Privacy policy
Who we are
This Privacy Policy explains how Sara Fachetti/Growth & Gold LLC (“we,” “us,” “our”) collects, uses, and shares personal information when you visit our website, purchase courses or memberships, or use coaching and Q&A services. The data controller for this site is Sara Fachetti/Growth & Gold LLC, reachable at admin@sarafachetti.com.
What we collect
We collect information you provide directly (for example, name, email, billing address, messages, Q&A submissions) and information collected automatically (for example, IP address, device and usage data, and cookies/analytics). If you create a customer account to access member areas or courses, the account data and access records are processed to provide your purchased content.
How we use your information
We use personal information to provide and improve courses and memberships, process payments, deliver Q&A digests, send service and marketing emails if you opt in, secure the site, and comply with legal obligations. Where required, we rely on consent (for example, marketing emails), performance of a contract (for example, course access), legitimate interests (for example, site security), and legal duties as our lawful bases.
Cookies and analytics
We use cookies and similar technologies for essential functions, performance, and analytics to understand usage and improve content. You can control non‑essential cookies through your browser or device settings, but doing so may affect some site features.
Emails and newsletters (Flodesk)
If you subscribe to emails or Q&A digests, your email address and engagement data are processed by our email provider to deliver messages and manage preferences. Flodesk acts as our processor/service provider and handles data under its privacy and data processing terms, which limit use to providing the service and complying with applicable privacy laws.
Payments and processors (Squarespace/Stripe)
We use integrated payment processors to accept card or other payments for courses, memberships, and services, and these providers may collect and process your payment details directly. Stripe’s privacy policy explains how it processes personal data as controller and/or processor, including rights and choices available to you. Squarespace’s policies describe the personal information it processes in connection with hosted sites and Squarespace‑controlled information.
Sharing your information
We share personal information with service providers that help us operate our site and services (for example, hosting, email delivery, payments, analytics, and security) under contracts that restrict use to providing services to us. We may also share information to comply with law, enforce our terms, protect rights and safety, or in connection with a business transaction, where permitted.
International transfers
If your information is transferred outside your country, we implement appropriate safeguards consistent with applicable law to protect your data during international transfers. These safeguards may include standard contractual clauses or other legally recognized transfer mechanisms where required.
Data retention
We keep personal information only as long as necessary for the purposes described here, to comply with legal obligations, and to resolve disputes, then delete or anonymize it according to our retention schedules. Clear retention periods by data type support compliance with privacy principles and reduce over‑retention risk.
Security
We use administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, loss, or misuse, and we review controls periodically. Online payments and sensitive data are protected by the security measures of the payment provider, including encryption and industry controls described in the provider’s documentation.
Your rights (GDPR/UK GDPR)
Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing of your personal data, and to data portability, subject to conditions. Where processing is based on consent, you can withdraw consent at any time without affecting prior lawful processing. You also have the right to complain to your data protection authority if you believe your rights were infringed.
California privacy rights (CCPA/CPRA)
California residents have rights to know, access, and delete personal information, to opt out of sale or sharing of personal information (including via opt‑out signals), and to non‑discrimination for exercising these rights. CPRA also adds rights to correct personal information, limit use of sensitive personal information, and access information about automated decision‑making, subject to regulations.
Children’s privacy
Our services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete it as required by COPPA.
How to exercise your choices
You can unsubscribe from marketing emails using the link in our messages or by contacting us, and you can manage cookies through your device settings. To exercise GDPR or California privacy rights, please contact us at admin@sarafachetti.com with your request and the email associated with your account, and we will verify and respond within the timeframes required by law.
Third‑party sites and links
Our site may link to third‑party websites or services that operate independently, and their privacy practices are governed by their own policies. Please review those policies to understand how they collect and use your information.
Changes to this policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements, and we will note the effective date and provide notice of material changes as appropriate. Your continued use of the site after an update means you accept the revised policy.
Contact us
If you have questions about this Privacy Policy or our data practices, contact Sara Fachetti/Growth & Gold LLC at admin@sarafachetti.com. You may also contact your local data protection authority regarding unresolved concerns.
Effective date: November 8, 2025