Legal · Privacy

Privacy Policy

What we collect, why, who we share it with, and the control you have over your data.

Last updated · June 2026

This Privacy Policy explains how The Steading Codex, operated by Web Production Labs LLC ("we", "us"), handles personal data through thesteadingcodex.com and our store. By using the site you agree to this policy.

1 · Information we collect

  • Information you give us — your email address (newsletter, free sampler, checkout), and your name and message if you contact us or apply to the affiliate program.
  • Order information — our store runs on Shopify; when you buy, Shopify and its payment processor (Shopify Payments / Shop Pay) collect and process your payment details; we receive order and fulfilment data but not your full card number.
  • Information collected automatically — basic usage and device data (pages viewed, referrer, approximate location, browser type) and, with your consent where required, analytics about how you use the site. See our Cookie Policy.
  • Affiliate program data — if you join our affiliate program (run on GoAffPro), we collect your application details, your referral/tracking data (clicks and qualifying sales attributed to your link), and — to pay you — your payout and tax information (e.g., bank/ACH details and your IRS Form W-9; we issue a Form 1099 where required). See the Affiliate Program Operating Agreement.

2 · How we use your information

  • To reply to your messages and provide support.
  • To process and deliver orders and send transactional emails (receipts, download links).
  • To send the Field Notes newsletter — only if you opted in; you can unsubscribe any time.
  • To understand and improve the site (analytics), and to keep it secure and working.
  • To comply with law and enforce our Terms.

3 · Legal bases (EEA / UK)

Where the GDPR / UK GDPR applies, we rely on: consent (marketing emails, non-essential cookies/analytics), performance of a contract (processing your orders), legitimate interests (running and securing the site, basic analytics), and legal obligation (tax and record-keeping).

4 · Cookies & analytics

We use strictly-necessary cookies to run the site and, with consent where required, analytics (PostHog) to understand usage. We show a consent choice to visitors in the EEA/UK before loading non-essential cookies. Full details and how to opt out are in our Cookie Policy.

5 · Who we share it with

We do not sell your personal information. We share it only with service providers who process it on our behalf, under contract:

  • Klaviyo — email newsletter and marketing.
  • Resend — transactional and contact-form email.
  • PostHog — privacy-conscious product analytics.
  • Vercel — website hosting and security logs.
  • Amazon — when you buy a printed edition via Amazon, your purchase is governed by Amazon's own privacy policy.
  • Shopify — our online store platform and payment processor (Shopify Payments / Shop Pay), to host the store and take payments securely.
  • GoAffPro — runs our affiliate program (sign-up, referral tracking, dashboards, and payout records).
  • Wise — processes affiliate payouts (bank/ACH transfers) where applicable.

We may also disclose data if required by law, or to protect our rights and users' safety.

6 · Data retention

We keep personal data only as long as needed for the purposes above — newsletter data until you unsubscribe; order records as required for tax and accounting; support messages for a reasonable period — then delete or anonymize it.

7 · Your rights

Depending on where you live, you may have the right to access, correct, delete, or port your data, to object to or restrict processing, and to withdraw consent. To exercise any of these, contact us (below) — we will respond as required by law and will not discriminate against you for doing so.

California (CCPA/CPRA): you may request to know, delete, or correct your personal information, and to opt out of "sale" or "sharing." We do not sell your personal information. Submit requests via our Contact page or hello@thesteadingcodex.com.

8 · International transfers

We are based in the United States, and our providers may process data in the US and elsewhere. Where required, transfers rely on appropriate safeguards (such as Standard Contractual Clauses).

9 · Children

The site is not directed to children, and we do not knowingly collect personal data from anyone under 16. If you believe a child has given us data, contact us and we will delete it.

10 · Security

We use reasonable technical and organizational measures to protect your data. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

11 · Changes

We may update this policy; we will revise the "last updated" date above and, for material changes, take additional steps where required.

12 · Contact

Questions or requests: hello@thesteadingcodex.com or our Contact page. Operator: Web Production Labs LLC.