Privacy Policy

Effective date: [EFFECTIVE_DATE] · Last updated: [EFFECTIVE_DATE]

---

A brief note before the legal stuff

We wrote this document to be clear, not clever. If anything here feels confusing, write to us at legal@evilin.me and we'll explain in plain language.

---

1. Who we are

This Privacy Policy describes how EVILIN LLC ("we," "us," or "our"), a limited liability company registered in Wyoming, United States, collects, uses, and protects your personal information when you use our website at evilin.me (the "Site") and our products and services (collectively, the "Services").

Contact: hi@evilin.me
Privacy inquiries: legal@evilin.me

2. Information we collect

2.1 Information you provide to us

• Email address – when you subscribe to our mailing list, create an account, or make a purchase
• Order information – your name, shipping address, and billing details when you purchase products directly through our Site
• Communications – any information you share when you contact us via email or web forms
• Contact form submissions – when you use our contact form, we collect your name, email, category of inquiry, and message. This information is used solely to respond to your inquiry. Messages are routed to the relevant team address and are not stored in a database. We keep email correspondence for as long as needed to respond and follow up.

2.2 Information collected automatically

• Device and usage data – your IP address, browser type, operating system, pages visited, time spent on the Site, referring URLs
• Cookies and similar technologies – small data files stored in your browser; see Section 7 for details

2.3 Information from third parties

• Payment processors – when you buy from us, our payment providers (such as Paddle or Stripe) share limited transaction data with us, such as confirmation that payment was completed. We do not receive or store your full payment card details.
• Analytics providers – aggregated data about Site usage

2.4 What we do NOT collect

• We do not collect entries you write in your physical journal. That information stays with you, on paper.
• We do not collect sensitive categories of data such as health information, political opinions, or religious beliefs.
• We do not knowingly collect information from children under 16.

3. How we use your information

We use your information to:

• Send you emails you signed up for (waitlist updates, product announcements, periodic reflections)
• Fulfill orders and provide customer support
• Operate, maintain, and improve the Site and Services
• Detect and prevent fraud, abuse, or security incidents
• Comply with legal obligations
• With your separate consent, offer you early access to new products such as our upcoming digital companion service

We do not sell your personal information. We do not rent or trade email lists to third parties.

4. Legal bases for processing (GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, we process your personal information on the following legal bases:

• Consent – for marketing emails, optional analytics, and optional cookies. You can withdraw consent at any time.
• Contract – to fulfill orders you place with us
• Legitimate interests – to operate and secure our Site, prevent fraud, and communicate with you about your orders
• Legal obligation – to comply with applicable laws (tax, accounting)

5. Sharing your information

We share your information only with:

• Service providers who help us operate the business, under contractual confidentiality obligations, including:
  • Email service provider (currently: ConvertKit / Kit)
  • Payment processors (currently: Paddle and/or Stripe)
  • Print-on-demand and fulfillment partners (such as Lulu Direct or IngramSpark) when you place a direct order
  • Website hosting and analytics providers
• Amazon – if you purchase our products on Amazon, your order is handled entirely by Amazon under their own privacy policy
• Authorities – when required by law, subpoena, or court order
• Successors – in connection with a merger, acquisition, or sale of assets, with notice to you

6. International data transfers

We are based in the United States, and our service providers may be located in different countries. When we transfer personal data from the European Economic Area, United Kingdom, or Switzerland to a country without an adequacy decision, we rely on Standard Contractual Clauses or another valid transfer mechanism.

7. Cookies and tracking technologies

We use a minimal number of cookies:

• Essential cookies – necessary for the Site to function (for example, remembering your cookie preferences)
• Analytics cookies – help us understand how visitors use the Site, only loaded after you consent (where required)
• Functional cookies – remember your preferences

We do not use cross-site advertising trackers or third-party marketing pixels without your consent. You can control cookies through your browser settings.

8. Data retention

• Email subscribers – we keep your email until you unsubscribe, plus a short period for legal compliance
• Order records – we keep order records for as long as required by applicable tax and accounting law (typically 5-7 years in the US)
• Website analytics – we retain aggregated, non-identifying data indefinitely

9. Your rights

Depending on where you live, you may have rights to:

• Access – request a copy of the personal information we hold about you
• Correct – ask us to fix inaccurate information
• Delete – ask us to delete your information, subject to legal exceptions
• Object – object to certain processing activities
• Restrict – ask us to limit how we process your information
• Portability – receive a copy of your data in a machine-readable format
• Withdraw consent – withdraw any consent you previously gave
• Lodge a complaint – file a complaint with your local data protection authority

To exercise these rights, email us at legal@evilin.me. We will respond within the timeframes required by applicable law (typically 30 days).

Additional rights for California residents (CCPA/CPRA)

California residents may also have the right to:

• Know what personal information we collect and why
• Opt out of the sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising)
• Limit the use of sensitive personal information (we do not collect any)
• Not be discriminated against for exercising your privacy rights

To make a request, email legal@evilin.me.

10. Security

We use reasonable technical and organizational measures to protect your information, including encryption in transit (HTTPS), access controls, and vendor due diligence. No system is perfectly secure, and we cannot guarantee absolute security. If a data breach occurs that affects your personal information, we will notify you in accordance with applicable law.

11. Children's privacy

Our Services are not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided us with personal information, please contact legal@evilin.me and we will promptly delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify subscribers by email and update the "Last updated" date at the top of this page. Continued use of the Site after changes means you accept the updated policy.

13. Contact

Questions, requests, or concerns?

• Email: legal@evilin.me

---

This Privacy Policy is provided for informational purposes. If anything in here is unclear, please contact us.