Operated by Ugly Code LLC (166 Geary St, STE1500 #631, San Francisco, CA 94108, USA)
1. Who we are
Lumberjack.so is a technology blog, resource hub and launch pad for present and future digital products. All websites that end in .lumberjack.so (collectively, the “Sites”) are owned and operated by Ugly Code LLC (“we”, “our”, “us”).
2. Scope of this notice
This Privacy Policy explains how we collect, use, share and safeguard personal information obtained through the Sites and through our related email communications and services.
3. What data we collect & why
| Purpose | Data elements | How we obtain it | Lawful basis* | Legitimate‑interest assessment (where used) |
|---|---|---|---|---|
| Account & purchase fulfilment | Name, email, postal address, purchase details supplied by Polar | Checkout flow (via Polar) | Contract performance | n/a |
| Newsletter & resource delivery | Email address, name (optional) | Sign‑up form, double‑opt‑in link | Consent | n/a |
| Marketing communications (occasional promotions) | Email address, interaction history | Newsletter platform | Consent (+ opt‑out) | n/a |
| Customer support | Email address, message content | Direct emails / web forms | Legitimate interest | Necessary to respond; low privacy impact |
| Site analytics & performance | Pseudonymised usage statistics (page views, referrer, device type, coarse location) | Plausible Analytics (no cookies, IP truncated) | Legitimate interest | Service improvement with minimal data; users can block analytics scripts |
| Security, fraud‑prevention & legal compliance | Server logs incl. IP, error traces, transaction records | Automated systems | Legitimate interest / legal obligation | Essential to detect abuse and meet statutory duties |
*Legal bases under the EU General Data Protection Regulation (GDPR). For US users the equivalent bases are notice/choice and our legitimate business interests.
4. How we share information
| Recipient | Role | Notes & safeguards |
|---|---|---|
| Polar.sh | Merchant of Record & payment processor | Polar acts as an independent data controller for checkout information. When you buy, you contract with Polar and are subject to their privacy policy. Polar supplies us with your email and fulfilment data so we can deliver your purchase and provide after‑sales support. We do not receive full payment‑card details. |
| Mailgun | Transactional email (confirmations, download links) | DPA + Standard Contractual Clauses (SCCs) in place. |
| ConvertKit | Newsletter delivery & list management | DPA + SCCs. |
| Plausible Analytics | Privacy‑friendly, cookie‑less analytics | EU‑hosted; IPs stripped before storage. |
| Self‑hosted Ghost platform | Content management & subscriber database | Hosted on hardened servers; access controlled. |
| Authorised contractors | Development, support, accounting | Bound by NDA and least‑privilege access. |
| Law enforcement / regulators | Legal compliance | Disclosed only when legally compelled. |
We do not sell or rent your personal information.
5. Cookies & similar technologies
The Sites themselves set only functional cookies required to operate log‑in areas or embeds. However, third‑party services such as payment widgets, audio/video players or social‑media embeds may place their own cookies or local‑storage identifiers. You can control cookies through your browser or operating‑system settings.
6. Data retention
- Subscriber & support data – kept until you unsubscribe or your account is inactive for 24 months, so that you can easily reactivate and so we can maintain a suppression list that prevents unwanted re‑mailing.
- Purchase / fulfilment records (from Polar) – retained for 7 years to satisfy accounting and tax obligations.
- Server logs – rotated and anonymised after 30 days.
- Aggregated, de‑identified analytics – kept indefinitely.
7. Security
We protect data with HTTPS, server‑level firewalls, encryption at rest for mailing lists, and strict, role‑based access control. If we become aware of unauthorised access to personal information that is likely to pose a risk to your rights and freedoms, we will notify affected individuals and, where applicable, regulators without undue delay.
8. Your privacy rights
| If you are located in… | You may exercise the following rights |
|---|---|
| European Economic Area / United Kingdom | Access, rectification, erasure, restriction, objection, portability, withdraw consent, lodge a complaint with a supervisory authority. |
| California, Colorado, Connecticut, Utah, Virginia | Know what categories and specific pieces of personal information we hold, request deletion or correction, opt‑out of any “sale” or “sharing” for cross‑context behavioural advertising (we do neither), and limit the use of sensitive personal information (we do not collect it). |
| Elsewhere | We will honour any applicable local rights and respond to reasonable requests. |
To exercise any right regarding data we control, email david@lumberjack.so with the subject line “Privacy Request”. For checkout‑related data held by Polar, please contact them directly via the address in their privacy policy.
9. Children’s privacy
We do not knowingly collect personal information from children under 13. If you believe a child has provided personal data, please contact us and we will delete it promptly.
10. Contact & privacy lead
If you have questions, concerns or complaints about how Ugly Code LLC handles personal data, please write to:
David Szabó‑Stubán (Privacy Lead)
✉︎ david@lumberjack.so
Ugly Code LLC, 166 Geary St STE 1500 #631, San Francisco CA 94108, USA
11. Changes to this notice
We may update this Privacy Policy to reflect new services, operational changes or legal requirements. Any changes will be posted here and, if material, announced to subscribers by email.
Change log
| Version | Date | Summary |
|---|---|---|
| 1.0 | 12 Jun 2025 | Initial publication |