Privacy Policy

This Privacy Policy applies to all websites and services operated by Misfit Island LLC, including but not limited to PocketCoach, Misfit Island (misfitis.land), Elegant Futures (elegantfutures.com), and Clutchmind (clutchmind.app).

We are committed to protecting your privacy and being transparent about how we collect, use, and protect your personal information. This policy explains your rights and our obligations regarding your data.

1. Information We Collect

1.1 Personal Information

We collect information you provide directly to us, including:

• Name, email address, phone number, and business contact details
• Company name, job title, and professional information
• Payment and billing information (processed by third-party payment providers)
• Information submitted through contact forms, workshop registrations, or service inquiries
• Content you provide during workshops, consulting sessions, or support interactions

1.2 AI Interaction Data

When you use our AI-powered services (custom GPTs, AI applications, AI tools):

• User Inputs: Prompts, questions, and content you submit to AI systems
• AI Outputs: Responses and generated content from AI systems
• Usage Patterns: How you interact with AI features, frequency of use, feature preferences
• Training Data: We do NOT use your inputs to train third-party AI models unless you explicitly consent. However, third-party AI providers (OpenAI, Anthropic, etc.) may process your data according to their own policies

1.3 Usage and Technical Information

We automatically collect certain information about your device and how you use our services:

• Device information (type, operating system, browser type and version)
• IP address and approximate geographic location
• Pages visited, time spent on pages, links clicked, and referral sources
• Log data and analytics information

1.4 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to provide functionality, analyze usage, and improve our services. See our Cookie Policy for detailed information.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Delivery and Operations

• Provide, maintain, and improve our services and AI applications
• Process payments and fulfill orders
• Deliver workshops, consulting services, and custom AI solutions
• Respond to inquiries, support requests, and customer service needs
• Customize and personalize your experience

2.2 Communication

• Send transactional emails (order confirmations, account updates, service notifications)
• Send marketing communications and promotional materials (only with your consent; you may opt out at any time)
• Share relevant content, updates, and educational materials about AI and our services

2.3 Analytics and Improvement

• Analyze usage patterns to improve our services and develop new features
• Conduct research and development on AI applications and methodologies
• Monitor and analyze trends, effectiveness, and user engagement

2.4 Legal and Security

• Ensure security, prevent fraud, and protect against malicious activity
• Comply with legal obligations, enforce our terms, and protect our rights
• Respond to legal requests and prevent harm

2.5 Legal Basis for Processing (GDPR)

For users in the EU/UK, we process your data based on:

• Consent: You have given clear consent for us to process your data for specific purposes
• Contract: Processing is necessary to fulfill our contract with you
• Legal Obligation: Processing is required by law
• Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., improving services, security) and does not override your rights

3. How We Share Your Information

We do not sell or rent your personal information to third parties.

We may share your information with:

3.1 Service Providers

We share data with trusted third-party service providers who perform services on our behalf:

• Email Services: Zoho Mail for business communications
• Analytics: Google Analytics for website usage analysis
• AI Services: OpenAI, Anthropic Claude, and other AI platforms for AI-powered features
• Payment Processing: Stripe, PayPal, or similar payment processors (we do not store credit card numbers)
• Hosting: Cloudflare Pages, Vercel, or other hosting providers

These providers are contractually bound to protect your data and use it only for the purposes we specify.

3.2 Business Transfers

If Misfit Island LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

3.3 Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal processes (subpoenas, court orders, government requests)
• Enforcement of our terms and policies
• Protection of our rights, property, or safety, or that of others
• Investigation of fraud, security issues, or illegal activity

3.4 With Your Consent

We may share your information for other purposes with your explicit consent or at your direction.

4. Your Privacy Rights

Depending on your location, you have various rights regarding your personal data:

4.1 General Rights (All Users)

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal obligations)
• Opt-Out: Unsubscribe from marketing communications at any time
• Data Portability: Receive your data in a structured, machine-readable format

4.2 GDPR Rights (EU/UK Users)

If you're in the European Union or United Kingdom, you also have the right to:

• Restriction: Restrict how we process your data
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Lodge a Complaint: File a complaint with your local data protection authority

4.3 CCPA/CPRA Rights (California Residents)

California residents have additional rights under the California Consumer Privacy Act:

• Right to Know: Request disclosure of what personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale or sharing of your personal information (Note: We do not sell personal information)
• Right to Non-Discrimination: Exercise your rights without facing discrimination
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit: Limit the use of sensitive personal information

4.4 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: privacy@misfitis.land
• Website: www.misfitis.land/contact

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

5. AI-Specific Privacy Practices

5.1 Third-Party AI Services

We use third-party AI services (including OpenAI's GPT models and Anthropic's Claude) to power certain features. When you interact with these services:

• Your inputs are sent to these providers for processing
• These providers have their own privacy policies and data practices
• We configure services to minimize data retention where possible
• We do not opt you into any AI training programs without explicit consent

5.2 Custom GPT Development

When we build custom GPTs or AI applications for you:

• Client-provided data is used solely for the specific project
• We maintain confidentiality of proprietary information
• Ownership and usage rights are defined in our service agreements
• We do not reuse client-specific data for other projects without permission

5.3 No Automated Decision-Making

We do not use AI to make automated decisions that significantly affect you without human oversight. Any AI-generated content or recommendations are reviewed and approved by our team before implementation.

6. Data Security

We implement reasonable technical and organizational measures to protect your personal information:

• Encryption of data in transit (HTTPS/TLS) and at rest where appropriate
• Access controls and authentication requirements
• Regular security assessments and monitoring
• Secure hosting infrastructure with reputable providers
• Employee training on data protection and privacy

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6.1 Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify you promptly as required by applicable law. We will also notify relevant supervisory authorities where required.

7. Data Retention

We retain your personal information only as long as necessary for:

• Providing our services and fulfilling the purposes described in this policy
• Complying with legal, tax, accounting, or regulatory requirements
• Resolving disputes and enforcing our agreements
• Establishing, exercising, or defending legal claims

When we no longer need your personal information, we will securely delete or anonymize it. Specific retention periods vary based on the type of data and applicable legal requirements.

8. International Data Transfers

Misfit Island LLC operates in the United States. If you are located outside the U.S., your information will be transferred to, stored, and processed in the United States.

The United States may not have the same data protection laws as your country. However, we take steps to ensure adequate protection of your data, including:

• Using standard contractual clauses approved by the European Commission
• Implementing appropriate technical and organizational safeguards
• Working only with service providers who commit to protecting your data

For EU/UK residents, we comply with applicable data transfer mechanisms and frameworks.

9. Children's Privacy

Our services are not directed to individuals under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children.

If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us immediately at privacy@misfitis.land.

10. Third-Party Links and Services

Our websites may contain links to third-party websites, services, or resources. This Privacy Policy does not apply to those third parties. We are not responsible for the privacy practices of other websites or services.

We encourage you to review the privacy policies of any third-party sites or services before providing them with your personal information.

11. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked. Currently, there is no industry standard for how to respond to DNT signals. We do not currently respond to DNT signals, but we respect your privacy choices as described in this policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make changes:

• We will update the "Last Updated" date at the top of this policy
• For material changes, we will notify you via email or a prominent notice on our website
• Continued use of our services after changes become effective constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: