Privacy Policy

1. Who We Are

Success Society ("we," "us," or "our") operates successsociety.co. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and your rights.

By using Success Society, you agree to the collection and use of information as described in this policy.

2. Information We Collect

When you sign up via Discord OAuth, we receive and store:

• Email address (from your Discord account)

• Discord user ID and username

• Display name (from your Discord profile)

• Niche selection (chosen by you during onboarding)

• Subscription status and plan type (free or Builder)

When you make a purchase, Stripe processes your payment. We receive and store:

• Stripe customer ID and subscription ID

• Transaction history (amount, date, status)

• We do not store full card numbers or CVV codes — these are handled entirely by Stripe.

We also automatically collect limited technical data when you use the platform:

• IP address (used for security and fraud prevention)

• Browser type and device type (for compatibility)

• Pages visited and features used (to improve the product)

3. How We Use Your Information

We use your information to:

• Create and manage your Success Society account

• Assign you the correct role in the Discord community

• Process subscription payments and event ticket purchases

• Send transactional emails (welcome, billing, cancellation)

• Send community updates, new features, and relevant opportunities

• Detect and prevent fraud or abuse

• Improve the platform and understand how members use it

• Comply with our legal obligations

4. Email Communications

By creating an account, you agree to receive transactional emails (account confirmations, billing receipts, password changes). You cannot opt out of transactional emails while your account is active.

You may also receive marketing emails about community updates, new features, and opportunities. You can unsubscribe from marketing emails at any time by clicking the unsubscribe link in any email we send.

We use Zoho ZeptoMail to send emails. Your email address is shared with Zoho solely for the purpose of sending you emails on our behalf. Zoho's privacy practices are governed by the Zoho Privacy Policy at zoho.com/privacy.

5. Third-Party Data Processors

We share limited data with trusted third-party services that help us operate the platform. We only share what is necessary:

• Supabase — our database provider. Stores your account data, subscription status, niche, and platform activity. Supabase is SOC 2 compliant. See supabase.com/privacy.

• Stripe — our payment processor. Handles all payment transactions and stores your billing information. Stripe is PCI-DSS compliant. See stripe.com/privacy. For EU/UK users, transfers to Stripe are governed by Standard Contractual Clauses under Stripe's Data Processing Agreement at stripe.com/legal/dpa.

• Zoho ZeptoMail — our email delivery provider. Receives your email address and name to deliver emails on our behalf. See zoho.com/privacy.

• Discord — our authentication and community provider. We use Discord OAuth to verify your identity. See discord.com/privacy.

We do not sell your personal data. We do not share it with advertising networks or data brokers.

6. Data Retention

We retain your personal data only for as long as necessary:

• Account data (email, Discord ID, display name, niche): Retained while your account is active and for 12 months after deletion, for legal and operational purposes.

• Transaction data (subscription history, event purchases): Retained for 7 years for tax and legal compliance.

• Activity logs (login history, feature usage): Retained for 12 months, then deleted.

• Marketing preferences and email engagement: Retained until you unsubscribe. Suppression lists (to honor opt-outs) are kept for 24 months.

You may request earlier deletion of your data at any time by contacting support@successsociety.co. We will fulfill deletion requests within 30 days, except where we are required by law to retain certain data.

7. Cookies

We use essential cookies only — to keep you logged in and maintain your session. We do not use advertising, tracking, or analytics cookies.

Do Not Track (DNT): Most browsers support a "Do Not Track" signal. There is currently no industry-standard response to DNT signals, and we do not currently change our data practices based on DNT browser signals.

Global Privacy Control (GPC): If your browser sends a GPC signal, we treat it as a request to opt out of any sale or sharing of your personal information for targeted advertising. We do not sell or share data for advertising, so GPC signals do not change our existing practices.

8. Your Rights

Regardless of where you are located, you have the right to:

• Access the personal data we hold about you

• Correct inaccurate or incomplete data

• Request deletion of your account and personal data

• Unsubscribe from marketing emails at any time

To exercise any of these rights, email us at support@successsociety.co. We will respond within 30 days.

9. GDPR — European Users

If you are located in the European Union, European Economic Area, United Kingdom, or Switzerland, the following applies to you under the General Data Protection Regulation (GDPR).

Legal Basis for Processing: We process your data on the following bases: (a) Performance of a Contract — to provide the service you signed up for; (b) Legitimate Interests — for security, fraud prevention, and platform improvement; (c) Consent — for marketing emails, which you can withdraw at any time.

Additional Rights: In addition to the rights in Section 8, you also have the right to: restrict processing of your data; receive your data in a portable, machine-readable format; object to processing based on legitimate interests; and lodge a complaint with your local data protection authority.

International Transfers: Your data is stored and processed in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for transfers of personal data from the EU/EEA to the US.

To exercise your GDPR rights, contact us at support@successsociety.co. We will respond within 30 days.

10. CCPA / CPRA — California Users

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

Categories of personal information we collect: Identifiers (email, Discord ID, IP address); commercial information (subscription and purchase history); internet activity (pages visited, features used); and inferences drawn from the above (niche, plan type).

How we use it: Account creation and management, service delivery, billing, transactional and marketing emails, fraud prevention, and legal compliance.

Your Rights:

• Right to Know — You can request what personal information we collect, use, disclose, and sell.

• Right to Delete — You can request we delete your personal information, with limited exceptions for legal/tax obligations.

• Right to Correct — You can request corrections to inaccurate information.

• Right to Opt-Out — We do not sell or share your personal information for cross-context behavioral advertising. You have nothing to opt out of.

• Right to Non-Discrimination — We will not discriminate against you for exercising your privacy rights.

To submit a rights request, email support@successsociety.co. We will verify your identity and respond within 45 days. You may authorize an agent to submit requests on your behalf by providing written authorization.

11. Children's Privacy

Success Society is not intended for children under 13. We do not knowingly collect personal information from children under 13. Discord requires all users to be at least 13 years old; by signing in with Discord, you confirm you meet this requirement.

If we learn that we have collected personal information from a child under 13 without verified parental consent, we will promptly delete that information and terminate the account.

If you believe a child under 13 has registered, please contact us immediately at support@successsociety.co.

12. Data Security

We take reasonable technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These include encrypted data storage via Supabase, HTTPS for all data in transit, and OAuth-based authentication (no passwords stored by us).

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date, post the new policy on this page, and notify you via email or a notice in the Discord community.

Your continued use of Success Society after the effective date of any changes constitutes acceptance of the updated policy.

14. Contact

For any questions about this Privacy Policy, your personal data, or to exercise your rights:

Email: support@successsociety.co

Website: successsociety.co

We aim to respond to all privacy-related requests within 30 days (or within the timeframe required by applicable law).

EU/UK users: If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.