Loading...

Privacy Policy

Effective Date: April 27, 2026

This Privacy Policy explains how Sidekick Pro LLC ("Sidekick Pro," "we," "us," or "our") collects, uses, and protects your personal information when you use the Sidekick Pro platform, including our website, community forums, educational services, and all related applications (collectively, the "Platform").

We believe in being straightforward about what data we collect and why. We do not sell your personal information. We do not use advertising networks or third-party tracking services. Your privacy matters, especially in a community like ours.

Contents

  1. Information We Collect
  2. How We Use Your Information
  3. Sensitive Personal Information
  4. Your Identity and Anonymity
  5. Cookies and Session Data
  6. Connected Sidekick Pro Services
  7. User-Generated Content
  8. Data Sharing and Third-Party Services
  9. Law Enforcement and Government Requests
  10. Data Retention
  11. Your Rights and Choices
  12. Additional Rights for California Residents
  13. Age Requirement
  14. Data Breach Notification
  15. Security
  16. International Visitors
  17. Changes to This Policy
  18. Contact Us

1. Information We Collect

Account Information

When you create an account, you authenticate through our central identity service. Through this process, we receive and store:

  • Email address -- used for account identification and essential communications
  • Display name -- the name you choose to show other community members (we do not collect your real name)
  • User identifier -- a unique internal ID that links your forum account to your login account

Platform Activity

When you use the Platform, we collect:

  • Posts and comments -- the content you write in forum discussions
  • Discussion topics -- threads you create
  • Interaction data -- such as which topics you view, post timestamps, and forum categories you participate in

Automatically Collected Information

Like most websites, our servers automatically record certain information when you visit:

  • IP address
  • Browser type and version (user agent string)
  • Pages visited and time spent
  • Referring URL (the page that sent you here)
  • Date and time of access

This information is collected through standard web server logs and is used for security monitoring, troubleshooting, and understanding general usage patterns. We do not use third-party analytics services such as Google Analytics. All fonts, icons, and code libraries are self-hosted on our servers — your browser does not load resources from third-party content delivery networks when using our Platform.

Information We Do Not Collect

We want to be clear about what we do not collect:

  • We do not collect or store your real name. Your display name is the only name associated with your account.
  • We do not collect payment or financial information on the Platform
  • We do not use advertising trackers or third-party analytics
  • We do not collect location data beyond what is present in your IP address

2. How We Use Your Information

We use the information we collect to:

  • Operate the Platform -- display your posts, manage your account, and keep the community running
  • Authenticate your identity -- verify you are who you say you are when you sign in
  • Maintain security -- detect and prevent abuse, spam, and unauthorized access
  • Moderate content -- review user-generated content for compliance with our Community Guidelines
  • Send essential communications -- account-related notifications such as password resets or security alerts (sent through our central login service)
  • Enforce our policies -- investigate potential violations of our community guidelines and terms of service
  • Improve the platform -- understand usage patterns to fix bugs and make the Platform better

We do not use your information for targeted advertising. We do not build behavioral profiles for marketing purposes. We do not use sensitive personal information to infer characteristics about you.

3. Sensitive Personal Information

We recognize that participation in our community may reveal or imply sensitive personal information about you, including information related to your lifestyle, relationship preferences, or sexual orientation. Under the California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), and Texas Data Privacy and Security Act (TDPSA), this type of information is classified as sensitive personal information and receives heightened protections.

Our Commitments Regarding Sensitive Data

  • We limit our use of sensitive personal information strictly to what is necessary to provide and operate the Platform. We do not use it for any secondary purpose.
  • We do not infer characteristics about you based on your community membership or activity.
  • We do not sell or share sensitive personal information with third parties for any purpose beyond operating the Platform.
  • We do not build profiles based on your lifestyle preferences, relationship status, or any sensitive data derived from your participation.
  • You have the right to limit our use and disclosure of your sensitive personal information. Because we already limit our use to what is necessary to operate the Platform, we believe we meet this standard by default. If you have concerns, contact us.

Consent

Several state privacy laws require explicit, opt-in consent before processing sensitive personal information. When you create an account, you agree to this Privacy Policy as a condition of registration. By doing so, you provide the explicit, opt-in consent required under applicable state privacy laws for us to collect and process the sensitive personal information described in this section, strictly for the purposes of operating the Platform. You may withdraw your consent at any time by deleting your account.

4. Your Identity and Anonymity

We recognize that many members of our community prefer to keep their participation private. We have designed the Platform with anonymity and pseudonymity in mind.

Display Names

  • You are not required to use your real name. You may use any display name that complies with our Community Guidelines.
  • We strongly recommend choosing a display name that is not connected to your real identity or to usernames you use on other platforms.
  • Your display name is the only name visible to other community members.

What Other Members Can See

  • Your display name and profile photo (if you choose to upload one)
  • Your profile biography and other information you explicitly choose to share
  • Content you post in community areas (forums, discussions)
  • Your join date and activity statistics (post count, etc.)

What Other Members Cannot See

  • Your email address
  • Your real name (we do not collect it)
  • Your IP address or location
  • Your browsing activity or which topics you have viewed
  • Your login times or session information

What We Will Never Do

  • We will never publicly confirm or deny whether a specific person is a member of our community.
  • We will never sell or provide member lists to any third party.
  • We will never require you to verify your identity with government-issued identification unless legally required to do so.
  • We do not collect or store your real name — only your chosen display name is associated with your account.

Discreet Communications

Emails from us are sent from a business name that does not explicitly reference the nature of our community. We make reasonable efforts to keep email subject lines and content discreet. We recommend creating a separate email address for your account if you share email access with others.

5. Cookies and Session Data

What Are Cookies?

Cookies are small text files stored on your device by your web browser. We use cookies to keep you signed in and to make the Platform work properly.

Cookies We Use

Cookie Type Purpose Required?
Authentication Keeps you signed in as you browse the Platform. Shared across Sidekick Pro services so you only need to sign in once. Yes
Session Stores temporary session data (such as anti-forgery tokens) needed for security and form submissions. Yes
Anti-Forgery Protects against cross-site request forgery attacks when you submit forms. Yes

All cookies we use are essential cookies -- they are necessary for the Platform to function. We do not use marketing cookies, advertising cookies, or third-party tracking cookies.

Session Storage

Your session data is stored securely in our database (not in the cookie itself). The cookie on your device contains only a session identifier. Session data is automatically removed when it expires.

Browser Privacy Signals

We do not sell or share your personal information for advertising purposes and do not engage in targeted advertising. Our data practices are consistent with what a Global Privacy Control (GPC) signal would request under applicable state privacy laws — we already do not sell or share personal information regardless of whether a GPC signal is present. If we introduce any feature in the future that would be subject to a GPC opt-out, we will update this policy and detect the signal at that time. We do not currently respond to "Do Not Track" (DNT) signals, as there is no accepted industry standard for DNT.

6. Connected Sidekick Pro Services

The Platform is a family of services operated by Sidekick Pro LLC. Some of your account information is shared between these services so you only have to sign in once. Other information stays inside the specific service where you created it.

Services Covered by This Policy

  • Login (login.sidekickpro.co) -- our central identity service. All sign-in, password, multi-factor authentication, and account management happens here.
  • Website (sidekickpro.co) -- our public marketing site, blog, and free resource library.
  • Forums (forums.sidekickpro.co) -- our community discussion area.
  • Play (play.sidekickpro.co) -- our digital product store (launching soon).

We may add other services to the Sidekick Pro family over time. When we do, we will update this policy to describe what they collect and how they connect to your account.

What Is Shared Across Services

When you sign in to any Sidekick Pro service, the following account information is made available to that service from the central Login service:

  • Your display name
  • Your email address (used internally as an identifier; not shown to other members)
  • Your avatar image URL (if you have one)
  • Your account status (active, suspended, etc.)
  • Whether you hold a moderator or administrator role

Your password is never shared with any service other than Login. Client services receive only a confirmation that you successfully authenticated.

What Stays Inside Each Service

Most of the information you generate lives only in the service where you created it. It is not copied to other Sidekick Pro services. For example:

  • Login stores your password (hashed), multi-factor authentication settings, and login history.
  • Website stores which free resources you have downloaded and, if you signed up for the newsletter, the email address you provided at signup (this may be different from your Login email).
  • Forums stores your forum profile (bio, signature, reputation), your posts, votes, flags, blocks, read-tracking data, and any moderation history tied to your account.
  • Play (at launch) will store your cart, order history, purchased downloads, and payment metadata. Actual payment card information is held by Stripe, not by us.

Launch Team Applications (Website)

The Website operates a launch team / Advance Reader Copy program through which readers can apply to receive pre-release copies of our books. To submit a launch team application, you must be signed in to a Sidekick Pro account. Your application is linked to that account so we can contact you about your application and any future Sidekick Pro programs you may be eligible for. If you submit a launch team application, we collect the following information:

  • Email address — how we contact you about your application and, if approved, deliver your copy.
  • Display name or handle — pseudonyms are welcome; this is the name that would appear on a public launch team recognition page if you opt in to that.
  • Country — used to route you to the correct Amazon marketplace if you are approved.
  • Lifestyle category selection — the optional multi-select describing how you participate in the community, used only for evaluating fit with the book’s audience.
  • Free-text responses — your reasons for applying, where you spend time online, and anything else you choose to tell us. You control what you write; we recommend leaving out anything you would not want associated with your handle.
  • Optional Amazon profile URL or reviewer handle — supplied only if you choose to.
  • IP address and browser user-agent string — collected at the moment you submit the form, used solely for spam prevention and security review.
  • Acknowledgments — the four checkboxes you confirm at submission (review honesty, FTC disclosure, free-copy-not-contingent-on-positive-review, and 18-or-older).

We use this information solely to evaluate your eligibility for the launch team program and to deliver your copy if approved. We do not share it with third parties, sell it, or use it for advertising. The lawful basis under applicable privacy laws is your consent, given when you submit the application.

Retention. We keep application records as follows:

  • Declined or withdrawn applications are deleted within 12 months of the decision date.
  • Waitlisted applications are kept until you are either invited or the program closes, then deleted within 12 months thereafter.
  • Approved applications are kept for the life of your participation in the launch team program plus a reasonable period afterward to maintain a record of program completion, FTC acknowledgments, and any commitments we made to you. You can request earlier deletion at any time by emailing us.
  • IP address and user-agent from the submission are deleted on the same schedule as the rest of the application record.
  • Account-deletion behavior. If you delete your Sidekick Pro account, the link between the account and the application record is cleared, but the application record itself is retained on the schedule above so we can demonstrate your acknowledgment of the FTC disclosure obligations and any program commitments. The application's email address (captured at submission time) becomes the residual identifier. If you also want the application record itself deleted, contact us; we will honor that subject to retention obligations.

You may request access to, correction of, or deletion of your application data, or withdraw your consent to our use of it, at any time by emailing [email protected]. Withdrawing consent will end your participation in the program; if you have already received a pre-release copy, withdrawal does not retroactively change the FTC disclosure obligation that attaches to any review you have already posted.

Information you provide in your application may include sensitive personal information (such as lifestyle preferences). The protections described in Sections 3 and 12 of this policy apply to that information.

Shared Sign-In Session

To keep you signed in as you move between services, we store session data in a shared database on our own servers. The cookie on your device only holds a session identifier -- your session contents live on our side, not in the cookie. This is the mechanism that makes single sign-on work across Sidekick Pro.

Account Deletion Across Services

When you delete your account through Login, Login notifies each connected service to remove or anonymize the data it holds about you. Forum posts are anonymized by default (your display name is replaced with "[deleted]") so that conversations other members participated in remain readable; you can request full content deletion instead when you submit your deletion request. See Section 11 for details.

Third-Party Processors Supporting These Services

We rely on a small number of outside providers to keep the Platform running. These providers receive only the specific information they need to perform their function and are contractually required to protect it.

  • DigitalOcean -- hosts our servers and databases. All Platform data resides on DigitalOcean infrastructure in the United States.
  • Cloudflare -- provides DNS, DDoS protection, and content delivery for our domains. Your IP address and request information pass through Cloudflare when you visit the Platform.
  • Mailjet -- delivers our transactional emails (account verification, password reset, security notifications). Mailjet receives the email address the message is being sent to and the message contents.
  • Stripe -- processes payments for Play when it launches. Stripe collects and holds your payment card information directly; we receive a transaction record and limited billing metadata, not your card number.
  • DiceBear -- generates a default avatar image for your account if you have not uploaded one. DiceBear receives a seed value derived from your account (not your email or real name) to generate the image.

Why This Matters for Our Community

We know privacy expectations in an ENM community run higher than a typical online service. Your display name is pseudonymous by design, it is the same name across every Sidekick Pro service so your identity stays consistent, and the connections between services exist only to give you one account to manage -- not to build a profile of your behavior. We do not combine data across services for advertising or marketing, and we do not share this linked account information with anyone outside the processors listed above.

7. User-Generated Content

Our community forums allow user-generated content. When you post content, please keep these points in mind:

  • Public visibility -- forum posts and discussions may be visible to anyone who visits the Forums, including people who are not signed in. Think carefully before sharing personal details in your posts.
  • Display name association -- your posts are associated with the display name you choose. We recommend using a display name that does not reveal your real identity.
  • Content sanitization -- we process user-submitted content to remove potentially harmful code (such as scripts) before displaying it. This is a security measure, not editorial control.
  • Cached content -- deleting a post removes it from our servers, but we cannot control copies that third parties may have made.

Search Engine Visibility

Some content on the Platform may be visible to search engines such as Google and Bing. Specifically:

  • Forum category pages and topic listings may appear in search engine results.
  • Individual forum posts may also appear in search results, along with the display name of the post author.
  • User profiles are not indexed by search engines.
  • Private messages are never accessible to search engines.

Important: We strongly recommend choosing a display name that is not connected to your real identity and is not used on other platforms where your identity is known. This is your most effective protection against being identified as a member of this community through search engine results.

If you want specific content removed from search engine results, contact us at [email protected]. We will submit removal requests to major search engines, though we cannot guarantee removal or control how long cached copies may remain available.

Copyright and DMCA

We comply with the Digital Millennium Copyright Act (DMCA) and have a registered designated agent for receiving copyright infringement notices. DMCA takedown and counter-notification processes may involve sharing personal information between the complainant and the accused user as required by law. See our DMCA Policy for details.

A note about community privacy: We understand that members of our community may have heightened privacy concerns. We encourage all members to respect each other's privacy and to avoid sharing other members' information outside the Forums.

8. Data Sharing and Third-Party Services

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

Service Providers

We use third-party service providers to operate the Platform, including cloud hosting, email delivery, payment processing, and search engine services. These providers access only the data necessary to perform their functions and are contractually required to protect your information.

Legal Requirements

We may disclose your information if required to do so by law or if we believe in good faith that such disclosure is necessary to:

  • Comply with a legal obligation, court order, or lawful government request
  • Protect the rights, property, or safety of Sidekick Pro, our users, or the public
  • Investigate or prevent suspected fraud, abuse, or violations of our terms
  • Report suspected child exploitation to the National Center for Missing and Exploited Children (NCMEC) or law enforcement

See Section 9 for our detailed policy on how we handle law enforcement and government requests.

Business Transfers

If Sidekick Pro LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

9. Law Enforcement and Government Requests

We may receive requests for user information from law enforcement agencies, government bodies, or through civil legal processes (such as subpoenas from attorneys in civil lawsuits). Given the sensitive nature of our community, we take these requests seriously and handle them with care.

Our Approach

  • We require valid legal process. We do not voluntarily provide user information to law enforcement or private parties without a valid subpoena, court order, or warrant. Informal requests or requests that lack proper legal authority will be declined.
  • We interpret requests narrowly. When we receive a valid legal demand, we provide only the specific information required by the request and nothing more.
  • We notify users when legally permitted. Unless we are prohibited by law (such as a court-issued gag order), we will notify you by email before disclosing your information in response to a legal request, giving you the opportunity to challenge it. If we are initially prohibited from notifying you, we will notify you when the prohibition is lifted.
  • We challenge overbroad requests. If we believe a request is overbroad, lacks proper legal authority, or does not comply with applicable law, we will challenge it.
  • Membership is not evidence of wrongdoing. Participation in a lifestyle community is legal and constitutionally protected. We will resist any request that treats community membership as evidence of criminal activity.

Types of Legal Process

Legal Process What It Can Compel
Subpoena (civil or grand jury) Basic account information (display name, email, account creation date, last login)
Court Order Basic account info + IP addresses, session logs
Search Warrant All of the above + content of posts, messages, uploaded files

Emergency Exceptions

In rare cases involving an imminent threat to life or the physical safety of any person, we may disclose information to law enforcement without prior legal process. We will limit such disclosures to what is necessary to address the emergency.

10. Data Retention

We keep your information for as long as necessary to provide our services and fulfill the purposes described in this policy:

  • Account information -- retained as long as your account is active. Deleted when you delete your account.
  • User-generated content -- retained as long as your account is active. When you delete your account, your display name is replaced with "[deleted]" and your account is disassociated from the content to preserve discussion context. If you prefer that your content also be fully deleted, you may request this when submitting your account deletion request.
  • Session data -- automatically expires and is removed after your session ends or after a period of inactivity.
  • Server logs -- retained for up to 90 days for security and troubleshooting purposes, then deleted.
  • Background job data -- temporary processing records are automatically cleaned up after completion.

We may retain certain information for longer periods when required by law (for example, to comply with tax, legal, or regulatory obligations) or to resolve disputes and enforce our agreements.

11. Your Rights and Choices

You have the following rights regarding your personal information:

Access Your Data

You can view your account information and forum posts at any time by signing in to your account. If you want a copy of additional data we hold about you, contact us at the email address below.

Correct Your Data

You can update your display name and other profile information through your account settings. To correct other information, contact us.

Delete Your Data

You can delete your account at any time through the login service. When you delete your account:

  • Your account information is permanently removed from all Sidekick Pro services
  • Your forum posts are anonymized by default (display name replaced with "[deleted]") or fully deleted upon request
  • Your session data is cleared
  • This action is irreversible

Manage Cookies

You can configure your browser to block or delete cookies. However, because we only use essential cookies, blocking them will prevent you from signing in and using authenticated features of the Platform.

Email Communications

Transactional emails (such as password resets and security alerts) are sent through our login service and cannot be opted out of while your account is active. Our email delivery service (Mailjet) may track whether you open our emails and click links within them. You can disable this tracking by configuring your email client to block remote images. We do not send unsolicited marketing emails.

12. Additional Rights for California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information. Although we may not currently meet the statutory applicability thresholds of the CCPA/CPRA, we provide these disclosures and rights to all California residents as a best practice.

Your California Privacy Rights

  • Right to Know -- you can request details about the categories and specific pieces of personal information we have collected about you in the past 12 months, the sources of that information, our business purposes for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete -- you can request that we delete the personal information we have collected about you, subject to certain exceptions allowed by law.
  • Right to Correct -- you can request that we correct inaccurate personal information.
  • Right to Limit Use of Sensitive Personal Information -- you can direct us to limit the use and disclosure of your sensitive personal information to what is necessary to provide our services. Because we already limit our use of sensitive personal information in this way (see Section 3), we meet this standard by default.
  • Right to Non-Discrimination -- we will not discriminate against you for exercising any of these rights.

Sale and Sharing of Personal Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. Because we do not sell or share personal information as defined by the CCPA/CPRA, a "Do Not Sell or Share My Personal Information" opt-out is not required. If our practices change, we will update this policy and provide appropriate opt-out mechanisms.

Sensitive Personal Information Under the CPRA

The CPRA classifies certain data as sensitive personal information (SPI), including information that reveals sexual orientation or lifestyle preferences. We recognize that participation in our community may constitute SPI under this definition.

  • We limit our use of SPI strictly to what is necessary to provide the Platform and related services.
  • We do not use SPI to infer characteristics about you.
  • We do not sell or share SPI with any third party.
  • We do not use SPI for profiling or advertising purposes.
  • You may exercise your right to limit at any time by contacting us, though our current practices already meet this standard.

How to Submit a Request

To exercise your California privacy rights, contact us at [email protected]. We will verify your identity before processing your request. We will respond within 45 days of receiving a verifiable request.

Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information:

Category Examples Business Purpose
Identifiers Email address, display name, unique user ID Account creation and authentication
Internet Activity IP address, browser type, pages visited, forum interactions Security, troubleshooting, service improvement
User-Generated Content Forum posts, comments, discussion topics Providing Platform services
Sensitive Personal Information Information implied by community membership regarding lifestyle or relationship preferences Providing Platform services (use limited to this purpose)
Application Data Email, display name, country, lifestyle preferences, written application responses, IP address Evaluating eligibility for the launch team program.

13. Age Requirement

The Platform is intended for adults only. You must be at least 18 years old to create an account or use our services.

We do not knowingly collect personal information from anyone under 18 years of age. If we learn that we have collected personal information from a person under 18, we will delete that information and terminate the associated account as quickly as possible.

If you believe that someone under 18 has created an account on our platform, please contact us immediately at [email protected].

14. Data Breach Notification

In the event of a security incident that results in unauthorized access to your personal information, we will take the following steps:

  1. Containment and Assessment. We will promptly investigate the incident, contain the breach, and assess what information was affected and the potential risk of harm.
  2. User Notification. If the breach poses a risk of harm to you, we will notify you by email as soon as possible and no later than 30 days after confirming the breach. Our notification will include:
    • A description of what happened and when
    • The categories of information involved
    • Steps we are taking to address the breach
    • Steps you can take to protect yourself (such as changing your password)
    • How to contact us for more information
  3. Regulatory Notification. We will notify the Kansas Attorney General and other applicable state regulators as required by law (K.S.A. 50-7a02). For breaches affecting residents of states with specific notification timelines, we will comply with the most protective applicable requirement.
  4. Sensitive Data Breaches. Because our Platform handles sensitive lifestyle information, we apply a broader definition of "breach" than state laws may require. If we discover unauthorized access to information that reveals your membership in or participation in our community -- even if this information is not technically covered by state breach notification statutes -- we will notify you.
  5. Ongoing Security. After any breach, we will conduct a post-incident review and implement additional safeguards as appropriate.

15. Security

We take reasonable measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encrypted connections -- all data transmitted between your browser and our servers is encrypted using HTTPS/TLS
  • Secure authentication -- we use industry-standard OpenID Connect protocols for authentication, with session data stored server-side
  • Content sanitization -- user-submitted content is processed to remove potentially malicious code before display
  • Access controls -- access to personal information is limited to authorized personnel who need it to operate and maintain the service
  • Data minimization -- we collect only the information necessary to provide the services you use

No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee absolute security.

16. International Visitors

The Platform is operated from the United States. If you are visiting from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where our servers are located and our central database is operated.

Data protection laws in the United States may differ from those in your country. By using the Platform, you consent to the transfer of your information to the United States and its processing there.

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with data protection laws that provide rights beyond those described in this policy, you may have additional rights regarding your personal data. Please contact us to discuss how we can accommodate your rights.

17. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Effective Date" at the top of this page. If we make material changes that significantly affect how we handle your personal information, we will make reasonable efforts to notify you (for example, by posting a notice on the Platform or sending an email to the address associated with your account).

For material changes that affect how we process sensitive personal information, we will seek your renewed consent where required by applicable law.

We encourage you to review this policy periodically. Your continued use of the Platform after changes are posted constitutes your acceptance of the updated policy.

18. Contact Us

If you have questions about this Privacy Policy or want to exercise any of your rights, contact us:

Sidekick Pro LLC

Email: [email protected]

Olathe, Kansas, USA

We aim to respond to all privacy-related inquiries within 30 days.

Last updated: April 27, 2026