Privacy Policy (Draft)
DRAFT. This document is a working draft and is pending attorney review. It is not yet in effect.
Last updated: July 2, 2026 (draft)
1. Overview
This Privacy Policy explains how Tolstoi LLC (“we”, “us”) collects and uses personal information when you use the Semantic Code website and programs (the “Services”).
2. Information We Collect
- Account data: email address, optional name.
- Purchase data: what you bought, amount, payment status (not card numbers).
- Learning activity: lesson views and progress inside your dashboard.
- Technical data: IP address and browser information for security and rate limiting.
3. How We Use Information
We use your information to provide access to purchased programs, send sign-in links and payment confirmations, protect the Services from abuse, and improve the programs. We do not sell personal information.
4. Payment Processing
Payments are processed by Stripe, Inc. Your card details go directly to Stripe and never reach our servers. Stripe's handling of your data is described in Stripe's own privacy policy.
5. Emails
We send transactional emails (sign-in links, payment receipts, security notices) that are required for the Services to work. Marketing emails, if any, are optional and include an unsubscribe link.
6. Cookies and Sessions
We use a single HTTP-only session cookie to keep you signed in. We do not use third-party advertising cookies.
7. When We Share Information
We share data only with service providers needed to run the Services (payment processing, email delivery, hosting), or when required by law.
8. Data Retention and Deletion
Purchase records are kept as required for accounting and tax purposes. If you ask us to delete your account, we anonymize your personal data while keeping the financial records the law requires us to keep.
9. Your Privacy Rights
Depending on your state of residence, you may have rights to access, correct, or delete your personal information. Contact us to exercise them.
10. Security
Sign-in links are single-use and stored only as cryptographic hashes. Access to production data is restricted. No method of transmission is 100% secure, but we design the Services to minimize the data we hold.
11. Children
The Services are not directed to children under 13, and we do not knowingly collect their data.
12. Changes to This Policy
We may update this policy; the current version with its “Last updated” date is always on this page. Material changes will be announced by email.
13. Contact
Privacy questions: the contact email will be published here.