmation with the amount, product, and a Stripe customer ID.
Usage analytics
Collected via PostHog and Google Analytics 4 (GA4). This includes pages visited, time on site, browser type, approximate location (city-level), and referral source. The purpose is to understand which content is useful and which pages need work.
Account data
If you create an account, I store your email, display name, and purchase history in Supabase (hosted on AWS). This lets you access your purchases, download products, and manage your account.
03Cookies and tracking
This site uses cookies and browser storage. Visitors located in the EEA, UK, or Switzerland are detected at the edge via a country-code header and analytics scripts (PostHog, Google Analytics 4) are not loaded for those visitors at all. Everyone else has analytics loaded by default and can opt out via the browser Do-Not-Track signal, which PostHog respects.
PostHog
Product analytics. Tracks page views, clicks, and custom events (things like viewing a product page, submitting the contact form, or reading a case study) to help me understand how people use the site. Honors browser Do-Not-Track. Not loaded for EEA / UK / CH visitors. Session recording is active for authenticated portal users on /dashboard/* routes only. It is off for every other page on the site. When recording is active, passwords and email fields are masked before the data leaves your browser. Fields marked with a data-pii attribute are masked as well. Marketing pages, the homepage, /work, /products, /writing, and all other public routes are never recorded. Recordings are retained for 30 days. You can request deletion of any session recordings associated with your account by emailing hello@michaeldishmon.com. When you sign up and log into the member portal, your PostHog analytics history is linked to your account using a pseudonymous identifier - specifically, the UUID assigned to your account in the database. Your email address and name are not sent to PostHog as identifying attributes. The linking happens after you create an account, and it is how the site tracks things like which products you have accessed and whether particular features are being used. You can request deletion of your PostHog event history, including any linked profile, by emailing hello@michaeldishmon.com. When you submit the contact form or a service inquiry, the company name you enter may also be recorded in PostHog as a group attribute. This is used to understand aggregate patterns by business type, not to target or sell to you.
Google Analytics 4
Traffic analytics. Collects anonymized usage data including page views, session duration, and traffic sources. Not loaded for EEA / UK / CH visitors via the client-side script. In addition to the client-side script, a server-side event is sent to Google Analytics via the Measurement Protocol when a purchase completes. This server-side call happens on my infrastructure, not in your browser, so it fires for all completed checkouts regardless of your location. It sends the transaction ID, purchase amount, currency, and the product you bought. It does not send your name, email address, or any other personal identifier. Google processes this data under their own privacy policy.
Authentication cookies
Session cookies from Supabase Auth that keep you logged in. These are strictly necessary for the site to function if you have an account.
Stripe
Stripe sets cookies during the checkout process to prevent fraud and process payments. These are necessary for purchases to work.
04Browser storage we use
Beyond cookies, this site stores small amounts of data in your browser via localStorage and sessionStorage. The list below is the complete set as of the “last updated” date above. None of these are shared with a third party, none are persistent identifiers, and clearing them only resets in-page demos.
| Key | Purpose | Duration |
|---|---|---|
| bzk:chat.session | Persists the in-browser chat history for the Berserker assistant across navigations. | Tab session |
| bzk:personalization:* | Caches resolved personalization codenames so a visitor opening a personalized link is not re-queried each navigation. | Tab session |
| mdc-bloom-charts-v1 | Bloom case-study chart demo: stores the selected date range. | Persistent |
| mdc-bloom-metrc-packages-v1 | Bloom Metrc demo: column visibility preferences. | Persistent |
| mdc-bloom-mobile-budtender-v1 | Bloom mobile budtender demo: in-progress cart state. | Persistent |
| mdc-bloom-pos-discount-v1 | Bloom POS demo: applied discount. | Persistent |
| mdc-bloom-pos-register-v1 | Bloom POS demo: cart contents. | Persistent |
| mdc-bloom-pos-returns-v1 | Bloom POS demo: returns wizard state. | Persistent |
| mdc-bloom-portal-dashboard-v1 | Bloom portal demo: dashboard date range. | Persistent |
| mdc-hearthlight-calendar-v1 | Hearthlight demo: weekly meal calendar. | Persistent |
| mdc-hearthlight-mealplan-v1 | Hearthlight demo: meal plan wizard progress. | Persistent |
| mdc-hearthlight-pantry-v1 | Hearthlight demo: pantry matcher selections. | Persistent |
| mdc-hearthlight-recipe-v1 | Hearthlight demo: recipe correspondences view. | Persistent |
| mdc-hearthlight-shopping-v1 | Hearthlight demo: shopping list. | Persistent |
| mdc-hearthlight-tarot-v1 | Hearthlight demo: daily tarot reading. | Persistent |
| mdc-hearthlight-tarot-showcase-v3 | Hearthlight demo: tarot showcase state. | Persistent |
| mdc-rl-food-journal-v1 | The Rooted Life demo: food journal entries. | Persistent |
| mdc-rl-foundations-quiz-v1 | The Rooted Life demo: foundations quiz answers. | Persistent |
| mdc-rl-naq-demo-v1 | The Rooted Life demo: NAQ slice demo state. | Persistent |
To clear any of these, open your browser’s site data settings for michaeldishmon.com and remove storage. The site will continue to work; in-progress demos will reset.
05AI disclosure
The Berserker chat assistant on this site is a large language model. It uses Anthropic’s Claude API to generate responses. When you send a message, the message and a system prompt are forwarded to Anthropic’s API and a response is returned. Anthropic processes this data under their own privacy policy and does not train default API traffic on customer inputs.
This disclosure is published in advance of the EU AI Act Article 50 first-interaction transparency requirement (effective August 2, 2026). The chat is clearly labeled “Berserker” and “ai assistant” in the in-page UI; this section adds the formal data-processing disclosure.
06How I use your data
Your data is used to deliver the service you asked for. Specifically: to respond to contact form submissions, to process purchases and deliver digital products, to manage your account, and to improve the site based on aggregate usage patterns.
I do not sell your data. I do not share your email with third parties for marketing purposes. If I send you an email, it’s because you bought something, asked me a question, or explicitly signed up for updates.
07Third-party services
The following services process data on my behalf. Each has their own privacy policy.
Stripe
Payment processing. stripe.com/privacy
Supabase
Database and authentication. supabase.com/privacy
Vercel
Site hosting. vercel.com/legal/privacy-policy
PostHog
Product analytics. posthog.com/privacy
Google Analytics
Traffic analytics. policies.google.com/privacy
YouTube
The member portal (/dashboard/learn/*) uses YouTube's standard embed API to deliver course videos. This integration uses youtube.com (not the privacy-enhanced nocookie domain), which means YouTube may set cookies for authenticated portal users to track video playback and performance. This is required for accurate lesson-completion tracking inside the portal. YouTube processes this data under Google's privacy policy. Marketing pages on this site that embed YouTube videos use the nocookie domain and do not set YouTube tracking cookies.
Resend
Transactional email. resend.com/legal/privacy-policy
Anthropic
Powers the in-site chat assistant. Messages you send to the chat are forwarded to Anthropic's Claude API and processed under their policy. anthropic.com/legal/privacy
08Data retention
Account data is kept as long as your account is active. If you delete your account, your personal data is removed within 30 days. Purchase records may be retained longer for tax and legal compliance.
Analytics data is retained according to each provider’s default retention periods (PostHog: 1 year, GA4: 14 months).
09Your rights
You can request a copy of your data, ask me to correct it, or ask me to delete it. Just email me. I’ll respond within a reasonable timeframe, typically a few days.
If you’re in the EU, you have additional rights under GDPR including data portability and the right to object to processing. If you’re in California, you have rights under the CCPA. I respect both regardless of where you live.
10Children and minimum age
This site and its products are intended for adults. To create an account or purchase a product, you must be at least 16 years old.
This site is not directed at children under 13. I do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has provided personal information through this site, email me at hello@michaeldishmon.com and I will delete that data promptly. Parents or guardians can contact me with COPPA-related requests at that same address.
11Security
The site is served over HTTPS. Authentication is handled by Supabase with bcrypt password hashing and secure session tokens. Payment data is processed by Stripe and never touches my servers. I take reasonable measures to protect your data, but I also want to be honest: this is a one-person operation, not a Fortune 500 security team. If I ever discover a breach, I’ll notify affected users directly.
12Changes to this policy
If I make meaningful changes, I’ll update the “last updated” date at the top. For significant changes that affect how your data is handled, I’ll do my best to notify you via email if you have an account.
13Contact
Questions about this policy? Email me at hello@michaeldishmon.com. I read every email and respond personally.
$ michael dishmon / sole proprietor / usa
