Privacy Policy
Effective date: 1 March 2025 | Last updated: 28 February 2026
The Executive Protocol ("we," "us," or "our") operates the website theexecutiveprotocol.com and related digital services. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website, take our assessments, purchase our products, or subscribe to our communications.
We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR), the UK GDPR, and the US CAN-SPAM Act.
In brief: We collect only what we need. We never sell your data. You can unsubscribe or request deletion at any time. We use your information to deliver your results and, with your consent, send occasional performance research.
1. Data Controller
The Executive Protocol is the data controller responsible for your personal data. If you have questions about this policy or wish to exercise your rights, contact us at:
contact@theexecutiveprotocol.com
2. What Data We Collect
Data you provide directly
- Assessment data: Your responses to the Executive Chronotype Assessment, including the resulting chronotype profile.
- Contact information: Your first name and email address, provided when you unlock your assessment results.
- Purchase information: Name, email, and payment details when you purchase a product. Payment processing is handled by Payhip; we do not store credit card numbers.
Data collected automatically
- Usage data: Pages visited, time spent, referral source, and general interaction patterns.
- Device and browser data: Browser type, operating system, screen resolution, and language preference.
- IP address: Used to determine approximate geographic location (country/region level only). We do not track precise location.
Cookies
We use essential cookies required for site functionality and analytics cookies to understand how visitors use our site. We do not use advertising cookies or third-party tracking pixels. You can control cookie preferences through your browser settings.
3. How We Use Your Data
We process your personal data for the following purposes:
- Deliver your assessment results — to generate and display your Executive Chronotype Briefing. Legal basis: performance of a contract / legitimate interest.
- Send marketing communications — occasional performance research, protocol updates, and product announcements. Legal basis: your explicit consent, given via the opt-in checkbox.
- Process purchases — to fulfil product orders and provide customer support. Legal basis: performance of a contract.
- Improve our services — to analyse aggregate, anonymised usage patterns and improve our content and tools. Legal basis: legitimate interest.
We will never use your data for purposes beyond those described here without obtaining your consent.
4. Email Communications
When you provide your email address and check the consent box on our assessment, you agree to receive:
- Your personalised chronotype results (one-time delivery).
- Occasional performance research and protocol updates (typically no more than 2–4 emails per month).
- Product announcements related to The Executive Protocol series.
Your control: Every email includes a one-click unsubscribe link. You can also email us at contact@theexecutiveprotocol.com to unsubscribe. We will process unsubscribe requests within 48 hours (and within 10 business days as required by CAN-SPAM).
We comply with the US CAN-SPAM Act: all commercial emails identify The Executive Protocol as the sender, include our contact information, contain a clear unsubscribe mechanism, and use accurate subject lines. We never use deceptive headers or misleading content.
5. Data Sharing
We do not sell, rent, or trade your personal data to any third party. We share data only with the following categories of service providers, who process it on our behalf and under our instructions:
- Email service provider — to deliver your results and manage communications (e.g., Mailchimp or ConvertKit).
- Payment processor — Payhip, to process purchases securely.
- Hosting provider — Hostinger, to serve our website.
- Analytics — to understand site usage in aggregate (no personally identifiable data is shared).
All service providers are contractually required to protect your data and use it only for the services they provide to us.
6. Data Retention
- Assessment data: Retained for the duration of your email subscription. Deleted within 30 days of unsubscribing or upon deletion request.
- Email subscriber data: Retained until you unsubscribe or request deletion.
- Purchase records: Retained for 7 years as required for tax and accounting purposes.
- Analytics data: Aggregated and anonymised; retained indefinitely in non-identifiable form.
7. Your Rights (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under GDPR:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request correction of inaccurate data.
- Right to erasure — request deletion of your personal data ("right to be forgotten").
- Right to restrict processing — request that we limit how we use your data.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interest.
- Right to withdraw consent — withdraw your marketing consent at any time, without affecting the lawfulness of processing prior to withdrawal.
To exercise any of these rights, email us at contact@theexecutiveprotocol.com. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.
8. International Data Transfers
Some of our service providers operate outside the EEA. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission or equivalent mechanisms.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted data transmission (SSL/TLS), secure hosting infrastructure, and restricted access to personal data on a need-to-know basis.
No system is completely secure. While we take reasonable steps to protect your data, we cannot guarantee absolute security.
10. Children's Privacy
Our services are designed for professionals and are not directed at individuals under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. For material changes that affect how we process your data, we will notify you by email where possible.
12. Contact
For any questions about this Privacy Policy, your data, or to exercise your rights:
The Executive Protocol
Email: contact@theexecutiveprotocol.com
Website: theexecutiveprotocol.com