← Back

Privacy Policy

Effective Date: March 10, 2026  |  Last Updated: March 26, 2026

IMPORTANT: This Privacy Policy constitutes a legally binding agreement. By accessing or using our Services, you acknowledge that you have read, understood, and consent to the data practices described herein. If you do not agree, you must immediately discontinue use of the Services.

Eko Growth LLC ("Company," "we," "us," or "our"), a limited liability company organized under the laws of the State of Wyoming (Wyo. Stat. § 17-29-101 et seq.), operated by Robin Ekren, is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, disclose, and safeguard your personal information when you visit our website(s) and use our Services.

This Privacy Policy is designed to comply with applicable data protection and privacy laws, including but not limited to: the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR"), the UK General Data Protection Regulation ("UK GDPR"), the California Consumer Privacy Act (Cal. Civ. Code § 1798.100 et seq.) as amended by the California Privacy Rights Act ("CCPA/CPRA"), the Children's Online Privacy Protection Act ("COPPA"), the CAN-SPAM Act, and other applicable international, federal, and state privacy regulations.

§ 1 — Data Controller

For the purposes of applicable data protection law, the data controller is:

Eko Growth LLC
Attn: Data Protection / Robin Ekren
1621 Central Ave, Cheyenne, WY 82001
Email: robinekrenn@gmail.com

If you are located in the European Economic Area ("EEA") or the United Kingdom ("UK") and have questions about data processing, you may contact us at the email address above. We are not required to appoint a Data Protection Officer ("DPO") under Article 37 GDPR; however, all privacy inquiries will be handled promptly.

§ 2 — Information We Collect

§ 2.1 — Information You Provide Directly

We collect personal information that you voluntarily submit to us, including but not limited to:

  1. Identity Data: Full name, username, date of birth (where required for age verification).
  2. Contact Data: Email address, telephone number, mailing address.
  3. Financial Data: Payment card details, billing address, transaction history. Note: Full payment card numbers are processed and stored exclusively by our PCI DSS-compliant payment processor, Stripe, Inc. When you complete a purchase on our website, payment data is collected directly by Stripe through its Embedded Checkout technology (Stripe.js). Your card details are transmitted from your browser directly to Stripe's servers and never pass through or are stored on our servers. We receive only a confirmation of the transaction, a truncated card identifier, and metadata necessary to fulfill your order.
  4. Account Data: Login credentials, account preferences, profile information.
  5. Communication Data: Correspondence, messages, coaching session notes, feedback, survey responses, and form submissions.
  6. Content Data: Any content you upload, submit, or transmit through the Services.

§ 2.2 — Information Collected Automatically

When you access our website, the following data may be collected automatically through cookies and similar technologies:

  1. Technical Data: Internet Protocol (IP) address, browser type and version, operating system, device type, screen resolution, language preferences.
  2. Usage Data: Pages visited, time and date of visits, time spent on pages, click-stream data, referring/exit URLs, search queries.
  3. Location Data: Approximate geographic location derived from IP address.
  4. Cookie Data: Information collected through cookies, web beacons, pixel tags, and similar tracking technologies (see § 6).

§ 2.3 — Information from Third Parties

We may receive personal information from third-party sources, including:

  1. Payment processors (Stripe, PayPal) — transaction confirmation and fraud prevention data;
  2. Analytics providers (Google, Meta) — aggregated website usage data;
  3. Social media platforms — if you interact with our social media presence;
  4. Publicly available sources — where permitted by applicable law.

§ 3 — Legal Basis for Processing (GDPR, Art. 6)

If you are located in the EEA or UK, we process your personal data only where we have a valid legal basis:

Processing Activity Legal Basis (GDPR Art. 6(1))
Providing and delivering the Services (b) Performance of a contract
Processing payments and transactions (b) Performance of a contract
Communicating about your account or Services (b) Performance of a contract
Sending marketing and promotional communications (a) Consent
Analytics and website optimization (a) Consent (via cookie banner)
Advertising and remarketing (Meta Pixel) (a) Consent (via cookie banner)
Fraud prevention and security (f) Legitimate interest
Compliance with legal obligations (c) Legal obligation
Enforcing our Terms of Service (f) Legitimate interest

Where processing is based on consent (Art. 6(1)(a)), you have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

§ 4 — How We Use Your Information

We use the personal information collected for the following purposes:

  1. To provide, operate, maintain, and improve the Services;
  2. To process transactions, send confirmations, and manage billing;
  3. To communicate with you, including responding to inquiries and providing customer support;
  4. To send marketing communications, newsletters, and promotional content (with your consent where required);
  5. To personalize your experience and deliver content relevant to your interests;
  6. To analyze website usage, trends, and user behavior for optimization;
  7. To deliver targeted advertising through third-party platforms;
  8. To detect, prevent, and address fraud, security breaches, and technical issues;
  9. To comply with applicable laws, regulations, and legal processes;
  10. To enforce our Terms of Service and protect the rights, property, and safety of the Company, its Users, and the public.

§ 5 — Analytics and Tracking Technologies

§ 5.1 — Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC ("Google"), to collect and analyze usage data. Google Analytics uses cookies to track user interactions. The information generated by cookies is transmitted to and stored on Google servers in the United States. We have enabled IP anonymization (anonymizeIp), meaning your IP address is truncated within the EEA before transmission.

You may opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on, available at tools.google.com/dlpage/gaoptout.

Google's privacy policy: policies.google.com/privacy.

§ 5.2 — Meta Pixel (Facebook Pixel)

We may use the Meta Pixel, provided by Meta Platforms, Inc. ("Meta"), to measure the effectiveness of advertising campaigns, deliver targeted advertisements, and create custom audiences for remarketing purposes. The Meta Pixel collects data about your browsing activity on our website and shares it with Meta.

You may manage your advertising preferences through your Facebook/Meta account settings or by visiting facebook.com/settings/?tab=ads.

§ 5.3 — Consent Requirement

Analytics and marketing tracking technologies are activated only after you have provided explicit consent through our cookie consent mechanism. If you decline cookies, these tools will not be loaded or activated.

§ 6 — Cookies

Cookies are small text files placed on your device when you visit a website. We use cookies and similar technologies (web beacons, pixel tags, local storage) for the purposes described below.

§ 6.1 — Types of Cookies

Category Purpose Duration Legal Basis
Strictly Necessary Essential for website functionality, security, and cookie consent management. These cookies cannot be disabled. Session – 1 year Legitimate interest / Exempt from consent
Analytics Help us understand website usage patterns and improve our Services (Google Analytics). Up to 26 months Consent
Marketing / Advertising Used for advertising measurement and to deliver relevant ads across platforms (Meta Pixel). Up to 180 days Consent

§ 6.2 — Managing Cookies

  1. Cookie Consent Banner: When you first visit our website, a cookie consent banner will appear. You may accept or decline non-essential cookies. Your preference is stored locally.
  2. Browser Settings: You may configure your browser to block or delete cookies. Note that disabling essential cookies may impair website functionality.
  3. Opt-Out Tools: You may use platform-specific opt-out tools (see § 5).

§ 6.3 — Stripe Embedded Checkout

Our purchase pages use Stripe Embedded Checkout, which loads a secure payment form directly within our website. When you enter payment details in this form:

  1. Your card number, expiry date, and CVC are collected and transmitted directly from your browser to Stripe's PCI DSS Level 1 certified servers via Stripe.js;
  2. This data never passes through our servers;
  3. We collect your name, email address, and phone number through our own form fields before initiating the Stripe session. This contact data is transmitted to our server and to Stripe as customer metadata;
  4. Stripe may set its own cookies and use device fingerprinting for fraud prevention purposes. Stripe's cookie policy is governed by Stripe's own privacy policy;
  5. Upon successful payment, Stripe returns a session identifier to our server. We store the transaction reference, amount, and customer metadata — but not your full card details.

§ 7 — Email Marketing and Communications

  1. We may use email marketing platforms (including but not limited to services such as Mailchimp, ConvertKit, or similar providers) to send newsletters, promotional offers, educational content, and Service updates.
  2. Marketing emails are sent only with your prior opt-in consent. Each marketing email will include a clear and functional "Unsubscribe" mechanism.
  3. You may opt out of marketing communications at any time by:
    1. Clicking the "Unsubscribe" link in any marketing email;
    2. Contacting us at robinekrenn@gmail.com.
  4. Even after opting out of marketing emails, we may continue to send transactional and service-related communications (e.g., purchase confirmations, account notifications, security alerts).
  5. All email marketing practices comply with the CAN-SPAM Act (15 U.S.C. § 7701 et seq.), GDPR Article 7, and the ePrivacy Directive (Directive 2002/58/EC) as applicable.

§ 8 — Disclosure of Your Information

  1. We do not sell your personal data. As of the effective date of this Policy, we have not sold personal information in the preceding twelve (12) months, as "sale" is defined under the CCPA/CPRA.
  2. We may share your personal information with the following categories of recipients:
    1. Payment Processors: Stripe, Inc., for the purpose of processing financial transactions via Stripe Embedded Checkout. Stripe acts as an independent data controller for payment data it collects directly from your browser. Stripe's privacy policy is available at stripe.com/privacy;
    2. Analytics and Advertising Providers: Google LLC and Meta Platforms, Inc., for website analytics and advertising optimization (subject to your cookie consent);
    3. Hosting and Infrastructure Providers: Vercel Inc., for website hosting and serverless function execution. Vercel may process technical data (IP address, request metadata) in connection with delivering the Services;
    4. Service Providers: Third-party vendors who assist in operating our business, including email service providers, customer support tools, and cloud storage services. All service providers are bound by data processing agreements and may only process data on our instructions;
    5. Professional Advisors: Attorneys, accountants, auditors, and insurance providers, as necessary for legal, tax, audit, or insurance purposes;
    6. Law Enforcement and Legal Authorities: When required by law, subpoena, court order, or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request;
    7. Business Transfers: In connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal data may be transferred to the acquiring entity.
  3. Future Data Sharing: We may in the future share anonymized, aggregated, or de-identified data with third-party partners for business or research purposes. Such data will not reasonably identify you. If you object to any data sharing, you may contact us at robinekrenn@gmail.com to exercise your opt-out rights where applicable under law.

§ 9 — International Data Transfers

  1. Your personal data may be transferred to, stored in, and processed in the United States of America, where our servers and central database are located.
  2. If you are located in the EEA, UK, or another jurisdiction with data transfer restrictions, we ensure that appropriate safeguards are in place for cross-border transfers, including:
    1. Standard Contractual Clauses ("SCCs") approved by the European Commission (Commission Implementing Decision (EU) 2021/914);
    2. The UK International Data Transfer Agreement or UK Addendum to the EU SCCs, as applicable;
    3. Data processing agreements with all third-party processors that include adequate data protection obligations.
  3. By using the Services, you acknowledge and consent to the transfer of your data to the United States, subject to the safeguards described herein.

§ 10 — Data Retention

  1. We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law.
  2. Specific retention periods:
    Data Category Retention Period Basis
    Account and profile data Duration of account + 3 years Contractual / Legitimate interest
    Transaction and billing records 7 years from transaction date Tax and legal requirements (IRS, Wyo. Stat.)
    Marketing and consent records Until withdrawal of consent or deletion request Consent / Legal obligation
    Analytics data Up to 26 months Consent
    Communication records 3 years from last communication Legitimate interest
    Legal dispute records Duration of dispute + applicable statute of limitations Legal obligation / Legitimate interest
  3. When personal data is no longer required, we will securely delete or irreversibly anonymize it in accordance with industry-standard data destruction practices.

§ 11 — Your Privacy Rights

§ 11.1 — Rights for All Users

Regardless of your location, you have the right to:

  1. Access: Request a copy of the personal data we hold about you;
  2. Correction: Request correction of inaccurate or incomplete personal data;
  3. Deletion: Request deletion of your personal data, subject to legal retention obligations;
  4. Opt-Out of Marketing: Unsubscribe from marketing communications at any time.

§ 11.2 — Additional Rights for EEA/UK Residents (GDPR)

Under the GDPR (Articles 15–22), you additionally have the right to:

  1. Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller;
  2. Restriction of Processing (Art. 18): Request that we restrict the processing of your data under certain circumstances;
  3. Object to Processing (Art. 21): Object to processing based on legitimate interests, including profiling and direct marketing;
  4. Withdraw Consent (Art. 7(3)): Withdraw consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal;
  5. Automated Decision-Making (Art. 22): Not be subject to decisions based solely on automated processing, including profiling, that produce legal effects (we do not currently use automated decision-making);
  6. Lodge a Complaint (Art. 77): File a complaint with your local Data Protection Supervisory Authority. A list of EEA supervisory authorities is available at edpb.europa.eu.

§ 11.3 — Additional Rights for California Residents (CCPA/CPRA)

Under the CCPA (Cal. Civ. Code § 1798.100 et seq.), California residents have the right to:

  1. Know: Request disclosure of the categories and specific pieces of personal information collected, the sources, the business purposes, and the categories of third parties with whom data is shared;
  2. Delete: Request deletion of personal information collected, subject to certain exceptions;
  3. Correct: Request correction of inaccurate personal information;
  4. Opt-Out of Sale/Sharing: Direct us not to sell or share your personal information. We do not currently sell personal information;
  5. Limit Use of Sensitive Personal Information: Direct us to limit the use of sensitive personal information to purposes authorized by the CPRA;
  6. Non-Discrimination: Not receive discriminatory treatment for exercising your CCPA rights.

California residents may also designate an authorized agent to submit requests on their behalf.

§ 11.4 — How to Exercise Your Rights

To exercise any of your rights, submit a verifiable request to:

Email: robinekrenn@gmail.com
Mail: Eko Growth LLC, Attn: Privacy Rights, 1621 Central Ave, Cheyenne, WY 82001

We will acknowledge receipt of your request within five (5) business days and provide a substantive response within thirty (30) calendar days (or within the timeframe required by applicable law, which may be up to forty-five (45) days under the CCPA, with a possible extension of an additional forty-five (45) days for complex requests). We may require identity verification before processing your request.

§ 12 — Data Security

  1. We implement appropriate technical and organizational security measures designed to protect your personal data against unauthorized access, alteration, disclosure, destruction, or accidental loss. These measures include, without limitation:
    1. SSL/TLS encryption (256-bit) for all data transmitted between your browser and our servers;
    2. Secure payment processing exclusively through PCI DSS Level 1 compliant providers;
    3. Access controls, multi-factor authentication, and role-based permissions for internal systems;
    4. Regular security assessments and vulnerability testing;
    5. Employee and contractor confidentiality obligations.
  2. No Absolute Guarantee. Despite our efforts, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your personal data. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with applicable law (including GDPR Art. 33–34).

§ 13 — Children's Privacy

  1. The Services are primarily intended for individuals aged eighteen (18) and older.
  2. Individuals between the ages of thirteen (13) and seventeen (17) may use the Services only with verified consent from a parent or legal guardian, in accordance with our Terms of Service (§ 3).
  3. We do not knowingly collect, solicit, or maintain personal information from children under the age of thirteen (13) in compliance with COPPA (15 U.S.C. § 6501 et seq.).
  4. If we become aware that we have collected personal information from a child under 13 without verified parental consent, we will take steps to promptly delete such information.
  5. If you believe that a child under 13 has provided us with personal information, please immediately contact us at robinekrenn@gmail.com.

§ 14 — Third-Party Links and Services

The Services may contain links to third-party websites, applications, or services that are not owned or controlled by the Company. We are not responsible for the privacy practices, content, or security of any third-party sites. We strongly encourage you to review the privacy policies of any third-party services before providing personal information. The inclusion of any link does not imply endorsement by the Company.

§ 15 — Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. There is no industry-standard technology for recognizing or honoring DNT signals. Accordingly, we do not currently respond to DNT signals. If a standard for responding to DNT signals is established, we will revisit this policy.

§ 16 — Changes to This Privacy Policy

  1. We reserve the right to update or modify this Privacy Policy at any time. Any changes will be posted on this page with an updated "Last Updated" date.
  2. For material changes that significantly affect your rights or the way we process your data, we will provide prominent notice through: (a) a notification on the website, and/or (b) an email to the address associated with your account, at least thirty (30) days before the changes take effect.
  3. Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.
  4. We encourage you to periodically review this page for the latest information on our privacy practices.

§ 17 — Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Wyoming, United States, without regard to conflict of laws principles. For EEA/UK residents, this choice of law shall not deprive you of the protection afforded by the mandatory provisions of the data protection laws of your country of habitual residence.

§ 18 — Contact Information

For any questions, concerns, data subject requests, or complaints regarding this Privacy Policy or our data practices, please contact:

Eko Growth LLC
Attn: Data Protection / Robin Ekren
1621 Central Ave, Cheyenne, WY 82001
Email: robinekrenn@gmail.com

For EEA/UK residents: If you are dissatisfied with our response to your privacy concern, you have the right to lodge a complaint with your local Data Protection Supervisory Authority.