Legal
Privacy Policy
Adytum is operated by Better Together Branding LLC ("Adytum", "we", "us"). This Privacy Policy explains what information we collect when you visit adytum.agency or use our free or paid apps, why we collect it, who we share it with, and how to delete it.
The short version: We collect your email when you use a free tool (so we can deliver your report), basic browsing analytics if you accept the consent banner, and order details when you buy. We do not sell or rent your data. PDF uploads to PitchScore are processed and discarded — we never store the raw file. You can request deletion of everything by emailing legal@adytum.agency with subject "Adytum DSAR".
1. What we collect
1.1 Information you give us
- Email address (required for all free tools and any paid purchase)
- First and last name (optional)
- Inputs you provide to apps: URLs you scan with A11yScan, BrandCheck text inputs, pitch deck PDFs you upload to PitchScore, the brief you give TaglineGen, etc.
- Order details when you buy a Crafted service (handled by Squarespace)
- Intake form responses after a Crafted purchase (project details you submit)
1.2 Information collected automatically
- IP address (used for abuse prevention rate-limiting)
- Browser type and OS (HubSpot tracking, only after you accept the consent banner)
- Pages visited on adytum.agency (HubSpot tracking, only after consent)
- Approximate location from IP (HubSpot, post-consent only)
- UTM parameters from links you click to reach us
1.3 Information we do NOT collect
- We do not use Google Analytics, Meta Pixel, or third-party advertising trackers
- We do not fingerprint your browser beyond what HubSpot's standard tracking does
- We do not collect health, religious, or political information
- We do not require payment information on the website itself — Stripe Checkout and Squarespace handle payments on their secure pages
2. Why we collect it
- To deliver the service you requested. If you submit an email to run an A11yScan, we send you the report. That's it.
- To prevent abuse. Rate-limiting requires that we briefly track your email and IP across requests.
- To improve the apps. Aggregate usage data helps us decide which apps to invest in.
- To send you relevant follow-ups — but only if you accept the consent banner or otherwise opt in. You can unsubscribe at any time using the link in every email.
- To fulfill orders if you buy a Crafted service or subscribe to Adytum Plus / Studio.
3. Who we share it with
We use specific third-party processors to operate Adytum. Each is bound by their own privacy commitments. We share only the minimum information each needs to do its job.
| Processor | What we share | Why |
|---|---|---|
| HubSpot (CRM, marketing email, tracking) | Email, name, app interactions, browsing behavior (post-consent) | Customer relationship management + marketing |
| Supabase (database + storage) | App inputs (URLs, extracted PDF text), scores, email, IP | Operational data store |
| Anthropic (AI processing) | App inputs only at moment of processing (no email, no name) | Generate app responses |
| Resend (transactional email) | Email + report content | Send your reports |
| Cloudflare Turnstile (anti-bot) | IP + Turnstile challenge response | Bot detection |
| Netlify (hosting + functions) | All inbound requests | Serve the website + run app logic |
| Stripe / Squarespace (payments) | Payment details directly on their site (we don't see card info) | Process payment |
| DocuSign (legal docs) | Email + document for Crafted service agreements | Signed deliverables |
We do not sell, rent, or trade your personal information. We do not share with advertisers, data brokers, or marketing intelligence platforms.
4. How long we keep it
- PDF uploads to PitchScore: never stored. We extract text, score it, then discard the file within the request lifecycle (seconds).
- App results (scan reports, score reports): 30 days, then archived/deleted.
- HubSpot Contact records: until you request deletion (DSAR).
- Supabase rate-limit logs: 90 days.
- Order records: 7 years (US tax requirement). We retain financial records this long even after deletion requests, but strip personal data from them where legally permitted.
- Email opt-outs: retained indefinitely so we don't accidentally re-email you after you opted out (this is required by CAN-SPAM).
5. Your rights (GDPR, CCPA, and similar)
Wherever you are, you can ask us to:
- Access a copy of the data we hold about you
- Correct inaccuracies in your data
- Delete your data (subject to legal retention requirements above)
- Export your data in machine-readable form
- Object to marketing emails (unsubscribe link in every email) or to processing
- Withdraw consent for tracking by clicking "Reject" in the consent banner (visible on first visit) or running this in your browser console:
localStorage.setItem('adytum-consent-v1', 'rejected'); location.reload();
To exercise any right, email legal@adytum.agency with subject "Adytum DSAR". We respond within 30 days.
6. Cookies and tracking
On first visit to adytum.agency, you see a consent banner asking whether to accept cookies and analytics. Until you click Accept all, we set no tracking cookies and load no analytics scripts. The HubSpot tracker is the only third-party tracker we use.
Essential cookies (the consent banner state itself, session cookies for paid app login when those launch) are set without separate consent because they're strictly necessary for the site to function.
7. Children's privacy
Adytum is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a minor has provided us with information, email legal@adytum.agency and we will delete it.
8. Data transfers
Our processors (HubSpot, Supabase, Anthropic, Resend, Stripe, Squarespace, etc.) are primarily US-based. If you are in the EU, UK, or similar jurisdiction, your data may be transferred to the US under Standard Contractual Clauses (SCCs) or similar safeguards. Each processor publishes its own SCC documentation.
9. Security
All site traffic uses HTTPS (Let's Encrypt). Service tokens are scoped per integration and rotated periodically. Supabase databases use row-level security policies. We do not process or store payment card data on our infrastructure.
No security is perfect. If you believe you've found a vulnerability, please email security@adytum.agency with subject "Adytum security" — we'll acknowledge within 5 business days.
10. Changes to this policy
We update this policy when our practices change. The "Last updated" date at the top reflects the most recent change. Material changes (new processor, new data category) will be notified to active subscribers via email. Minor changes (typos, restructuring) will not be separately notified.
11. Contact
Better Together Branding LLC
Owner: Josh Wark
Email: legal@adytum.agency
Subject prefix for legal/privacy: Adytum DSAR or Adytum Privacy
This is a draft. If you require this policy to meet specific regulatory standards (e.g., enterprise customer DPAs, EU representative requirements, certain industry rules), have your counsel review before relying on it for those purposes. Adytum welcomes such reviews and will incorporate counsel feedback.