Back to home
ORSI.COACH

Privacy Policy

Last updated: April 9, 2026

This Privacy Policy explains what personal information we collect at orsi.coach, how we use it, and the rights you have over it. It is written in plain English because we actually want you to read it. If anything here is unclear, write to us at durberrylabs@gmail.com and we will answer.

Summary

We do not run advertising. We do not build profiles of you. We do not sell or share your data. We do not use tracking pixels or analytics. We collect your name and email when you buy a coaching package, we use a scheduling tool to help you book sessions, and that is essentially the entire story. The rest of this page is the careful version for anyone who wants the full picture.

Who we are

This site is operated by Durberry Labs, LLC, a Florida limited liability company that operates orsi.coach, with a mailing address at 1000 East Island Blvd. Apt 2709, Aventura, FL, USA. We are referred to in this policy as “we,” “us,” or “Durberry Labs.” We are the “data controller” of the personal information described here, within the meaning of the EU General Data Protection Regulation (GDPR) and the UK GDPR. For any privacy question, or to exercise any right described below, contact us at durberrylabs@gmail.com or by mail at the address above.

What we collect

We collect a very small amount of personal information, and only when you do one of a few specific things.

When you purchase a coaching package.Our payment processor, Stripe, collects your name, email address, and payment details at checkout. We never see your payment card number, CVV, or bank information. Stripe handles all of that directly, and we only receive confirmation that a payment succeeded, along with your name and email. Stripe may also capture your IP address and information about your device for fraud-prevention purposes under Stripe's own privacy policy.

When you book a session.After purchase, you receive a link to our scheduling tool, which is provided by Google Calendar. Google will ask you for your name, email address, and time zone to book the session, and you may optionally add a note about what you want to discuss. We receive this booking information by email. Google's handling of this data is governed by Google's own privacy policy.

When you email us. If you contact us directly, we see your name, email address, and the contents of your message.

When you visit the site. Our website host, Vercel, records standard server logs that include IP address and basic request information. We do not use these logs to profile visitors or build marketing audiences.

How we use your information

We use your name and email to process your purchase, deliver coaching sessions, send you scheduling links and reminders, respond to questions, and follow up about future sessions if you ask us to. We use booking information to run the session you booked. We use email contents to reply to you. That is the full list.

We do not use your information for advertising, profiling, automated decision-making, or marketing to third parties. We do not train any machine learning models on your data. We do not sell or rent your data to anyone, ever.

Sub-processors

We use a small number of trusted third-party services to run the business. Each is a “sub-processor” under GDPR terminology. None of them use your data for their own purposes beyond providing their service to us.

  • Stripe, our payment processor. Stripe handles all payment processing and holds your name, email, and payment details. See stripe.com/privacy.
  • Google LLC, scheduling via Google Calendar's appointment booking feature. Google holds the booking information you enter when scheduling a session. See policies.google.com/privacy.
  • Vercel Inc., our website hosting provider. Vercel serves orsi.coach to your browser and maintains standard server logs. See vercel.com/legal/privacy-policy.

If we add a new sub-processor that handles your personal data, we will update this policy before that change takes effect for existing customers.

International data transfers

If you are located in the European Union or the United Kingdom, your personal data will be transferred to and processed in the United States, where we and our sub-processors operate. Our US-based sub-processors Stripe, Google, and Vercel are all certified under the EU-US Data Privacy Framework(and the UK extension), which the European Commission has recognized as providing an adequate level of protection for personal data transferred from the EU to the US. Where Data Privacy Framework coverage is unavailable for any reason, transfers rely on the European Commission's Standard Contractual Clauses.

Cookies

The only cookies set in your browser when you visit orsi.coach are strictly necessary cookies set by Stripe's embedded checkout during a purchase. They are used to process your payment securely and to prevent fraud. They are exempt from consent requirements under the EU ePrivacy Directive because they are strictly necessary to deliver a service you actively requested. We do not set any analytics, advertising, or tracking cookies of our own, and we do not embed third-party trackers on our pages.

Server logs

Our hosting provider, Vercel, maintains standard server logs that include IP addresses and basic request data for security and operational purposes. These logs are retained for approximately 30 days by default (this figure is based on Vercel's current published defaults and is subject to change by Vercel). We do not use these logs for analytics, marketing, or profiling, and we access them only to diagnose operational issues.

How long we keep your data

We keep your personal data only as long as we need it.

  • Purchase information (name, email, transaction records): kept for as long as you have unused credits, plus seven years afterwards to comply with US and international tax and accounting requirements.
  • Booking information (via Google Calendar): kept for the duration of our coaching relationship and typically up to two years after your last session, after which it is deleted from our calendar.
  • Email correspondence: kept for up to two years from the last message, unless longer retention is needed for a specific purpose such as an unresolved dispute.
  • Server logs (via Vercel):approximately 30 days, per Vercel's default retention.

We delete data sooner on request where we are legally able to, under the rights described below.

Your rights

You have rights over your personal data. These rights apply to all buyers, though the specific legal source differs depending on where you live.

  • The right to know. You can ask us what personal data we hold about you, and we will tell you.
  • The right to a copy. You can ask us to send you a copy of your personal data in a portable format.
  • The right to correct. If any of your data is wrong, you can ask us to fix it.
  • The right to delete. You can ask us to delete your personal data. We will do so unless we are legally required to keep it (for example, tax records for a completed purchase).
  • The right to object and restrict. You can ask us to stop or limit certain processing of your data.
  • The right to withdraw consent. Where processing is based on your consent, you can withdraw it at any time.

To exercise any of these rights, email durberrylabs@gmail.comwith the subject line “Privacy Request.” We will respond within 30 days. These requests are free, except in the rare cases where the law allows us to charge.

If you are in the EU or UK

You also have the right to lodge a complaint with your national Data Protection Authority if you are unhappy with how we handle your data. A list of EU authorities is at edpb.europa.eu. The UK authority is the ICO at ico.org.uk.

If you are in California

You have the additional rights under the CCPA/CPRA to know the categories of personal information we collect, to delete your data, to correct inaccurate data, and to opt out of the “sale” or “sharing” of personal information. As stated above, we do not sell or share your personal information under any definition of those terms, and we do not engage in cross-context behavioral advertising. California residents may also authorize an agent to make a request on their behalf.

If you are in Colorado, Connecticut, Virginia, Utah, or another US state with a consumer privacy law

You have substantially similar rights under your state's privacy law. Contact us at the same email address and we will handle your request under whichever framework gives you the strongest protection.

Lawful basis under GDPR

For buyers in the EU and UK, we process your personal data on the following lawful bases under Article 6 of the GDPR:

  • Performance of a contract (Article 6(1)(b)). We need your name, email, and payment details to provide the coaching you purchased.
  • Legitimate interests (Article 6(1)(f)). When you email us, we have a legitimate interest in responding to you. When we keep basic records of coaching engagements, we have a legitimate interest in running our business responsibly.
  • Legal obligation (Article 6(1)(c)). We retain purchase records for seven years to comply with tax and accounting law.
  • Consent (Article 6(1)(a)). Where we ever rely on consent (for example, if you opt into a future newsletter), you can withdraw that consent at any time.

We do not process any special-category personal data under Article 9 of the GDPR, and we ask that you do not share such data with us during a coaching engagement.

Children

Our services are for adults. We do not knowingly collect personal data from anyone under 18. You must be 18 or older to purchase coaching from orsi.coach. If you are under 18, please do not purchase a session and please do not send us your personal information.

Security

We take reasonable steps to protect your personal information. All traffic to and from orsi.coach is encrypted in transit using HTTPS. We rely on reputable sub-processors (Stripe, Google, Vercel) that maintain industry-standard security practices, and we limit access to data on a need-to-know basis. That said, no system is perfectly secure, and we will not pretend otherwise. We cannot guarantee the absolute security of information transmitted over the internet.

If we learn of a personal data breach that affects your information, we will notify you and the relevant supervisory authority as required by applicable law. For EU and UK buyers, this means notifying the supervisory authority within 72 hours of becoming aware of the breach where the breach is likely to result in a risk to your rights and freedoms, and notifying you directly where the breach is likely to result in a high risk.

Changes to this policy

We may update this Privacy Policy from time to time. If we make a material change, for example adding a new sub-processor or starting to use analytics, we will update the “Last Updated” date at the top and, for significant changes, notify customers with active credits by email.

Contact

Privacy questions, data requests, or anything else covered by this policy: durberrylabs@gmail.com.