Skip to main content

Launching soon. Course content is being recorded. Join the waitlist to get early access and a launch discount.

Introplan

Legal

Privacy Policy

Last updated: May 21, 2026

This Privacy Policy explains how Sodasoft LLC (“Sodasoft”, “we”, “us”, “our”), as operator of the Introplan brand, collects, uses, shares, and protects personal data when you visit https://www.introplan.com or use any related Service. We handle personal data in accordance with the EU General Data Protection Regulation (GDPR), the UK GDPR where applicable, and other applicable privacy laws.

1. Data controller

The data controller for personal data processed via the Introplan Service is Sodasoft LLC. For privacy questions, contact privacy@introplan.com.

2. What we collect

2.1 Information you give us

  • Account & identification: email address, name (if provided), and any profile fields you fill out.
  • Order & billing: products purchased, amounts, currency, billing country, VAT number if applicable, Stripe customer and session identifiers. We do not store full card numbers - Stripe handles card data.
  • Communication: messages you send via contact forms or by email.
  • Lead-magnet signup: email and the source page when you request the free Scorecard or subscribe to our newsletter.

2.2 Information we collect automatically

  • Device & usage: IP address (truncated where possible), browser type, device type, referrer, pages visited, and timestamps.
  • Cookies and similar: see our Cookies Policy for details.
  • Course progress: lessons started or completed (only if you are logged in as a paying user).

2.3 Information from third parties

  • Stripe sends us payment confirmations, refund events, and limited customer metadata required to complete your order.
  • Supabase manages your authentication credentials and stores your account data on our behalf.

3. How we use your data (and lawful basis under GDPR)

PurposeLawful basis
Create and manage your account, authenticate loginsContract performance (Art. 6(1)(b))
Process payments, deliver purchased products, issue receiptsContract performance (Art. 6(1)(b))
Send transactional emails (purchase confirmation, course access)Contract performance (Art. 6(1)(b))
Deliver the free Scorecard and educational email seriesConsent (Art. 6(1)(a)); you can withdraw at any time
Send marketing newslettersConsent (Art. 6(1)(a))
Provide customer supportContract performance / legitimate interest (Art. 6(1)(b) / 6(1)(f))
Detect fraud, abuse, and secure the ServiceLegitimate interest (Art. 6(1)(f))
Comply with tax, accounting, and legal obligationsLegal obligation (Art. 6(1)(c))
Aggregate analytics to improve the ServiceLegitimate interest / consent for non-essential cookies

4. Who we share data with

We do not sell your personal data. We share it only with service providers (acting as our data processors) and where legally required:

  • Stripe (payments) - Ireland / global. Recipient of order and billing data needed for processing.
  • Supabase (auth + database) - hosted in the European Union (Frankfurt). Recipient of account and progress data.
  • Resend (transactional email) - recipient of email address and the content of emails we send to you.
  • Vercel (hosting) - processes server logs and request data.
  • Analytics provider (PostHog) - if enabled, processes anonymised usage data; see Cookies Policy.
  • Government authorities - only where compelled by valid legal process.
  • Successors - in a merger, acquisition, or asset transfer; you will be notified.

5. International transfers

Some processors may transfer data outside the European Economic Area. Where this happens, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the EU-US Data Privacy Framework, or processing within an adequacy decision country.

6. How long we keep data

  • Account data: while your account is active, plus 12 months.
  • Order & invoice records: up to 10 years, as required by tax law.
  • Lead-magnet email: until you unsubscribe, plus 24 months.
  • Marketing consent records: 5 years after withdrawal, to demonstrate compliance.
  • Server logs: typically up to 30 days.
  • Analytics: typically up to 26 months in aggregated form.

7. Your rights

Under GDPR (and equivalent laws), you have the right to:

  • Access your personal data and receive a copy
  • Rectify inaccurate or incomplete data
  • Erase your data (“right to be forgotten”), subject to legal retention
  • Restrict or object to certain processing
  • Data portability - receive your data in a structured, machine-readable format
  • Withdraw consent at any time (does not affect prior lawful processing)
  • Lodge a complaint with your local data protection authority

To exercise any right, write to privacy@introplan.com. We may need to verify your identity. We respond within 30 days (extendable by 60 days for complex requests).

8. Children

The Service is not directed at children under 16. We do not knowingly process data of children under 16. If you believe a child has provided us data, write to privacy@introplan.com and we will delete it.

9. Security

We use industry-standard safeguards: HTTPS encryption in transit, encryption at rest by our hosting providers, restricted access to production systems, and audit logging for sensitive actions. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

10. Automated decision-making

We do not use automated decision-making (including profiling) that produces legal or similarly significant effects on you.

11. Direct marketing

We send marketing emails only with your consent. Every marketing email includes an unsubscribe link. You can also reply “unsubscribe” or write to privacy@introplan.com.

12. Changes to this policy

We may update this Privacy Policy. Material changes will be communicated via the Service or by email. The “Last updated” date reflects the current version.

13. Contact

Privacy questions: privacy@introplan.com. General contact: support@introplan.com.