Privacy Policy

Change Decoded, LLC

Effective Date: March 7, 2026 | Last Updated: April 22, 2026

A. Definitions

The following terms have the meanings set forth below when used in this Privacy Policy:

Account” means a unique account created for You to access the Site or portions of the Site, including the Change Agent Basic Toolkit.

Business” for purposes of the CCPA, refers to Change Decoded, LLC as the legal entity that collects consumers’ personal information and determines the purposes and means of processing such information, and that does business in the State of California.

Company” (referred to as “We,” “Us,” or “Our”) refers to Change Decoded, LLC. For purposes of the GDPR, the Company is the Data Controller.

Consumer” for purposes of the CCPA, means a natural person who is a California resident.

Cookies” are small files placed on Your device by a website containing details of Your browsing history and preferences, among other uses.

Data Controller” for purposes of the GDPR, refers to the Company as the legal person that determines the purposes and means of the processing of Personal Data.

Device” means any device that can access the Site, such as a computer, mobile phone, or digital tablet.

Do Not Track (DNT)” is a concept promoted by US regulatory authorities, including the Federal Trade Commission, by which internet users can signal that they do not wish to be tracked across websites.

Personal Data” means any information relating to an identified or identifiable individual. For purposes of the GDPR, Personal Data means any information relating to You such as a name, identification number, location data, or online identifier. For purposes of the CCPA, Personal Data means any information that identifies, relates to, describes, or is capable of being associated with a particular consumer or device.

Sale” for purposes of the CCPA, means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating a consumer’s personal information to another business or third party for monetary or other valuable consideration.

Service” refers to the Site and all content, products, and resources available through it.

Service Provider” means any third-party company or individual that processes data on behalf of the Company to facilitate or provide the Service. For purposes of the GDPR, Service Providers are Data Processors.

Usage Data” refers to data collected automatically when using the Service, such as pages visited, time on pages, IP address, browser type, and device identifiers.

Website” refers to the site operated by Change Decoded, LLC, accessible at https://www.change-decoded.com.

"You" means the individual accessing or using the Site, or the company or other legal entity on behalf of which such individual is accessing or using the Site, as applicable. "Your" has a corresponding meaning.

Change Decoded, LLC (“Company,” “We,” “Us,” or “Our ”) operates the website located at https://www.change-decoded.com (the “Site”) and offers digital products, educational resources, and a community platform for professionals navigating organizational change and transformation.

This Privacy Policy explains how We collect, use, disclose, and protect information about You when You visit the Site, create a free account, purchase products, or interact with Our content and/or community.

By accessing or using the Site, You agree to the practices described in this Privacy Policy. If You do not agree, please discontinue use of the Site.

1. Information We Collect

We collect information in the following ways:

A. Information You Provide Directly

When You create a free account, purchase a product, contact Us, or sign up for resources, You may provide:

  • First and last name

  • Email address

  • Billing name and billing address

  • Payment information (credit or debit card details) — processed securely through Stripe; We do not store full payment card information on Our servers

  • Communications submitted through contact forms or support inquiries

B. Information Collected Automatically

When You visit the Site, We and Our service providers automatically collect certain technical information, including:

  • Your Internet Protocol (IP) address

  • Device type, operating system, and browser type

  • Pages visited, time and date of Your visit, time spent on pages, links clicked, and other website usage, behavioral data, unique device identifiers and other diagnostic data

  • Referral URLs and search terms used to reach the Site

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

This information is collected through cookies, web beacons, and similar tracking technologies, as well as through Google Analytics (GA4) and Our e-commerce/checkout platform. Please see Section 5 (Cookies and Tracking Technologies) for more information.

C. Information Collected Through Your Free Account

If You create a free account to access the Change Agent Basic Toolkit, We collect the information You provide at registration (name and email address) and may collect data about Your activity within the account, such as which resources You access and download.

D. Community and User-Generated Content

We operate a LinkedIn Community for professionals in Our network. If You participate in the LinkedIn Community, please be aware that content You post there is subject to LinkedIn’s own privacy policy and terms of service. We also host a blog on Our Squarespace website where comments may be enabled. Any information You submit in public blog comments is visible to other visitors.

2. How We Use Your Information

We use the information We collect for the following purposes:

  • To create and manage Your free account and provide access to the Change Agent Basic Toolkit and associated free resources

  • To process Your purchases of digital products and deliver Your order

  • To respond to Your inquiries, support requests, and contact form submissions

  • To operate, maintain, and improve the Site and Our products

  • To analyze website traffic and usage patterns through Google Analytics (GA4) to understand how visitors engage with Our content

  • To enforce Our Terms of Use, Terms of Purchase, and other applicable policies

  • To comply with applicable legal obligations

3. How We Share Your Information

We do not sell, rent, or share Your personal information with third parties for their own marketing purposes. We may share Your information in the following limited circumstances:

A. Service Providers

We work with third-party vendors and service providers who assist Us in operating the Site and delivering Our products and services. These providers are authorized to use Your information only as necessary to provide services to Us and are bound by appropriate confidentiality obligations.

Current service providers include but are not limited to:

  • Stripe — payment processing (PCI-DSS compliant)

  • Google Analytics (GA4) — website analytics and traffic reporting

  • Squarespace — website hosting and e-commerce functionality

  • Canva — design platform used in the creation of Digital Products (design assets only; no personal data is shared with Canva)

B. Legal Compliance and Protection

We may disclose Your information if required to do so by law, court order, or governmental authority, or if We believe in good faith that disclosure is necessary to protect Our rights, protect Your safety or the safety of others, investigate fraud, or respond to a lawful request.

C. Business Transfers

If the Company is involved in a merger, acquisition, asset sale, or similar transaction, Your information may be transferred as part of that transaction. We will provide notice before Your Personal Data is transferred and becomes subject to a different privacy policy.

4. Legal Basis for Processing (For EEA and UK Visitors)

Under the GDPR (General Data Protection Regulation), You may be referred to as the Data Subject or as the User, as You are the individual using the Service. If You are located in the European Economic Area (EEA) or the United Kingdom, Our processing of Your personal data is governed by the General Data Protection Regulation (GDPR) and, where applicable, the UK GDPR. We process Your personal data on the following legal bases:

  • Performance of a contract: When You purchase a digital product or create a free account, We process Your information as necessary to fulfill that transaction or provide account access.

  • Legitimate interests: We process certain technical and usage data to operate, secure, and improve the Site and Our products. We balance Our legitimate interests against Your rights and do not use this basis where Your interests override ours.

  • Legal obligation: We may process Your data where necessary to comply with applicable law.

  • Consent: Where required by law, We will obtain Your consent before processing Your data, such as for certain cookies and tracking technologies.

Your Rights Under GDPR

If You are located in the EEA or UK, You have the following rights with respect to Your personal data:

  • Right of access: You may request a copy of the personal data We hold about You.

  • Right to rectification: You may request that We correct inaccurate or incomplete personal data.

  • Right to erasure: You may request that We delete Your personal data, subject to certain exceptions.

  • Right to restriction: You may request that We restrict Our processing of Your personal data in certain circumstances.

  • Right to data portability: You may request that We provide Your personal data in a structured, commonly used, machine-readable format.

  • Right to object: You may object to Our processing of Your personal data based on legitimate interests.

  • Right to withdraw consent: Where processing is based on consent, You may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact Us at support@change-decoded.com. We will respond to Your request within 30 days. You also have the right to lodge a complaint with Your local data protection authority.

Please note that while We welcome visitors from the EEA and UK, Our primary operations are based in the United States and Our servers are located in the United States. If You are located in the EEA or UK, Your personal data will be transferred to and processed in the United States. By using the Site, You acknowledge this transfer.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on the Site. A cookie is a small text file placed on Your device that allows Us and Our service providers to recognize Your browser and collect information about Your use of the Site. Cookies can be “Persistent” (remaining on Your device when You go offline) or “Session” cookies (deleted when You close Your browser).

Types of Cookies We Use

Necessary / Essential Cookies

Type: Session Cookies

Administered by: Us

Purpose: These cookies are essential to provide You with the Site and its features, including to process transactions and maintain Your session. Without these cookies, services You have requested cannot be provided.

Cookie Policy/Notice Acceptance Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These cookies identify whether You have acknowledged Our cookie banner and accepted the use of non-essential cookies on the Site.

Functionality Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These cookies allow the Site to remember choices You make, such as Your login details or language preferences, to provide a more personalized experience and to avoid You having to re-enter Your preferences each time You visit.

Analytics/Performance Cookies (Google Analytics GA4)

Type: Persistent Cookies

Administered by: Third Party (Google)

Purpose: These cookies collect information about how visitors use the Site, including which pages are visited most often and how visitors navigate. The information gathered may directly or indirectly identify You as an individual visitor through a pseudonymous identifier associated with Your device. We use this data to analyze traffic and improve the Site.

We display a cookie consent banner on the Site. By continuing to use the Site after acknowledging the banner, You consent to Our use of non-essential cookies as described above.

You can control or disable cookies through Your browser settings. Please note that disabling certain cookies may affect the functionality of the Site. For more information about Google Analytics and how to opt out, visit: https://tools.google.com/dlpage/gaoptout.

6. Data Retention

We retain Your personal data for as long as necessary to fulfill the purposes described in this Privacy Policy, including to provide You with access to Your account and purchased products, comply with Our legal obligations, resolve disputes, and enforce Our agreements.

Usage Data (such as analytics data collected through Google Analytics) is generally retained for a shorter period than personal data, except where We are legally obligated to retain it for longer or where it is used to strengthen the security or improve the functionality of the Site.

When personal data is no longer needed for the purposes for which it was collected, We will delete or anonymize it in accordance with Our internal retention schedule. To request deletion of Your personal data, please contact Us at support@change-decoded.com.

7. Data Security

We implement reasonable administrative, technical, and physical security measures to protect Your personal information from unauthorized access, disclosure, alteration, or destruction. Payment information is processed through Stripe, a PCI-DSS compliant payment processor, and We do not store full payment card information on Our servers.

However, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of Your information and encourage You to take steps to protect Your own data, including using strong passwords and logging out of Your account when not in use.

8. California Privacy Notice (CCPA/CPRA)

This section applies to California residents and is provided in compliance with the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2022 (collectively, “CCPA”). Any terms defined in the CCPA have the same meaning when used in this section.

A. Categories of Personal Information We Collect

In the preceding twelve (12) months, We have collected the following categories of personal information from California residents:

  • Category A — Identifiers: such as name, email address, IP address, and billing address. Collected directly from You at account creation, checkout, and via automatic collection technologies. Collected: Yes.

  • Category B — Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)): such as name, billing address, and payment card information. Collected: Yes.

  • Category C — Protected classification characteristics: such as age, race, sex, or religion. Collected: No.

  • Category D — Commercial information: such as records of products purchased. Collected at checkout via Stripe. Collected: Yes.

  • Category E — Biometric information: such as fingerprints or voiceprints. Collected: No.

  • Category F — Internet or other electronic network activity information: such as browsing history, pages visited, time on site, clicks, and device/browser data. Collected automatically through cookies and Google Analytics (GA4). Collected: Yes.

  • Category G — Geolocation data: precise physical location. Collected: No. (IP address may approximate general location but is not precise geolocation.)

  • Category H — Sensory data: audio, visual, or similar information. Collected: No.

  • Category I — Professional or employment-related information: job history or performance evaluations. Collected: No.

  • Category J — Non-public education information: education records under FERPA. Collected: No.

  • Category K — Inferences: drawn from the above categories to understand user preferences and engagement. Generated through analytics data. Collected: Yes.

We do not collect sensitive personal information as defined under the CCPA/CPRA, such as Social Security numbers, financial account credentials, precise geolocation, racial or ethnic origin, religious beliefs, or biometric data.

Under CCPA, personal information does not include: publicly available information from government records; deidentified or aggregated consumer information; or information excluded from the CCPA’s scope, such as health or medical information covered by HIPAA, or information covered by sector-specific privacy laws including FCRA, GLBA, or FIPA.

B. Purposes for Collection

We collect the categories of personal information listed above for the following business and commercial purposes: to provide and manage free account access and digital product delivery; to process payments; to respond to inquiries and support requests; to analyze Site usage and improve Our products; to enforce Our policies; and to comply with applicable legal obligations. For a full description of Our data use practices, see Section 2 of this Privacy Policy.

C. Disclosure of Personal Information for Business Purposes

In the preceding twelve (12) months, We have disclosed the following categories of personal information to Our service providers for business purposes:

  • Category A (Identifiers) — to Stripe (payment processing), Squarespace (hosting), and Google (analytics)

  • Category B (California Customer Records) — to Stripe (payment processing)

  • Category D (Commercial information) — to Stripe (payment processing)

  • Category F (Internet/network activity) — to Google Analytics (GA4) for analytics

  • Category K (Inferences) — generated internally through analytics data

When We disclose personal information to a service provider for a business purpose, We enter into a contract requiring the recipient to keep that personal information confidential and use it only for the purposes of performing services for Us.

D. Sale or Sharing of Personal Information

We do not sell Your personal information for money. However, Our use of Google Analytics (GA4) may constitute “sharing” of personal information (specifically, Category F Internet/network activity and Category A Identifiers) for cross-context behavioral advertising purposes under the CCPA/CPRA, to the extent that GA4’s data practices involve cross-context tracking. California residents have the right to opt out of this sharing. See Section 8E for how to exercise this right.

E. Your California Privacy Rights

California residents have the following rights under the CCPA/CPRA:

  • Right to Know: You may request that We disclose the categories and specific pieces of personal information We have collected about You, the sources of that information, Our purposes for collecting it, and the categories of third parties with whom We have shared it.

  • Right to Delete: You may request that We delete personal information We have collected from You, subject to certain exceptions permitted by law.

  • Right to Correct: You may request that We correct inaccurate personal information We hold about You.

  • Right to Opt Out of Sale/Sharing: You may opt out of the sale or sharing of Your personal information. To opt out of data sharing through Google Analytics, You may use the Google Analytics Opt-Out Browser Add-on available at

    https://tools.google.com/dlpage/gaoptout.

  • Right to Non-Discrimination: We will not discriminate against You for exercising any of Your CCPA rights. We will not deny You goods or services, charge You different prices, or provide a different level of service because You exercised a privacy right.

F. How to Submit a Privacy Request

To submit a verifiable consumer request to know, delete, or correct Your personal information, contact Us at support@change-decoded.com. We will respond to verifiable consumer requests within 45 days of receipt. If We need additional time (up to 90 days total), We will notify You in writing within the initial 45-day period and explain the reason for the extension. We may need to verify Your identity before processing Your request. Your request must provide sufficient information to allow Us to reasonably verify Your identity and describe Your request in sufficient detail for Us to evaluate and respond to it.

G. Global Privacy Control

We honor Global Privacy Control (GPC) opt-out preference signals. If Your browser or browser extension sends a GPC signal when You visit our Site, We will treat that signal as a request to opt out of the sale or sharing of Your personal information.

H. Sources of Personal Information

We obtain the categories of personal information described in Section 8A from the following categories of sources:

  • Directly from You — information You provide when creating a free account, completing a purchase, submitting a contact form, or participating in Our blog.

  • Indirectly from You — information observed about Your activity and interactions on the Site.

  • Automatically from Your device — through cookies, web beacons, and similar technologies as You navigate the Site, including through Google Analytics (GA4).

  • From Service Providers — such as Stripe (payment processing) and Squarespace (website hosting and e-commerce).

I. No Sale of Personal Information

We have not sold personal information in the preceding twelve (12) months, and We do not sell personal information. We do not sell the personal information of consumers We know to be under 16 years of age. For information about Our potential sharing of personal information through Google Analytics (GA4) and Your right to opt out, see Sections 8D and 8E above.

J. Personal Information of Minors Under 16

We do not knowingly collect personal information from individuals under the age of 16. We do not sell the personal information of consumers We actually know are less than 16 years of age. If You have reason to believe that a minor under the age of 16 has provided Us with personal information, please contact Us at support@change-decoded.com with sufficient detail to enable Us to delete that information.

9. Do Not Track Policy (CalOPPA)

The California Online Privacy Protection Act (CalOPPA) requires commercial websites and online services that collect personally identifiable information from California consumers to conspicuously post a privacy policy and to disclose how the website responds to Do Not Track (DNT) signals.

Our Site does not currently respond to Do Not Track signals from web browsers. However, some third-party websites and services You may visit do track Your browsing activity. You can set Your browser preferences to inform websites that You do not wish to be tracked. You can enable or disable DNT by visiting the preferences or settings page of Your web browser.

10. Your California Privacy Rights — Shine the Light (Cal. Civ. Code § 1798)

Under California Civil Code Section 1798 (the “Shine the Light” law), California residents with an established business relationship with Us may request information once per calendar year about sharing their personal information with third parties for the third parties’ direct marketing purposes.

We do not share personal information with third parties for their own direct marketing purposes. If You are a California resident and wish to confirm this or have questions about this practice, please contact Us at support@change-decoded.com.

11. California Rights for Minor Users (Cal. Bus. & Prof. Code § 22581)

California Business and Professions Code Section 22581 allows California residents under the age of 18 who are registered users of online sites, services, or applications to request and obtain removal of content or information they have publicly posted.

If You are a California resident under 18 and a registered user of the Site, You may request removal of content You have publicly posted by contacting Us at support@change-decoded.com and including the email address associated with Your account. Please be aware that Your request does not guarantee complete or comprehensive removal of all content You have posted, and that applicable law may not permit or require removal in certain circumstances.

12. Children's Privacy and COPPA Compliance

A. General Minor Exclusion

The Site is intended for use by adults and is not directed to individuals under the age of 18. We do not knowingly collect personal information from individuals under the age of 18. If You are under 18, please do not use the Site or submit any personal information to Us. If We become aware that We have inadvertently collected personal information from an individual under 18 without appropriate parental consent, We will take steps to delete that information promptly.

B. COPPA — Children Under 13

The Children's Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501–6506, and its implementing regulations (16 C.F.R. Part 312) govern the online collection of personal information from children under the age of 13. The Site is not directed to children under 13, and We do not knowingly collect, use, or disclose personal information from children under 13. We do not condition a child's participation in any activity on the Site on the disclosure of more personal information than is reasonably necessary to participate in that activity.

If We discover that a child under the age of 13 has provided Us with personal information without verifiable parental consent, We will take immediate steps to delete that information from Our records and, if applicable, to terminate that child's account. We will not use or disclose any personal information collected from a child under 13 for any purpose other than to notify the parent and to delete the information.

If You are a parent or guardian and believe that Your child under the age of 13 has provided personal information to Us, or if You wish to review, correct, or request deletion of Your child's personal information, please contact Us at support@change-decoded.com. We will respond to verifiable parental requests within a reasonable time and will provide parents with the opportunity to review personal information collected from their child, direct Us to delete such information, and refuse to allow further collection or use of their child's information.

If We need to rely on consent as a legal basis for processing Your information and Your country or jurisdiction requires consent from a parent or guardian, We may require such consent before We collect and use that information.

13. Third-Party Links and Platforms

The Site may contain links to third-party websites, platforms, or resources, including Our LinkedIn Community. We are not responsible for the privacy practices of those third parties, and this Privacy Policy does not apply to information You provide to or that is collected by any third-party platform. We encourage You to review the privacy policies of any third-party sites You visit.

14. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. When We make material changes, We will update the “Last Updated” date at the top of this Policy and, where appropriate, provide notice on the Site. Your continued use of the Site after any changes constitutes Your acceptance of the updated Privacy Policy. We encourage You to review this Policy periodically.

15. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of South Dakota, without regard to its conflict of law principles. Any disputes arising out of or relating to this Privacy Policy shall be resolved in accordance with the dispute resolution provisions set forth in Our Terms of Use.

16. Contact Us

If You have questions about this Privacy Policy, wish to exercise Your privacy rights, or need to report a privacy concern, please contact Us at:

CHANGE DECODED, LLC

WWW.CHANGE-DECODED.COM

SUPPORT@CHANGE-DECODED.COM