Skip to main content
Fine Is a Lie

Privacy Policy

Last updated: April 20, 2026

1. Information We Collect

When you use Fine Is a Lie, create an account, or purchase access, we may collect the following information. When you purchase access, an account is automatically created using the email address you provide at checkout.

  • Account information: Name, email address, and password hash (managed securely via Supabase Authentication).
  • Profile data: Avatar image, bio, timezone preference, and theme preference.
  • Journal entries: Text content and images you create within the journaling feature.
  • Exercise responses: Your answers and inputs to course exercises.
  • Quiz results: Responses and scores from quizzes and assessments.
  • Payment information: Processed securely by Stripe. We do not store your credit card numbers on our servers. We retain transaction identifiers and purchase history.
  • Progress data: Lesson completion status, exercise completion status, daily intentions, and daily practice logs.
  • Gamification data: XP points earned, badges awarded, streaks, and level progression.
  • Onboarding data: Information provided during the onboarding process.
  • File uploads: Profile avatar images and journal images uploaded to the platform.
  • Device and technical data: Browser type, device information, IP address, and operating system for security and analytics purposes.
  • Traffic source data: How you found us (e.g., search engine, social media, referral link). This is captured from URL parameters and HTTP referrer headers and stored alongside your quiz results to help us understand which channels bring people to the platform. This data contains no personally identifiable information — only the source category (e.g., "organic", "social", "reddit").
  • Error tracking data: Application errors and performance data collected via Sentry for error monitoring purposes.
  • Email engagement data: Email open rates and click data collected via Resend to improve our communications.
  • Marketing consent records: If you opt in to receive emails from Fine Is a Lie (via the unchecked consent checkbox on our email-capture forms), we capture evidentiary metadata at the moment of consent: the timestamp, your IP address, the exact wording of the consent checkbox as shown to you, the URL where consent was given, your user-agent string (device/browser context), and the form version. These records exist to meet the demonstrability-of-consent requirement under the Australian Spam Act 2003 and (to the extent applicable) GDPR Art. 7(1).

2. Lawful Basis for Processing

We process your personal data on the following legal bases:

  • Contract performance: Processing necessary to provide your account, deliver course access, process payments, and fulfil our obligations to you as a customer.
  • Legitimate interest: Processing for analytics, platform security, error tracking and monitoring, and improving the service, where these interests are not overridden by your data protection rights.
  • Consent (Privacy Act APP 3.3; GDPR Art. 6(1)(a) to the extent applicable): Processing based on your freely-given, specific, informed, and unambiguous consent. We rely on consent for emails from John (founder) about burnout recovery and the Fine Is a Lie program, for the separate “Notes from John” series (if you sign up for it), for non-essential cookies, and for optional data collection. The marketing consent records described in §1 exist to demonstrate that consent was given. You may withdraw consent at any time using the unsubscribe link in every email or by emailing support@fineisalie.com. Withdrawal does not affect the lawfulness of processing before withdrawal.
  • Legal obligation: Processing necessary to comply with applicable laws, such as retaining payment records for tax purposes.

3. How We Use Your Information

  • To provide and personalize the Fine Is a Lie course experience.
  • To process payments and manage your enrollment.
  • To track your progress, maintain streaks, and award achievements.
  • To send transactional emails (via Resend) such as purchase confirmations, account setup reminders, and password resets. If you purchase access and skip setting a password, we will send up to two reminder emails to help you complete your account setup.
  • To monitor application performance and errors (via Sentry).
  • To protect against fraud and abuse using CSRF tokens and rate limiting.
  • To store and serve your uploaded files (profile avatars, journal images).
  • To maintain and improve the quality of our platform and services.
  • To understand how visitors find us (traffic source analytics) and measure the effectiveness of our content.
  • To log visits from AI search engine crawlers (such as GPTBot and PerplexityBot) to understand how our content is being indexed. This logging captures the bot name and page visited only — no personal data is collected.
  • To send emails from John (founder) about burnout recovery and the Fine Is a Lie program, if and only if you have explicitly opted in via the unchecked consent checkbox at email capture. A separate “Notes from John” series is sent only to people who sign up for it via the notes signup form. We do not enrol you in marketing emails based on purchase alone. Consent to marketing is separate from transactional communication.

4. Data Storage & Security

Your data is stored securely using Supabase (PostgreSQL) with row-level security policies. All data is encrypted in transit (TLS) and at rest. We implement security headers including Content Security Policy, HSTS, and X-Frame-Options to protect your browsing experience.

Sensitive information. Some inputs you provide may reasonably relate to your mental or physical health (for example, quiz answers about stress and fatigue, journal entries, and exercise responses). Under Australian Privacy Principle 3.3, we collect this information on the basis of your implied consent when you voluntarily participate in an optional self-reflection tool or exercise. You can stop at any time. Quiz answers are not stored until you submit the quiz. Journal entries and exercise responses stay inside your account and are retained only for as long as described in §9. To the extent any EU/UK resident provides this information despite the regional-availability restriction in §12, we rely on explicit consent under GDPR Article 9(2)(a).

5. Error Monitoring

We use Sentry for error monitoring and performance tracking to help us diagnose and fix issues. This collects technical data about errors and application performance but does not record your interactions with the platform. Error data is processed and stored by Sentry in accordance with their privacy practices and our Data Processing Agreement with them.

6. Third-Party Services

We do not sell your personal data. We do not share your personal data with third parties for marketing purposes. We do not transfer your personal data to data brokers. The third-party services listed below act as processors: they handle your data only to provide a service to us (hosting, payment processing, email delivery, error monitoring) under contracted Data Processing Agreements. In the unlikely event of a business transfer (sale, merger, or acquisition), your personal data would transfer under the same protections as this policy, and you would be notified in advance with the option to delete your account before the transfer takes effect.

Voice synthesis: Some audio content on the platform (such as per-archetype voice messages) is generated using ElevenLabs voice synthesis technology. This process does not involve the collection or processing of your personal data — the audio files are pre-generated server-side from scripts and served as static media.

AI-generated content: In addition to voice synthesis, some marketing materials (articles, social posts, email copy) are written with assistance from AI language models and edited by the founder. The “John” avatar image is AI-generated. See our transparency page for a full list.

We use the following third-party services:

  • Supabase: Authentication, database hosting, and file storage (US-based).
  • Stripe: Payment processing (US-based).
  • Resend: Transactional and marketing email delivery (US-based).
  • Sentry: Error monitoring and performance tracking (US-based).
  • Plausible Analytics: Privacy-friendly, cookieless web analytics (EU-based, operated from Germany). Plausible does not use cookies, does not track individuals across sites, and does not collect or store personal data. Aggregate metrics (page views, traffic sources, and event counts such as quiz completions) are used to understand how the site performs.
  • Vercel: Application hosting and deployment (US-based).
  • Cloudflare: Bot protection and security verification via Turnstile (US-based). Cloudflare may process your IP address and browser characteristics to verify you are a real person. See Cloudflare's privacy policy.

We maintain Data Processing Agreements (DPAs) with our key service providers including Supabase, Stripe, Sentry, Resend, Plausible, Vercel, and Cloudflare.

7. Cookies & Tracking Technologies

We use the following cookies and similar technologies:

  • Essential cookies: Supabase authentication session cookie and CSRF token. These are strictly necessary for the platform to function and cannot be disabled.
  • Functional cookies: Quiz session ID and theme preference. These remember your choices to provide a more personalized experience.
  • Attribution cookie: A first-party, httpOnly cookie that records how you found us (e.g., the traffic source category such as "organic" or "social"). This cookie contains no personally identifiable information, cannot be read by JavaScript, expires after 30 days, and is used solely to understand which channels bring people to the platform.
  • Error monitoring: Sentry error tracking via a tunnel endpoint at /monitoring. This is an essential service used to detect and fix application errors, not for advertising or user profiling.
  • Local storage: We use browser localStorage to save your Day 1 progress (exercise completions, lesson progress) before you purchase. This data stays in your browser and is transferred to your account after purchase. localStorage is also used to remember your cookie notice preference.

We use Plausible Analytics (EU-based, operated from Germany) for aggregate, cookie-less pageview and event measurement. Plausible does not use cookies on your browser, does not track individuals across sites, and does not build user profiles. In the course of serving pageview requests, Plausible processes your IP address and user-agent in transit to compute country-level location and to deduplicate sessions, but it does not store personal identifiers or persistent IDs. We do not use third-party advertising cookies. See §6 for the full processor list.

8. International Data Transfers

Fine Is a Lie is operated by 360 Maker (ABN 44 137 669 949) from Queensland, Australia. Your personal data is processed by US-based service providers including Supabase (database, authentication, and storage), Stripe (payments), Sentry (error tracking), Resend (email), and Vercel (hosting).

Where your data is transferred outside your jurisdiction, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or equivalent mechanisms approved by relevant data protection authorities, to protect your personal data in accordance with applicable privacy laws.

9. Data Retention

We retain your data for the following periods:

  • Account data: Retained for the life of your account plus 30 days after account deletion.
  • Journal entries and exercise responses: Retained until you delete them or until your account is deleted.
  • Payment records: Retained as required by applicable tax law, typically 7 years.
  • Error logs: Retained for 90 days.
  • Email engagement data: Retained for the duration of your email subscription.
  • Marketing consent records: Retained for the life of your subscription to the marketing list, plus 3 years after you unsubscribe, for evidentiary purposes under the Spam Act 2003 and GDPR Art. 7(1). After the 3-year window, the evidentiary fields (timestamp, IP, wording, URL, user-agent, form version) are automatically nullified. The retention period is enforced in code at src/lib/privacy/retention.ts.
  • Traffic source data: Retained alongside your quiz results and enrollment records for the life of your account.
  • AI bot visit logs: Retained for 90 days. These contain no personal data.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Export your data in a portable format (journal entries, progress data, exercise responses).
  • Opt out of non-essential communications.
  • Restrict the processing of your personal data.
  • Object to the processing of your personal data.
  • Data portability — receive your personal data in a structured, commonly used, and machine-readable format.
  • Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing prior to withdrawal.
  • Lodge a complaint with a supervisory authority in your jurisdiction.

To exercise any of these rights, contact us at support@fineisalie.com. We will respond to your request within 30 days.

11. California Consumer Privacy Act (CCPA)

If you are a California resident, the CCPA provides you with additional rights regarding your personal information.

Categories of personal information collected: Identifiers (name, email, IP address), commercial information (purchase history), internet or electronic network activity (usage data, error logs, traffic source data), and other information you provide (journal entries, exercise responses, profile data).

Your CCPA rights:

  • Right to Know: You may request details about the personal information we have collected about you in the preceding 12 months.
  • Right to Delete: You may request that we delete the personal information we have collected about you, subject to certain exceptions.
  • Right to Opt-Out of Sale: We do not sell your personal information. We have not sold personal information in the preceding 12 months.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your CCPA rights, contact us at support@fineisalie.com.

12. EU, EEA, Switzerland, and United Kingdom — Regional Availability

Fine Is a Lie is not currently available to visitors from the European Union, European Economic Area, Switzerland, or the United Kingdom. We use an edge-layer check to prevent access from these regions and do not collect, process, or retain personal data from EU/UK visitors as a matter of course. If you are an EU/UK resident and believe you have been served content in error, please contact support@fineisalie.com and we will delete any data we have received.

To the extent we do receive any personal data from an EU/UK resident despite this restriction, the following GDPR rights apply:

  • The right to restrict processing of your personal data.
  • The right to object to processing of your personal data based on legitimate interests.
  • The right to data portability, to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller.
  • The right to lodge a complaint with your local data protection supervisory authority.
  • The right to withdraw consent at any time where we rely on consent as our legal basis for processing.

Because we do not target or offer goods or services to data subjects in the Union within the meaning of GDPR Art. 3(2)(a), we are not obliged to appoint a representative under GDPR Art. 27. If you are an EU/UK resident and need to exercise a GDPR right because you provided personal data to us in error, email support@fineisalie.com.

13. Children's Privacy

Fine Is a Lie is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a minor, please contact us immediately.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days' notice via email to your registered email address before the changes take effect. Your continued use of the platform after the effective date of any changes constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.

15. Contact Us

If you have questions about this Privacy Policy or your data, contact us at support@fineisalie.com.

Privacy Contact: support@fineisalie.com

Business Name: 360 Maker | ABN: 44 137 669 949