Privacy Policy
1. Quick summary
We help course creators build, launch and (optionally) market their online programs. You provide the course content; we build the infrastructure and (if agreed) operate the sales/launch funnels. We collect basic contact and business details (name, email, phone, business name and address) to deliver our services. We do not collect your raw payment card details — payments are processed by Stripe. You can request access, correction, deletion, or object to processing — see “Your rights” below.
2. What personal data we collect
We collect the following categories of personal data:
Identity & contact: name, email address, phone number, business name, business address.
Account & service data: details you provide for building your course infrastructure (profile/business details), usernames for subaccounts we create on your behalf.
Logs & technical data: IP address, device/browser identifiers and basic analytics data generated when you use our website (if enabled).
(We do not collect customers’ payment card data — payments are processed by Stripe.)
3. How we collect data
Directly from you via signup forms, onboarding forms, emails and support chat.
Automatically via website logs and standard analytics tools when you visit our site (if enabled).
4. Why we process your data (legal bases)
Performance of a contract: to deliver services (build and operate course infrastructure, provide support, bill recurring fees).
Legitimate interests: to improve our services, detect fraud, maintain basic records.
Legal compliance where applicable.
Under the GDPR we rely primarily on contract performance and legitimate interests for the categories above. See Art.13 – GDPR for required notice elements. GDPR
5. Third parties / processors
We share or allow access to your data only with service providers who help operate our business. Key processors include:
GoHighLevel (GHL) — we create and manage subaccounts on your behalf as part of our service.
Stripe — payment processing. (We do not store full card numbers.) Stripe has its own Data Processing Agreement. Stripe
Google Analytics — if enabled, for aggregated website metrics.
If we add a new processor that changes your rights materially we will update this policy.
6. International transfers
Our business operates from Denmark. Some processors (e.g., Stripe, GHL, Google) may transfer or store data outside the EEA. Where necessary we rely on mechanisms such as EU Standard Contractual Clauses or a validated DPA from the processor. If you want details of where a specific processor stores or transfers data, contact us. (See Stripe’s DPA for details on their processing terms.) Stripe
7. Cookies & tracking
We use or may use analytics tools that set cookies. Under EU rules, non-essential cookies (analytics, marketing) require user consent before being set. We strongly recommend implementing a cookie consent solution that blocks non-essential cookies until consent is given. For general EU guidance on cookies and consent, see GDPR/ePrivacy guidance. GDPR.euEuropean Union
8. Data retention
We retain personal data for as long as necessary to provide your service and to comply with legal obligations. If you cancel services we will deactivate the subaccount and delete associated data unless we are required to retain some records by law or for legitimate business reasons. When no longer required, data is securely deleted.
9. Your rights (examples)
If you are in the EEA you have rights including:
Access: request a copy of personal data we hold about you.
Rectification: correct inaccurate or incomplete data.
Erasure: request deletion where legal grounds permit.
Restriction/object to processing.
Data portability: get your data in a machine-readable format.
Lodge a complaint with the Danish Data Protection Authority (Datatilsynet). For general EU breach/complaint guidance see Datatilsynet/EDPB materials. Danish Data Protection AgencyEuropean Data Protection Board
To exercise your rights, contact: [email protected].
10. Data security
We take commercially reasonable technical and organisational steps to protect data (TLS for website access, account access controls, limited access by staff). Processors we use maintain their own security programs (you can query them directly).
11. Data breaches
If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will (where required by law) notify the supervisory authority without undue delay and the affected individuals when required. For specific DPA notification channels see EDPB/Datatilsynet guidance. European Data Protection Board
12. Children
We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data about a minor contact us and we will promptly delete it.
13. Changes to this policy
We may update this policy — we will publish the updated version and note the effective date.
Controller: CBMG Alliance (Sole proprietorship) — CVR: 44863944
Effective date: August 17, 2025
Privacy Policy
1. Quick summary
We help course creators build, launch and (optionally) market their online programs. You provide the course content; we build the infrastructure and (if agreed) operate the sales/launch funnels. We collect basic contact and business details (name, email, phone, business name and address) to deliver our services. We do not collect your raw payment card details — payments are processed by Stripe. You can request access, correction, deletion, or object to processing — see “Your rights” below.
2. What personal data we collect
We collect the following categories of personal data:
Identity & contact: name, email address, phone number, business name, business address.
Account & service data: details you provide for building your course infrastructure (profile/business details), usernames for subaccounts we create on your behalf.
Logs & technical data: IP address, device/browser identifiers and basic analytics data generated when you use our website (if enabled).
(We do not collect customers’ payment card data — payments are processed by Stripe.)
3. How we collect data
Directly from you via signup forms, onboarding forms, emails and support chat.
Automatically via website logs and standard analytics tools when you visit our site (if enabled).
4. Why we process your data (legal bases)
Performance of a contract: to deliver services (build and operate course infrastructure, provide support, bill recurring fees).
Legitimate interests: to improve our services, detect fraud, maintain basic records.
Legal compliance where applicable.
Under the GDPR we rely primarily on contract performance and legitimate interests for the categories above. See Art.13 – GDPR for required notice elements. GDPR
5. Third parties / processors
We share or allow access to your data only with service providers who help operate our business. Key processors include:
GoHighLevel (GHL) — we create and manage subaccounts on your behalf as part of our service.
Stripe — payment processing. (We do not store full card numbers.) Stripe has its own Data Processing Agreement. Stripe
Google Analytics — if enabled, for aggregated website metrics.
If we add a new processor that changes your rights materially we will update this policy.
6. International transfers
Our business operates from Denmark. Some processors (e.g., Stripe, GHL, Google) may transfer or store data outside the EEA. Where necessary we rely on mechanisms such as EU Standard Contractual Clauses or a validated DPA from the processor. If you want details of where a specific processor stores or transfers data, contact us. (See Stripe’s DPA for details on their processing terms.) Stripe
7. Cookies & tracking
We use or may use analytics tools that set cookies. Under EU rules, non-essential cookies (analytics, marketing) require user consent before being set. We strongly recommend implementing a cookie consent solution that blocks non-essential cookies until consent is given. For general EU guidance on cookies and consent, see GDPR/ePrivacy guidance. GDPR.euEuropean Union
8. Data retention
We retain personal data for as long as necessary to provide your service and to comply with legal obligations. If you cancel services we will deactivate the subaccount and delete associated data unless we are required to retain some records by law or for legitimate business reasons. When no longer required, data is securely deleted.
9. Your rights (examples)
If you are in the EEA you have rights including:
Access: request a copy of personal data we hold about you.
Rectification: correct inaccurate or incomplete data.
Erasure: request deletion where legal grounds permit.
Restriction/object to processing.
Data portability: get your data in a machine-readable format.
Lodge a complaint with the Danish Data Protection Authority (Datatilsynet). For general EU breach/complaint guidance see Datatilsynet/EDPB materials. Danish Data Protection AgencyEuropean Data Protection Board
To exercise your rights, contact: [email protected].
10. Data security
We take commercially reasonable technical and organisational steps to protect data (TLS for website access, account access controls, limited access by staff). Processors we use maintain their own security programs (you can query them directly).
11. Data breaches
If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will (where required by law) notify the supervisory authority without undue delay and the affected individuals when required. For specific DPA notification channels see EDPB/Datatilsynet guidance. European Data Protection Board
12. Children
We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data about a minor contact us and we will promptly delete it.
13. Changes to this policy
We may update this policy — we will publish the updated version and note the effective date.
Controller: CBMG Alliance (Sole proprietorship) — CVR: 44863944
