Privacy Policy

1. Introduction

This Privacy Policy describes how Dmitrii Sharonov ("we," "us," or "our") collects, uses, discloses, and protects personal data when you visit our website at thezerofog.com (the "Site"), register for webinars, subscribe to our newsletter, purchase or use our digital products, or otherwise interact with our services (collectively, the "Services").

We are committed to protecting your privacy and processing your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"), the CAN-SPAM Act, and other applicable data protection laws.

2. Data Controller

For the purposes of GDPR, the data controller is:

Entity: Dmitrii Sharonov
Registration: Registered as autónomo in Spain
Location: Barcelona, Spain
Email: privacy@thezerofog.com

3. Data We Collect

3.1 Data You Provide Directly

• Email address — when you register for a webinar or subscribe to our newsletter through the Site
• Name — if you voluntarily provide it during webinar registration or within the webinar platform (EverWebinar)
• Name and email address — when you purchase the Course or create an account on Systeme.io
• Payment information — processed exclusively by Paddle as the Merchant of Record; we do not receive or store your credit card number, bank details, or other payment credentials
• Support communications — emails, messages, or other correspondence you send to us
• Refund request data — documentation you submit in connection with a refund request, such as screenshots or photographs of your Sleep Diary

3.2 Data Collected Automatically

• Device and browser information — IP address, browser type and version, operating system, device type
• Usage data — pages visited, time on page, click patterns, referring URL, exit pages
• Cookies and similar technologies — see Section 9 (Cookie Policy) below
• Advertising data — data collected by advertising platforms (Meta Pixel, Google Ads) when you interact with our ads or visit our Site after clicking an ad
• Lead tracking identifiers — we may assign a unique identifier to track your journey through our marketing funnel (from webinar registration through purchase) for the purposes of analytics and service improvement. This identifier is linked to your email address and is not shared with third parties beyond those listed in Section 6.

3.3 Data from Third Parties

• Payment data from Paddle — transaction confirmation, purchase amount, payment status, and country of purchase. Paddle acts as an independent data controller for payment data; see Paddle's Privacy Policy at https://www.paddle.com/legal/privacy
• Advertising platforms — aggregated and anonymized campaign performance data from Meta and Google

4. How We Use Your Data

We use your personal data for the following purposes:

• To deliver the Services — register you for webinars (via EverWebinar), process your purchase (via Paddle), provide Course access (via Systeme.io), and send webinar links and reminders (via MailerLite)
• To communicate with you — send transactional emails (purchase confirmations, access credentials), webinar-related emails, and newsletter content you opted in to receive, all delivered through MailerLite
• To process refunds — evaluate refund requests according to our Refund Policy
• To improve our Services — analyze usage patterns, optimize the Site and Course content, conduct A/B testing, and analyze funnel performance using lead tracking identifiers
• To run advertising — use cookies and pixels for ad targeting, retargeting, conversion tracking, and audience building on Meta and Google platforms
• To comply with legal obligations — tax reporting, fraud prevention, responding to lawful requests
• To protect our rights — enforce our Terms of Service, prevent unauthorized access, protect intellectual property

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

• Contract performance (Art. 6(1)(b)) — processing necessary to deliver the webinar you registered for, the Course you purchased, provide account access, and communicate about your order
• Consent (Art. 6(1)(a)) — when you opt in to our newsletter or register for a webinar, you consent to receive email communications from us
• Legitimate interests (Art. 6(1)(f)) — website analytics, advertising (cookies and pixels), lead tracking, fraud prevention, service improvement, and direct marketing to existing customers (with opt-out)
• Legal obligation (Art. 6(1)(c)) — tax and financial reporting requirements

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

6. Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your data with the following service providers, each acting as a data processor (unless otherwise noted):

• Paddle.com Market Ltd (Merchant of Record) — processes payments, collects taxes, issues invoices. Paddle acts as an independent data controller for payment transaction data. Paddle's Privacy Policy: https://www.paddle.com/legal/privacy
• Systeme.io — hosts and delivers the Course content, manages student accounts and course progress. Systeme.io Terms: https://systeme.io/terms-and-conditions
• MailerLite — manages our email marketing subscriber list and delivers email communications to our subscribers. MailerLite is a third-party provider which may process your data using industry standard technologies to help us monitor and improve our communications. MailerLite's Privacy Policy: https://www.mailerlite.com/legal/privacy-policy. You can unsubscribe from our emails by clicking the unsubscribe link provided at the end of each message.
• EverWebinar (WebinarJam / Genesis Digital LLC) — hosts webinar presentations. Receives your email address (and name, if voluntarily provided) for webinar access and delivery.
• Google Analytics — website analytics. Data is collected in aggregated form.
• Meta (Facebook) and Google Ads — advertising platforms for ad delivery and performance measurement via pixels/tags
• Legal authorities — when required by law, court order, or to protect our legal rights

All third-party service providers are contractually obligated to process your data only as necessary to provide their services and in compliance with applicable data protection laws.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States (where MailerLite, EverWebinar, Meta, and Google operate). When such transfers occur, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission
• EU-U.S. Data Privacy Framework certification (where applicable)
• Other legally recognized transfer mechanisms

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Account and Course data (on Systeme.io) — for the duration of your account plus 3 years, or as required by law
• Email subscriber data (in MailerLite) — until you unsubscribe, plus up to 30 days for processing
• Transaction records (from Paddle) — as required by applicable tax and commercial law (typically 5–10 years in the EU)
• Refund documentation — for 1 year after refund resolution
• Lead tracking data — for the duration of your engagement with the funnel plus 12 months
• Analytics data — in aggregated/anonymized form, retained indefinitely
• Advertising audience data — managed by Meta and Google per their respective policies

9. Cookie Policy

9.1 What Are Cookies

Cookies are small text files placed on your device when you visit a website. They help the site function, improve user experience, and provide information to website operators.

9.2 Cookies We Use

Strictly Necessary Cookies — Essential for the Site to function. These include session cookies, security cookies, and load-balancing cookies. They cannot be disabled.

Analytics Cookies — We use Google Analytics to understand how visitors interact with the Site. These cookies collect information in an aggregated form, including the number of visitors, pages visited, and traffic sources.

Marketing / Advertising Cookies — We use cookies from Meta (Facebook Pixel) and Google (Google Ads Tag) to deliver targeted ads, measure ad performance, and build retargeting audiences. These cookies may track your activity across other websites.

9.3 Managing Cookies

You can control and delete cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when a cookie is being sent. Note that disabling certain cookies may affect the functionality of the Site.

To opt out of Google Analytics, install the Google Analytics Opt-Out Browser Add-on. To manage ad personalization preferences, visit Facebook's Ad Preferences (https://www.facebook.com/adpreferences) and Google's Ad Settings (https://adssettings.google.com).

For more information about cookies in general, visit www.allaboutcookies.org.

10. Your Rights

10.1 Rights Under GDPR (EEA Residents)

If you are a resident of the European Economic Area, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate or incomplete data
• Erasure — request deletion of your data ("right to be forgotten")
• Restriction — request restriction of processing in certain circumstances
• Data portability — receive your data in a structured, commonly used, machine-readable format
• Object — object to processing based on legitimate interests, including direct marketing
• Withdraw consent — withdraw previously given consent at any time

To exercise any of these rights, contact us at privacy@thezerofog.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

10.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the CCPA/CPRA:

• Right to know — request disclosure of the categories and specific pieces of personal information we have collected
• Right to delete — request deletion of personal information we have collected
• Right to correct — request correction of inaccurate personal information
• Right to opt out of sale/sharing — see Section 11 below
• Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights

We do not knowingly sell or share the personal information of consumers under 16 years of age.

11. Do Not Sell or Share My Personal Information

We do not sell your personal information in exchange for monetary consideration.

However, under the CCPA/CPRA, the use of advertising cookies and pixels (such as the Meta Pixel and Google Ads Tag) may constitute "sharing" of personal information with third-party advertising platforms for the purpose of cross-context behavioral advertising.

You have the right to opt out of this sharing. To exercise this right, you may:

• Disable advertising/marketing cookies through your browser settings
• Use the opt-out tools provided by each advertising platform (Facebook Ad Preferences, Google Ad Settings)
• Send an opt-out request to privacy@thezerofog.com with the subject line "Do Not Sell or Share My Data"

Upon receiving a verified opt-out request, we will cease sharing your personal information with advertising platforms within 15 business days.

12. Children's Privacy

The Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a person under 18, we will take steps to delete such data promptly.

13. Email Communications and CAN-SPAM Compliance

When you provide your email through our webinar registration or newsletter opt-in, you consent to receive email communications from us via MailerLite. All marketing emails include a clear unsubscribe mechanism. We honor unsubscribe requests within 10 business days, as required by the CAN-SPAM Act. Transactional emails (purchase confirmations, access credentials, refund communications) may still be sent as necessary for service delivery.

14. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encrypted data transmission (TLS/SSL), secure hosting infrastructure, limited access controls, and regular security reviews. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will post the revised policy on the Site with an updated "Last Updated" date. We encourage you to review this policy periodically. Your continued use of the Services after changes are posted constitutes your acceptance of the updated policy.

16. Contact Us

For questions, requests, or complaints regarding this Privacy Policy or the processing of your personal data, please contact:

Email: privacy@thezerofog.com
Entity: Dmitrii Sharonov
Location: Barcelona, Spain

For EU data protection inquiries, you may also contact your local supervisory authority. For Spain: Agencia Española de Protección de Datos (AEPD), https://www.aepd.es.