Privacy Policy

Effective date: May 13, 2026 Last updated: May 13, 2026 Operator: GoldIRADecoder ("we," "us," "our") — operated by Niko Polydorou Contact: privacy@goldiradecoder.com

Plain-English summary (not part of the policy itself): We collect as little as we can get away with. The free Decoder doesn't ask for anything. If you give us your email for the PDF guide, we'll only ever share your contact with one Gold IRA company — the specific one you choose, and only if you check the consent box. We don't sell lists. You can delete everything by emailing us.

1. What this policy covers

This Privacy Policy describes how GoldIRADecoder ("we," "us," "our") collects, uses, shares, and protects personal information when you visit goldiradecoder.com (the "Site") or use any of our services (collectively, the "Services"). It applies to all visitors, registered users, and Lifetime members.

This policy does not apply to information collected by third-party services we link to or that you visit through our affiliate links. Those services have their own privacy policies, and you should review them before submitting any information.

2. Information we collect

2.1 Information you provide directly

• Decoder input (free tier, Tier 0): the quote text, screenshot, or fields you submit for analysis. We process this in memory to generate your result. We do not store the quote content beyond the duration needed to generate and display the result. A short-lived session ID is retained for up to 30 days for abuse prevention.
• PDF guide opt-in (Tier 1): your first name, last name, email address, phone number (optional), and your explicit consent to be contacted by one specific Gold IRA company you have chosen.
• Lifetime account (Tier 2): your email address and a password (or magic-link authentication), payment method information processed by Stripe (we do not store full card numbers), and any quotes you choose to save in your account.
• Communications: messages you send to hello@goldiradecoder.com, support@goldiradecoder.com, or any other email address we publish.

2.2 Information collected automatically

• Usage analytics via Plausible (privacy-focused, no cookies, no personal information) and PostHog (anonymous session analytics; may use cookies). We do not use Google Analytics or Facebook Pixel.
• Technical information: IP address, browser type, operating system, referring page, pages visited, time of visit. Used for security, fraud prevention, and aggregate analytics.
• Cookies: see Section 7 (Cookies).

2.3 Information from third parties

• Stripe (payment processor): when you purchase Lifetime access, Stripe shares with us the outcome of the transaction (success, failure, refund) and a customer ID. Stripe does not share your full card number with us.
• Affiliate networks: when you click an affiliate link and sign up with a partner, the partner may notify us of the conversion event so we can credit the commission. We do not receive your personal information from the partner unless you have separately consented to that with the partner.

3. How we use your information

We use personal information only for the purposes described below:

• To provide the Services: generate your Decoder result, deliver the PDF guide you requested, maintain your Lifetime account, save your quotes, send you transactional emails (receipt, password reset, etc.).
• To route you to a Gold IRA partner: only when you have explicitly chosen a specific partner and consented to the connection.
• To improve the Decoder: anonymized, aggregated analysis of how users interact with the tool. We do not use individual quote content to train AI models.
• To send you marketing emails (only if you opt in to our newsletter, separate from the PDF guide): updates on new reviews, methodology changes, and the occasional educational article. You can unsubscribe at any time via the link in every email.
• To prevent fraud and abuse: rate limiting, security monitoring, blocking malicious actors.
• To comply with legal obligations: respond to lawful requests from regulators or law enforcement, enforce our Terms of Service.

4. How we share your information

We do not sell your personal information. Period.

We share personal information only in these specific circumstances:

4.1 With Gold IRA partners (only with your explicit consent)

When you opt in to be matched with a Gold IRA company through the PDF guide form, we will share your name, email, and phone (if provided) with one specific company you have selected, and only that one. The consent language at the form will name the specific company. You can revoke this consent at any time by emailing privacy@goldiradecoder.com.

We do not engage in "lead resale" or "blanket consent" practices. We will not share your contact with multiple companies under a single consent.

4.2 With service providers who help us operate

These vendors process information on our behalf under contractual data-protection obligations and are not permitted to use your information for their own purposes:

| Vendor | Purpose | Data shared | |---|---|---| | Vercel | Site hosting | All Site traffic | | Supabase | Database and authentication | Account data, saved quotes (Lifetime users) | | Anthropic | Decoder AI analysis (Claude API) | Decoder input text/images during the analysis call only — not retained by us or by Anthropic for training | | Stripe | Payment processing for Lifetime tier | Email, transaction details (Stripe handles card data directly) | | Resend | Transactional + marketing email delivery | Email address, name, message content | | Plausible | Privacy-focused, cookie-free analytics | Aggregate usage only, no personal data | | PostHog | Product analytics | Anonymous session data; may use cookies (see Section 7) | | Namecheap / Google Workspace | Domain and inbox infrastructure | Email correspondence with us |

4.3 For legal or safety reasons

We may disclose personal information if required by valid legal process, to protect the rights, property, or safety of GoldIRADecoder, our users, or others, or to investigate fraud or security incidents.

4.4 Business transfers

If GoldIRADecoder is acquired, merged with another company, or sells substantially all of its assets, your personal information may be transferred to the acquiring entity, subject to the same protections in this policy. We will notify you by email if this happens.

5. Your rights and choices

Depending on where you live, you may have specific legal rights over your personal information. Regardless of jurisdiction, the rights below are available to all users of GoldIRADecoder:

• Access: request a copy of the personal information we hold about you.
• Correction: ask us to correct inaccurate information.
• Deletion: ask us to delete your personal information. We will comply within 30 days, except where we are required to retain certain records for legal purposes (e.g., financial records related to a Lifetime purchase).
• Opt-out of marketing: unsubscribe from any marketing email at any time using the link in the email.
• Revoke partner consent: if you previously consented to being matched with a Gold IRA company, you can revoke that consent at any time by emailing privacy@goldiradecoder.com. We will notify the partner of your revocation.
• Data portability: request your saved quotes and account data in a machine-readable format.
• Lodge a complaint: you can contact your local data-protection authority if you believe we have mishandled your information.

To exercise any of these rights, email privacy@goldiradecoder.com. We will verify your identity before fulfilling sensitive requests (e.g., deletion, data export).

5.1 California residents (CCPA/CPRA)

In addition to the rights above, California residents have the right to know what personal information we have collected, the categories of sources, the categories of third parties we have shared it with, and the business purpose. We have provided this information in Sections 2, 3, and 4 above.

You also have the right to opt out of the "sale" or "sharing" of your personal information. We do not sell or share personal information for cross-context behavioral advertising. You can submit a verifiable request via privacy@goldiradecoder.com.

We do not knowingly collect personal information from minors under 16. If you believe we have, contact us and we will delete it.

5.2 EU/UK residents (GDPR)

If you are in the EEA or UK, our legal bases for processing your information are: (a) consent (for marketing emails, partner matching, optional analytics cookies); (b) contract performance (for Lifetime accounts and Decoder usage); (c) legitimate interests (for security, fraud prevention, aggregate analytics — balanced against your rights). You can object to processing based on legitimate interests at any time.

6. Data retention

• Decoder inputs: not retained beyond the analysis session, except a session ID for up to 30 days for abuse prevention.
• Lead capture data (PDF guide opt-ins): retained for the duration of your relationship with us, plus 24 months after your last interaction, then deleted unless you have purchased Lifetime.
• Lifetime account data: retained for the life of your account. If you delete your account, we retain transaction records for 7 years to comply with financial record-keeping requirements.
• Email correspondence: retained for 24 months for support history.
• Aggregate analytics: retained indefinitely in anonymized form.

7. Cookies and tracking

We use a minimal cookie set:

• Strictly necessary: session cookies for Lifetime account login. Cannot be disabled without breaking site functionality.
• Analytics: PostHog uses cookies for session analytics. Plausible does not use cookies.
• No advertising or behavioral cookies. We do not run targeted advertising.

You can control cookies through your browser settings. Disabling analytics cookies will not affect Decoder functionality.

8. Security

We use commercially reasonable security measures, including TLS encryption in transit, encrypted storage at rest (Supabase + Vercel + Stripe handle this in their infrastructure), and access controls limiting personal information to authorized personnel.

No system is 100% secure. If we discover a security incident affecting your personal information, we will notify you in accordance with applicable law.

9. International data transfers

Our service providers (Vercel, Anthropic, Stripe, Supabase, Resend, etc.) are based in the United States. If you access the Site from outside the U.S., your information will be transferred to and processed in the U.S. By using the Services, you consent to this transfer.

For EU/UK users, our service providers operate under Standard Contractual Clauses or equivalent transfer mechanisms.

10. Children's privacy

GoldIRADecoder is not directed to children under 16. We do not knowingly collect personal information from anyone under 16. If you believe we have, contact us at privacy@goldiradecoder.com and we will delete it promptly.

11. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes (e.g., new categories of data collection, new partners) will be communicated by email to registered users and via a prominent notice on the Site. Continued use after the change constitutes acceptance.

12. Contact us

For privacy questions, requests, or complaints:

Email: privacy@goldiradecoder.com Operator: Niko Polydorou Mailing address: [TO BE ADDED — required for CCPA compliance]

This policy is provided in plain English to be readable. It is intended to be legally enforceable against us and to give you clear rights. If any provision is unclear, contact us — we'd rather rewrite the section than have you confused.