Who This Policy Applies To
This Privacy Policy applies to all visitors and users of TajaiBuilds.com, operated by doingwell, LLC, a Maryland limited liability company. It explains what information we collect, how we use it, and what rights you have regarding that information.
By using this site, you agree to the practices described in this policy. If you do not agree, please do not use the site.
What Information We Collect
We collect only what is necessary to operate the site and deliver purchased products.
| Information | When collected | Why | Where stored |
|---|---|---|---|
| Email address | At purchase via Gumroad | To validate your access code and identify your purchase | Cloudflare KV (our access server) |
| Gumroad license key | At purchase via Gumroad | To serve as your unique access code | Cloudflare KV |
| Device fingerprint (hashed) | When you activate your access code | To lock your license to one device and prevent sharing | Cloudflare KV + your browser localStorage |
| IP address | During access code validation | To enforce rate limiting and log suspicious activity | Cloudflare KV (expires after 30 days) |
| Session token (JWT) | After successful validation | To keep you logged in without storing your raw code | Your browser localStorage only |
| Template and journey content | As you type | Auto-save so your work persists between sessions | Your browser localStorage only — never sent to us |
What We Do Not Collect
- We do not use cookies for tracking
- We do not use Google Analytics or any third-party analytics platform
- We do not collect your name, phone number, or mailing address
- We do not collect payment information — all payments are handled entirely by Gumroad
- We do not track your behavior across other websites
- We do not build advertising profiles
- We do not use pixels, beacons, or fingerprinting tools beyond the device ID described above
How We Use Your Information
The information we collect is used exclusively to:
- Validate your purchase and grant access to the product you bought
- Prevent unauthorized sharing of access codes
- Detect and block brute-force or abusive access attempts
- Respond to support requests you initiate
- Comply with legal obligations if required
We do not use your information for marketing, advertising, profiling, or any purpose beyond delivering the product and maintaining its integrity.
Third-Party Services
We use a small number of third-party services to operate the site:
- Gumroad — processes purchases and issues license keys. Gumroad's own privacy policy governs any information you provide during checkout. We receive only your email address and license key from Gumroad via webhook.
- Cloudflare — hosts the site (Cloudflare Pages), runs our access validation server (Cloudflare Workers), and stores access records (Cloudflare KV). Cloudflare may process your IP address and request metadata as part of standard CDN and security operations. See Cloudflare's privacy policy at cloudflare.com/privacypolicy.
- Google Fonts — the site loads fonts from Google's CDN. Google may log the request. No personal data beyond your IP is involved.
We do not sell, rent, trade, or share your personal information with any other third party for any purpose.
Data Retention
We retain access records (email, device fingerprint, activation status) for as long as your access code is active. If you contact us to request deletion, we will remove your record from our access server within 30 days. Note that deleting your record will also deactivate your access code.
IP-based rate limit records expire automatically after one hour. Suspicious activity logs expire after 30 days. Session logs expire after 90 days.
Content you enter into the templates or journey builder is stored only in your browser. Clearing your browser's localStorage removes it permanently — we have no copy to delete.
Your Rights
Depending on where you are located, you may have certain rights regarding your personal data:
- Right to access — request a copy of the personal information we hold about you
- Right to deletion — request that we delete your personal information
- Right to correction — request correction of inaccurate information
- Right to portability — request your data in a portable format
- Right to object — object to processing of your personal information
To exercise any of these rights, email [email protected]. We will respond within 30 days.
If you are located in the European Economic Area, you have additional rights under the GDPR. If you are located in California, you have additional rights under the CCPA. We honor all applicable rights regardless of your location.
Security
We take reasonable technical measures to protect the information we store. Access codes are stored server-side in Cloudflare KV — never in client-side code. Session tokens are signed with a secret key using HMAC-SHA256. All traffic is encrypted via HTTPS.
No system is completely secure. We cannot guarantee absolute security, but we have built this system to minimize what we collect and therefore minimize what could be exposed.
Children's Privacy
This site is not directed at children under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided personal information through this site, contact us immediately at [email protected].
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will make reasonable efforts to notify affected users. Your continued use of the site after any update constitutes acceptance of the revised policy.