Privacy Philosophy

Information about a person is an extension of that person. To collect it without necessity is not a neutral act — it is an appropriation. To retain it beyond purpose is not caution — it is possession without right. What a person generates about themselves originates with them, belongs to them, and does not become someone else's asset simply by passing through their systems. Ownership does not transfer on contact. Custody is not title.

Most of the digital economy is built on the opposite premise — that data flows freely until someone objects, shifting the entire burden of protection onto the person least positioned to carry it. We reject that entirely. The burden is on us to justify every piece of information we touch, and when we cannot justify it, we don't touch it. Occasionally, a specific and necessary function requires passing limited information to another custodian for a bounded purpose. When that happens, we name it, we limit it, and it goes no further.

We handle what belongs to others the way we would handle anything that was never ours to keep — carefully, minimally, and with a clear understanding that it goes back. We are custodians at best, and only briefly. Privacy is not a feature we offer. It is a condition we refuse to violate.

We respect you enough not to want your information. Not what you browse, not what you buy, not what you do when you're not talking to us. None of it. We know what we need to do the job — your name, your contact, your engagement context — and that's the boundary. Anything beyond that isn't our business, literally.

Before a contract is executed, anything you've shared with us is yours to delete entirely. Once an agreement is signed and an engagement begins, the information you voluntarily provided becomes part of a mutual business record. At that point it is no longer personal data held on your behalf — it is evidence of a commercial transaction between two parties. It is not personal data. It is not a profile. It is a receipt.

We retain exactly three categories — executed agreements, delivery confirmations, and payment records — for six years from the close of an engagement. That window exists to protect the integrity of completed work on both sides. When it closes, those records are deleted permanently and without recovery.

Your data is encrypted in your browser before it ever touches a server. By the time it moves, neither we nor any platform we use can read it in transit. It arrives encrypted and it stays that way — except where AI features are involved, which we address separately below.

Our site infrastructure and transactional services handle encrypted data only. They are custodians of ciphertext, not processors of your information in any meaningful sense.

AI assistance features on this site are powered by large language model APIs. This category is different, and we will not pretend otherwise. Queries submitted through AI-assisted features are transmitted in readable form to the relevant provider. That is the nature of how these services function — the text must be legible to be processed. Under our agreements with each provider, queries are not used to train their models, and we do not transmit account details, financial information, or anything beyond what the query itself contains. The scope is bounded, but the data is readable in transit, and you should know that.

These platforms operate under their own privacy policies, which we do not control and which may not reflect the same standards as our own. We have chosen each deliberately and with care, but we will not pretend their commitments are identical to ours. We encourage you to review their policies directly.

Regulators are welcome to review our practices. They'll find compliance — a byproduct, not a goal. We didn't build this around legal minimums. We built it around actually caring about data privacy, which turns out to be a considerably higher bar than the law has ever managed to set. If the rules happen to agree with us, that's the law's good fortune, not our achievement.