Privacy

Last updated: May 20, 2026.

GnosisFi is a financial education platform. This page tells you what data we collect, why, how long we keep it, and what you can do about it. Short version: we collect the minimum we need to deliver the courses you bought, we never sell it, and you can delete your account anytime.

What we collect

When you create an account, we collect your email address and your name if you give it (the name is optional and only used in your welcome email and on your receipt).

When you buy a course, we collect your name, your billing country if required for tax, and a record of the purchase. Your payment card number goes directly from your browser to Stripe and is never stored on our servers. If you pay in USDC, we record the wallet address that sent the payment.

When you use the site, we collect basic analytics through PostHog (page views, which buttons you click). We use this to fix bugs and decide which lessons to write next. IP addresses are anonymized before they reach our analytics.

When you take a course, we record your progress per lesson (which lessons you finished, your last watched timestamp), your quiz answers, and any notes you saved. This data is private to you.

When you email us, we keep your message and your email address so we can reply.

What we do not collect

We do not store your payment card number. That goes directly from your browser to Stripe.

We do not buy data about you from third parties.

We do not run third-party ad trackers. No Facebook pixel, no Google Ads tag, no LinkedIn insight tag, no TikTok pixel.

We do not record audio or video of you.

We do not track you on other websites.

Why we collect it

Email: to send you the courses you bought, your receipt, and important account notices. We do not send marketing emails unless you specifically asked to be on a list.

Name: to address you politely in the welcome email and on the receipt.

Payment info: to charge you once and refund you if you ask within 14 days.

Progress, quiz answers, notes: to give you the resume-where-you-left-off feature and show your completion status.

Analytics: to find broken pages and decide what to build next. Aggregated only.

Who we share it with

We use a small number of third-party services to run the site. Each one only sees the slice of data they need.

Stripe (payments). Receives your name, email, billing country, and card. Their policy: stripe.com/privacy.

Supabase (database and auth). Hosts your email, password reset tokens, and course progress. Their policy: supabase.com/privacy.

Resend (email delivery). Receives your email address and the body of any email we send you. Their policy: resend.com/legal/privacy-policy.

Vercel (hosting). Sees IP addresses for security logging only (kept 90 days). Their policy: vercel.com/legal/privacy-policy.

PostHog (analytics). Receives anonymized page views and click events. IP anonymization is on. Their policy: posthog.com/privacy.

We do not share your data with anyone else. We do not sell it. We do not rent it. We do not give it to data brokers.

How long we keep it

Your account: as long as it is active. Delete it anytime.

Purchases: 7 years after the purchase. We are legally required to keep purchase records for tax purposes.

Email replies: 2 years, then deleted.

Analytics: 90 days at row level, then aggregated.

Server logs: 90 days.

Your rights

You can ask us for a copy of everything we have on you. Email info@gnosisfi.com. We send it within 30 days.

You can correct anything that is wrong. Edit it in your account or email us.

You can delete your account. Email info@gnosisfi.com or use the delete option in your account security page. We remove your data within 30 days, except purchase records we are legally required to keep.

You can export your data as a JSON file. Email us and we send it within 30 days.

You can object to specific processing. Email us. We stop unless we are legally required to continue.

If you are in the EU, the UK, California, Colombia, or any other jurisdiction with a privacy law, you have additional rights under that law. Email us and we will honor them.

Cookies

We use one session cookie to keep you signed in. It is httpOnly (not visible to JavaScript), secure (only sent over HTTPS), and sameSite (only sent from our site). It expires after 30 days of inactivity.

PostHog sets a first-party analytics cookie to count visits. We have configured it without cross-site tracking.

We do not use third-party cookies. We do not use cookies to show you ads.

Children

GnosisFi is not for users under the age of 16. If you are under 16, do not create an account. If you are a parent and discover your child created an account, email us and we will delete it.

International transfers

GnosisFi is operated from Colombia. Our servers are in the United States (Vercel and Supabase, US East region). If you are outside Colombia or the US, your data may be transferred to and processed in either country.

Changes to this policy

If we change this policy in a meaningful way, we will email everyone with an account and post the change on this page with a new Last updated date. We will not silently change it.

Contact

Questions about your data? Email info@gnosisfi.com. A real person reads every message and replies within two business days.