Privacy Policy

Effective Date: April 1, 2026 • Last Updated: April 1, 2026

Kincaid and Le Companies LLC, an Oklahoma limited liability company ("Company," "we," "us," or "our"), operates the website located at kincaidandle.com and all related subdomains, applications, and services (collectively, the "Services"). This Privacy Policy describes how we collect, use, disclose, retain, and protect your personal information in connection with the Services, and explains your rights and choices regarding that information.

By accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, you must discontinue use of the Services immediately.

1. Definitions

• "Personal Information" means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.
• "Processing" means any operation performed on Personal Information, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, erasure, or destruction.
• "Data Subject" means the identified or identifiable natural person to whom the Personal Information relates.

2. Information We Collect

2.1 Information You Provide Directly

Category	Examples	Purpose
Account & Identity	Name, email address, username, password	Account creation, authentication, communications
Transaction	Purchase history, product selections, order amounts	Order fulfillment, customer support, accounting
Communication	Email correspondence, support tickets, newsletter subscriptions	Customer service, marketing (with consent)
Tool Input	Text content submitted to AI-powered tools	Real-time processing; not stored after session

2.2 Information Collected Automatically

Category	Examples	Purpose
Device & Browser	IP address, browser type and version, operating system, screen resolution	Security, analytics, compatibility
Usage	Pages visited, products viewed, click patterns, time on site, referral source	Service improvement, analytics
Session	Session identifiers, authentication tokens	Maintaining login state, security

2.3 Information We Do NOT Collect

• We do not store full credit card numbers, CVV codes, or bank account details. All payment data is processed exclusively by our PCI DSS Level 1 compliant payment processors (Stripe, Inc. and Paddle.com Market Limited).
• We do not collect biometric data, geolocation data, or data from social media profiles unless you voluntarily provide it.
• We do not store content submitted to our AI-powered tools beyond the duration of real-time processing.

3. Legal Bases for Processing (GDPR)

For Data Subjects in the European Economic Area (EEA), United Kingdom (UK), and Switzerland, we process Personal Information on the following legal bases:

• Contract Performance (Art. 6(1)(b) GDPR): Processing necessary to fulfill purchases and deliver digital products.
• Legitimate Interest (Art. 6(1)(f) GDPR): Processing for analytics, fraud prevention, service improvement, and security, where our interests do not override your fundamental rights.
• Consent (Art. 6(1)(a) GDPR): Processing for marketing communications and newsletter subscriptions. You may withdraw consent at any time.
• Legal Obligation (Art. 6(1)(c) GDPR): Processing required to comply with tax, accounting, and regulatory obligations.

4. How We Use Your Information

1. Order Fulfillment: To process purchases, generate secure download links, verify payments, and deliver digital products.
2. Service Delivery: To provide AI-powered tools, maintain your account, and authenticate sessions.
3. Customer Support: To respond to inquiries, resolve disputes, and provide technical assistance.
4. Marketing: To send promotional emails and newsletters, only with your explicit opt-in consent. Every marketing communication includes an unsubscribe mechanism.
5. Analytics & Improvement: To analyze usage patterns, improve products and user experience, and develop new features.
6. Security & Fraud Prevention: To detect, investigate, and prevent fraudulent transactions, unauthorized access, and abuse of our Services.
7. Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.

5. Information Sharing and Disclosure

We do not sell, rent, lease, or trade your Personal Information to any third party for monetary or other valuable consideration.

We may disclose Personal Information to the following categories of recipients, solely for the purposes described:

5.1 Service Providers (Data Processors)

Provider	Purpose	Data Shared
Stripe, Inc.	Payment processing	Name, email, transaction amount (payment card data handled exclusively by Stripe)
Paddle.com Market Limited	Payment processing, tax compliance	Name, email, transaction amount, country
Cloudflare, Inc.	CDN, DDoS protection, DNS	IP address, request headers (per Cloudflare privacy policy)
OpenRouter / AI model providers	AI tool processing	Text content submitted to tools only; no names, emails, or identifying data

All service providers are contractually obligated to process data only on our instructions and to implement appropriate technical and organizational security measures.

5.2 Legal Disclosures

We may disclose Personal Information if required to do so by law or in good faith belief that such action is necessary to: (a) comply with a legal obligation, subpoena, court order, or governmental request; (b) protect and defend our rights or property; (c) prevent fraud or investigate potential violations of our Terms of Service; (d) protect the personal safety of users or the public.

5.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, reorganization, or sale of all or a portion of our assets, Personal Information may be transferred to the acquiring entity. We will provide notice before Personal Information becomes subject to a different privacy policy.

6. Data Security

We implement and maintain administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, alteration, disclosure, or destruction. These include but are not limited to:

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
• Encryption at Rest: Sensitive data stored on our servers is encrypted using AES-256 or equivalent encryption.
• Payment Security: All payment processing is handled by PCI DSS Level 1 compliant processors. We never receive, process, or store full payment card data.
• Access Controls: Access to Personal Information is restricted to authorized personnel on a need-to-know basis.
• Security Headers: Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), X-Frame-Options (DENY), X-Content-Type-Options (nosniff), and X-XSS-Protection headers are enforced on all pages.
• Download Security: Product download links are cryptographically signed using HMAC-SHA256 with automatic expiration (24 hours).
• Rate Limiting: Request rate limits are enforced to prevent brute-force attacks and abuse.
• DDoS Protection: All traffic is routed through Cloudflare's web application firewall.

While we strive to protect your Personal Information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

7. Cookies and Tracking Technologies

7.1 Cookies We Use

Cookie Type	Purpose	Duration
Essential/Session	Maintain login state, shopping cart, CSRF protection	Session (deleted when browser closes)
Cloudflare (__cf_bm)	Bot detection, DDoS protection	30 minutes

7.2 Cookies We Do NOT Use

• We do not use third-party advertising or retargeting cookies.
• We do not use Google Analytics, Facebook Pixel, or similar cross-site tracking technologies.
• We do not participate in ad networks or sell cookie data.

8. Data Retention

Data Category	Retention Period	Justification
Transaction records	7 years from transaction date	Tax and accounting compliance (IRS requirements)
Account information	Duration of account + 30 days after deletion request	Service provision; grace period for account recovery
Email subscriptions	Until unsubscribe	Consent-based; immediately removed upon opt-out
Server logs	90 days	Security monitoring and incident investigation
AI tool submissions	Not retained	Processed in real-time only; not stored
Support correspondence	3 years from last communication	Customer service quality and dispute resolution

9. Your Rights

9.1 Rights Under GDPR (EEA/UK/Switzerland Residents)

• Right of Access (Art. 15): Obtain confirmation of whether we process your data and request a copy.
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten"), subject to legal retention requirements.
• Right to Restriction (Art. 18): Request that we limit the processing of your data in certain circumstances.
• Right to Data Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format (JSON or CSV).
• Right to Object (Art. 21): Object to processing based on legitimate interests, including direct marketing.
• Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: File a complaint with your local Data Protection Authority.

9.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of Personal Information we have collected about you, the sources, the business purposes, and the categories of third parties with whom we share it.
• Right to Delete: Request deletion of your Personal Information, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate Personal Information.
• Right to Opt-Out of Sale/Sharing: We do not sell or share your Personal Information as defined by the CCPA/CPRA. No opt-out is necessary.
• Right to Non-Discrimination: We will not discriminate against you for exercising any CCPA/CPRA rights.
• Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined by the CPRA.

To exercise any CCPA/CPRA rights, contact us using the information in Section 14. We will verify your identity before processing requests. You may designate an authorized agent to make requests on your behalf.

9.3 Rights Under Other Jurisdictions

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with privacy laws may have similar rights. Contact us to exercise applicable rights.

9.4 How to Exercise Your Rights

Submit requests to [email protected] with the subject line "Privacy Rights Request." We will respond within 30 days (or 45 days with notice of extension for complex requests). There is no fee for exercising your rights.

10. International Data Transfers

Our Services are operated from the United States. If you access the Services from outside the United States, your Personal Information will be transferred to and processed in the United States, which may have data protection laws that differ from your jurisdiction. By using the Services, you consent to this transfer. For EEA/UK/Swiss Data Subjects, transfers are made pursuant to Standard Contractual Clauses (SCCs) approved by the European Commission or other lawful transfer mechanisms.

11. Children's Privacy

Our Services are not directed to, and we do not knowingly collect Personal Information from, children under the age of 13 (or under 16 in the EEA). If we become aware that a child has provided us with Personal Information without parental consent, we will take immediate steps to delete such information. If you believe a child has provided us with data, please contact us at [email protected].

12. Third-Party Links and Services

Our Services may contain links to third-party websites, products, or services. We are not responsible for the privacy practices, content, or security of any third-party sites. This Privacy Policy applies solely to information collected through our Services. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. Material changes will be communicated by: (a) posting the updated policy on this page with a revised "Last Updated" date; and (b) sending email notification to registered users for significant changes. Your continued use of the Services after the effective date of changes constitutes acceptance of the revised Privacy Policy. If you do not agree with the changes, you must discontinue use and request account deletion.

14. Contact Information

For questions, concerns, or requests related to this Privacy Policy or our data practices:

Kincaid and Le Companies LLC
Data Protection Contact: Andrew Kincaid
Email: [email protected]
Website: https://kincaidandle.com

We aim to respond to all legitimate inquiries within 30 days. If you feel your concern has not been adequately addressed, you may have the right to lodge a complaint with your local data protection authority.