Privacy Policy

Catalyst88, LLC ("Catalyst88," "we," "us," or "our") operates the website at catalyst88.com and the Catalyst88 private community mobile and web application (collectively, the "Services"). This Privacy Policy explains what personal information we collect across all Services, how we use it, with whom we share it, and the rights you have over it. By using any part of the Services you agree to the practices described below.

1. Scope

This policy applies to:

• The marketing website — catalyst88.com and all subdomains.
• The Catalyst88 Community App — the private iOS, Android, and web application available to enrolled members of Chairman's Circle, Chairman's Circle PRO, and other Catalyst88 programs (the "App").
• Email communications — newsletters, course materials, and transactional messages sent by Catalyst88.

2. Information We Collect

2.1 Information you provide directly

• Account registration — name, email address, password (hashed), company name, job title, and any profile photo you choose to upload.
• Program applications and purchases — information submitted when applying for or purchasing Chairman's Circle, Chairman's Circle PRO, or the AI Blueprint Series, including business details you voluntarily share.
• Payment information — billing details processed by Stripe. We do not store full card numbers; Stripe handles all payment data under their own Privacy Policy.
• User-generated content (UGC) — posts, replies, comments, direct messages, files, images, and other content you submit inside the App's community forums, group channels, or direct messaging features.
• Contact and inquiry forms — name, email, company, and message content submitted through the website contact form.
• Support communications — messages you send to our support team, including any attachments or screenshots.
• Survey and feedback responses — optional responses to in-app surveys, NPS prompts, or program feedback forms.

2.2 Information collected automatically

• Device identifiers — device type, OS version, unique device ID (IDFV on iOS; Android ID on Android), and app version, used to provide the App and diagnose technical issues.
• Push notification tokens — a device-specific token issued by Apple (APNs) or Google (FCM) when you grant notification permission, used solely to deliver in-app notifications you have opted into.
• App usage data — screens viewed, features used, session duration, and in-app navigation events, collected via privacy-respecting, first-party analytics. This data is aggregated and not sold.
• Website usage data — pages visited, time on site, referring URL, browser type, and device type, collected via Umami Analytics (cookie-free, no cross-site tracking).
• Log data — IP address, access timestamps, and HTTP request details stored in standard server logs for security and debugging.
• Crash reports — anonymised crash logs and stack traces generated when the App encounters an error, used to improve stability.

2.3 Information from third parties

• Single sign-on (SSO) — if you sign in with Apple, Google, or another SSO provider, we receive the name and email address that provider shares with us, subject to your privacy settings with that provider.
• Payment processor — Stripe may share subscription status and billing event data (e.g., payment succeeded, subscription cancelled) with us to manage your access to the App.

3. How We Use Your Information

• Create and manage your account and program membership.
• Deliver the App's community features — forums, direct messages, group channels, live events, and resource libraries.
• Send push notifications for community activity (replies, mentions, new content) — only when you have granted notification permission.
• Process purchases, manage subscriptions, and issue receipts.
• Send transactional emails (onboarding, receipts, program updates) and, where you have opted in, marketing communications.
• Moderate community content to enforce our Community Guidelines.
• Improve the App and website, diagnose crashes, and analyse usage trends to prioritise new features.
• Prevent fraud, abuse, and security threats.
• Comply with legal obligations and enforce our Terms of Service.

4. Legal Basis for Processing (EEA / UK visitors)

• Contract — to fulfil a purchase or service agreement with you, including operating your App account.
• Legitimate interests — to improve our services, ensure community safety, and communicate about relevant offerings.
• Consent — for marketing emails and push notifications; you may withdraw consent at any time via email unsubscribe or device notification settings.
• Legal obligation — where required by applicable law.

5. Sharing of Information

We do not sell your personal information. We may share it with trusted third parties only as necessary to operate the Services:

• Stripe — payment processing and subscription management.
• Push notification providers — Apple APNs and Google FCM receive your device token solely to deliver notifications you have enabled.
• Email service providers — to deliver transactional and marketing emails on our behalf.
• Cloud hosting and infrastructure — cloud hosting, CDN, and database services that store and serve the App and website.
• App analytics providers — privacy-first, first-party analytics tools that do not share data with advertising networks.
• Other community members — content you post publicly within the App is visible to other enrolled members. Direct messages are visible only to the intended recipients.
• Legal or regulatory authorities — when required by law, court order, or to protect the rights, property, or safety of Catalyst88 or others.

All third-party service providers are contractually required to handle your data securely and only for the purposes we specify.

6. Push Notifications

The App may request permission to send push notifications for community activity such as replies to your posts, direct messages, mentions, and announcements. You can manage notification preferences at any time in your device Settings or within the App's notification settings. Revoking permission does not affect your access to the App.

7. Cookies and Tracking

The marketing website uses Umami Analytics — a cookie-free, GDPR-compliant platform. The App uses first-party session tokens (stored in secure, HttpOnly cookies or device-secure storage) solely to keep you logged in. We do not use advertising cookies, third-party tracking pixels, or behavioural retargeting. Embedded YouTube videos may set cookies from Google/YouTube when you choose to play them; please refer to Google's Privacy Policy for details.

8. In-App Purchases

Subscriptions and one-time purchases made through the App may be processed by Stripe (web/direct) or through Apple's App Store / Google Play (if applicable). Purchases made via Apple or Google are subject to their respective store policies. We receive confirmation of purchase status but do not receive your full payment card details from Apple or Google.

9. Data Retention

• Active accounts — retained for the duration of your membership plus 12 months after account closure.
• User-generated content — retained while your account is active. Upon account deletion, posts may be anonymised rather than deleted to preserve community thread integrity, unless you specifically request deletion.
• Purchase records — retained for seven years for tax and accounting compliance.
• Contact form submissions — retained for up to 24 months.
• Crash logs and analytics — retained in aggregated form for up to 24 months.

10. Security

We implement industry-standard safeguards including TLS encryption in transit, AES-256 encryption at rest for sensitive data, access controls, and regular security reviews. Passwords are stored using bcrypt hashing and are never stored in plain text. We commit to promptly notifying affected users of any confirmed breach as required by law.

11. Your Rights

Depending on your location you may have the right to access, correct, delete, or port your personal data, or to object to or restrict certain processing.

• In-app — visit Settings > Account > Privacy to download your data or request account deletion.
• By email — contact [email protected]. We will respond within 30 days.

EEA/UK residents may also lodge a complaint with their local data protection authority.

12. Children's Privacy

The Services are intended for adults aged 18 and over and are not directed at children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately and we will delete it.

13. International Transfers

Catalyst88 is based in the United States. If you are located outside the US, your information may be transferred to and processed in the US and other countries where our service providers operate. We rely on Standard Contractual Clauses or other lawful transfer mechanisms for EEA/UK data transfers.

14. Links to Third-Party Sites

The Services contain links to external websites and apps (SymoGlobal, Parsimony, Awesomers, MyMentorSteve, and others). We are not responsible for the privacy practices of those services and encourage you to review their individual policies.

15. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify active App users via an in-app notice or email. Continued use of the Services after a change constitutes acceptance of the revised policy.

16. Contact Us

Questions or requests regarding this Privacy Policy should be directed to: