Legal

Privacy Policy

How Desk Theory collects, uses, and protects information when you visit our website, subscribe to our newsletter, buy our products, or interact with our ads.

Effective: May 11, 2026 · Last updated: May 11, 2026

1. Who we are

Desk Theory ("we", "us", "our") is an AI-leverage education brand operated by Andrew Lissimore. We publish a newsletter, sell digital products including the OpenCLAW guide, and offer implementation services to founder-CEOs. This policy applies to desktheory.com and any subdomains.

For privacy questions, data requests, or to exercise any of the rights described below, email andrew@desktheory.com.

2. Information we collect

You give us

  • Your email address when you subscribe to the newsletter, request a lead magnet (such as our 90-day roadmap PDF), apply for services, or buy a product.
  • Your name and any other information you choose to share via forms or email.
  • Payment information you provide at checkout. Card numbers are processed directly by Stripe and never touch our servers.
  • Messages and replies you send us by email or through forms.

Collected automatically when you visit

  • IP address, approximate location (country / region) derived from IP, browser type and version, operating system, device type, and referring URL.
  • Pages visited, time spent on pages, links clicked, scroll depth, and similar interaction events captured by our visit beacon and analytics tools.
  • Cookies and similar identifiers (see Section 5).

Received from advertising platforms

  • When you click on or interact with our ads, advertising platforms (Meta, LinkedIn, Google) share aggregated and event-level data with us, including ad attribution, click events, and conversion outcomes. We send corresponding events back to those platforms via their server-side conversion APIs to improve ad measurement and matching quality.

3. How we use your information

  • Deliver what you asked for. Send the lead magnet, ship the digital product, fulfill service requests, and reply to your messages.
  • Send our newsletter and product updates. Including occasional product announcements and offers. You can unsubscribe at any time using the link in every email.
  • Run and improve our website and content. Analyze how readers find and use our content so we can improve it.
  • Run advertising campaigns. Measure how our ads perform, attribute conversions, and reach similar audiences.
  • Detect fraud and abuse. Identify suspicious purchase patterns, bot traffic, and security incidents.
  • Comply with legal obligations. Tax, accounting, and regulatory requirements.

4. Service providers we share with

We use the following third-party services to operate the business. Each receives only the data needed for its function and is bound by its own terms and privacy practices.

ProviderPurposeWhat's shared
StripePayment processingName, email, billing details, card information
BeehiivNewsletter deliveryEmail, name, engagement events
ResendTransactional email (receipts, downloads)Email, name, message content
SupabaseDatabase and backend storageAll form submissions and behavioral data
VercelWebsite hosting and serverless APIRequest logs, IP, headers
Meta PlatformsAdvertising and conversion measurementHashed email and event data via Pixel and Conversions API
LinkedInAdvertising and conversion measurementHashed email and event data via Insight Tag and Conversions API
Google (Analytics 4)Website analyticsPseudonymous identifiers and event data
AnthropicAI tooling that powers internal workflowsOnly data we deliberately submit; never your raw subscriber data

We do not sell your personal information. We do not share it with anyone outside the providers above for any purpose unrelated to running the business.

5. Cookies and tracking

We use cookies and similar technologies for three purposes:

  • Essential. Session state, security, and basic functionality. These are always on.
  • Analytics. Google Analytics 4 cookies that help us understand which content and pages perform.
  • Advertising. Meta Pixel and LinkedIn Insight Tag cookies that help us measure ad performance and find similar audiences.

You can control cookies through your browser settings. You can opt out of personalized advertising via the platforms directly: Meta ad preferences, LinkedIn ad preferences, and Google Analytics opt-out.

6. How long we keep information

  • Newsletter subscriber data: until you unsubscribe, plus 30 days of suppression-list retention to prevent accidental re-subscription.
  • Purchase records: at least seven years for tax and accounting compliance.
  • Website behavioral data and visit logs: typically 90 days, longer if needed for fraud detection or security investigation.
  • Email correspondence: as long as needed to handle the conversation and any follow-ups, then deleted within 24 months.

7. Your rights

Depending on where you live, you may have some or all of the following rights regarding your personal information:

  • Access a copy of the information we hold about you.
  • Correct information that is inaccurate or incomplete.
  • Delete your information, subject to legal retention requirements.
  • Receive your information in a portable format.
  • Object to or restrict certain types of processing, including direct marketing.
  • Opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising under California law. We do not sell personal information, but our use of advertising pixels may qualify as "sharing" under the CCPA. To opt out, email us using the address below.
  • Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email andrew@desktheory.com. We respond within 30 days.

8. International data transfers

Our service providers operate in the United States, Canada, and other regions. When we transfer your information internationally, we rely on safeguards permitted under applicable law (such as the EU Standard Contractual Clauses with our processors). By using our website, you consent to your information being processed in these jurisdictions.

9. Security

We use commercially reasonable technical and organizational measures to protect your information: encrypted connections (HTTPS), encrypted storage at rest, access controls, and audit logs. No system is perfectly secure. If we discover a breach affecting your information, we will notify you and the appropriate authorities as required by law.

10. Children

Desk Theory is not directed to children. We do not knowingly collect personal information from anyone under 16. If you believe we have collected information from a child, please email us and we will delete it.

11. Changes to this policy

We may update this policy as the business evolves. The "Last updated" date at the top reflects the latest revision. Material changes will be communicated by email to current subscribers and posted on this page at least 14 days before they take effect.

12. Contact

Privacy questions, data requests, or anything else related to this policy:

andrew@desktheory.com