Privacy Policy

Updated May 24, 2018


Below, we will first attempt to communicate our exact position on your privacy in the plainest, “real world” language possible, before the painful legalese further down the page…

300,000-Foot View
It’s YOUR personal information. We will tell you what info we have, how you can access it, how we use it, and exactly how you can remove all personal data that we may have. It’s always up to you, period.

30,000-Foot View
The bottom line is that we’ll do everything possible so that we don’t violate your trust in any way, especially any personal data that we may have.

That means we won’t do sneaky things. It means we won’t try to attract visitors under 18 that can’t properly consent to a business decision. It means that we won’t sell your data or share it with any third-party without your express consent (although see IMPORTANT NOTES below in the “Google and Facebook Pixels/Tracking (Specifically)” section, the “Sharing your personal information” section, as well as the “What if We Sell the Business” section.)

It also means that we’ll do everything possible to secure any personal data you provide to us. It means we won’t leave a company laptop unattended and logged-in at Starbucks. It means that we use “strong” passwords for services we rely on (like our email list management application – currently ConvertKit – for example.)

It means we’ll use proper security on mobile devices, so that if they are lost or stolen, there is a miniscule chance that somebody can crack the security and break in to the device and be able to access your data.

First, yes, this is mostly in response to the GDPR
GDPR is the General Data Protection Regulation – a law about data protection and privacy for people in the European Union (EU) and European Economic Area (EEA) that starts being enforced on May 25, 2018.

In the past, we think we did a well-above-average job with our Privacy Policy. We disclosed much more than we were required to, because we just thought it was the right thing to do. Now, because the EU has decided that their citizens can’t think for themselves, there’s a bunch of draconian new regulations.

Don’t get me wrong – there are numerous bad actors out there, who don’t properly secure personal data, or who do immoral at best, and illegal at worst, things with personal data. The malicious people should be put out of business and prosecuted, end of story.

And the people who make reasonable mistakes and immediately fess up and try to help fix it? Well, we all make mistakes, so although I’m not happy when my data is compromised by some company … I understand that that’s the real world.

But anyway, the EU has decided to reach far beyond what is necessary for protection of their citizens, and far beyond what’s necessary to allow them to punish the bad guys. Can you tell I’m not a fan of Big Government?

So, below we’re trying to be completely transparent in everything we do.

The funny thing is that we are not allowed to simply decide not to work with any clients in the EU or EEA, or prevent them from joining our mailing list.

(We could do that with some cool GeoIP technology if we were allowed to…)

But if we block people, then we’re in violation of one of the clauses about discriminating against citizens in the EU or EEA. Big Government gets to tell me what part of the world I can and can’t sell to? Awesome.

Personal Data and Payment-Related Information
OK, no more ranting – let’s get going.

There’s all kinds of Personal Data involved in Privacy Policies – Name, Address, Income, Payment-Related Data, Health Information, Cultural Profile, and other stuff.

Cosmetic Funnels has very, very little of that information!

For the most part, we have name, email address, *business* address, *business* phone number, and various company contacts.

(For those practices who do see patients from the EU – including all kinds of their personal data, their income-related info for financing, obviously tons of health info, etc. – I don’t envy you one little bit. Sensitive stuff like health information is held to a much higher standard by the GDPR.)

One important thing that we do NOT have is your credit card or payment information!

We use a company called Stripe for all of our credit card processing (in the future we’ll have a couple backup processors who we’ll make sure handle things the same way.)

Stripe handles your credit card and financial information.

They are a large, well-known company that processes billions of dollars of payments per year. They have been funded by people like Visa, American Express, Peter Thiel (the founder of PayPal), and Elon Musk.

At the time that I’m writing this, companies like Target, Facebook, Under Armour, OpenTable, Lyft, NPR, The Girl Scouts, and Unicef use them, so I feel pretty safe using them for my small business.

For some products and services, we make a PayPal option available, and in that case, it’s just like with Stripe – PayPal receives your payment information, not our company.

The reason I mention all of that is so that you know that you don’t have to worry about one of the most critical pieces of personal data, because our company, our employees, our service providers, etc., never see that data (except our payment service providers Stripe and PayPal, of course.)

Some people who visit our website might have been burned too many times, and don’t want to use a credit card online, even with trusted providers like Stripe and PayPal.

Not a problem – you can send us a check or a wire transfer. Less fees for us! Email us at [email protected], and our Office Manager will help.

Cookies and Pixels and Tracking, Oh My!
I firmly believe that many companies inject as much technical talk into this subject as possible to confuse people and make them just give up.

I’m a nerd at heart, so I might stray in that direction, but I’ll really do my best to be straight with all of this.

We (marketers) want to know as much about you as we can to figure out if you’ll be a good prospect for our products and services. There, I said it.

But, given common-sense usage and common-sense limitations, isn’t that kind of what you want also?

Let me explain.

This is grossly simplified, but as an example, if you visit a General Motors website, they (or more likely a third-party like Facebook or Google) will run some “code” that will create a “cookie” on your device. That cookie can then be used to find out some things about you – what pages you visit and that kind of stuff.

If you spend a bunch of time on their Cadillac pages, that’s something they’ll be able to use later.

Again, this is highly-simplified, and can be done many different ways, but just stay with me.

If you’re on Facebook later, you might see an ad for a Cadillac – imagine that!

Many years ago that was pretty magical, but now it’s pretty commonplace of course, and people understand what’s going on, even if they don’t know the exact mechanism that allows it to happen.

So back to my statement about you wanting marketers to know as much about you as they can.

I’m exaggerating to make a point, but if you’re interested in a Cadillac, don’t you want to see special deals on, gee, maybe a Cadillac … instead of an ad for a Suburban?

That’s the general goal of cookies and pixels and tracking code.

You can absolutely block that from happening, or opt-out, or clear your cookies in your browser frequently.

(Just keep in mind that cookies also do things like saving your username and other history that you might find helpful – so make sure you understand the big picture before you just read this and go and clear all your cookies!)

If you’d like more information on opting-out of this kind of information, scroll down through the “Official Legalese Below” section until you get to “Third-Party Advertising.”

If this sounds too complicated, email us at [email protected], and we’ll help.

Google and Facebook Pixels/Tracking (Specifically)
Above I talked about pixels and tracking code and cookies. But let’s get really specific about something that we absolutely, unapologetically do.

We have code from Google Analytics, Google AdWords, and Facebook installed on our website.

If you visit our website, that code will “track” you.


1. It will tell us what pages on our website that “you” visited. I put “you” in quotation marks because it specifically does NOT track your computer/browser session back to anything that can specifically identify who you are.

As an example, it can tell where you come from (geographically), what kind of browser you use, possibly your age range and gender, and all kinds of other stuff. Importantly, however, none of that tracks back to a name, or an email address, or a phone number or anything else. Google is extremely strict on safeguarding your privacy in that manner.

2. That code will keep tabs on “you” so that we can show you advertisements. Same thing as above with “you” in quotation marks. Google will let us target a list or group that you are part of, but will specifically not let us target John Doe or Jane Doe – a specific person.

In fact, both Google and Facebook require a minimum “retargeting” list size to ensure that you can’t create lots of small lists that would make it easier to figure out exactly who somebody is.

As I mentioned in the section above, that’s how you’ll see a Cadillac ad on Facebook after you visited and looked at Cadillacs.

But that’s also how it’s possible that you’ll see an ad for Allen Edmonds shoes on a third-party, non-Google site like the New York Times website after you go to the website.

(Funny story, they didn’t have their settings correct, and showed me 6 ads on one page shortly after I visited their site years ago.)

To finish up this section, I think I might make history by being the first person ever to make a pitch within a Privacy Policy. 🙂

Retargeting (also known as Remarketing) is extremely powerful, and your practice should absolutely, positively be using it. Sadly, in audits that we do, we find that it is 30% of practices at the most, sometimes as little as 1 out of 10 practices that are doing this. That’s tragic, and costly to your business.

I think you might be able to figure out who can help set that up correctly – and keep it from being done poorly like Allen Edmonds.

But anyway, back to Google and Facebook Pixels and tracking.

If you don’t want to take the time to learn about all of this technical pixels and cookies junk, but want to make sure that we help you exclude yourself from this, email us at [email protected], and we’ll help.

What if We Sell the Business
Yeah, I know, I’m pretty sure I’ve never seen anything like this in a Privacy Policy either. But we pushed ourselves to think this through in as much detail as possible.

So what happens if we decide we’ve had all the fun we can take, and sell this business to somebody else in the future?

I don’t know!

I think it would be disingenuous of me to guarantee that we can tell you exactly what would happen in that case.

I can tell you that the reputation and integrity of the buyer would be of the utmost importance when we make that kind of decision.

So do I think that some future, new owner will do a bunch of unscrupulous things with your data? Absolutely not.

By the time we get to that point, the GDPR (not to mention the US and the rest of the world) will probably tell us exactly what we can and cannot do in terms of selling our business, and give us the 20,000-page contract that we must use. So it might be a moot point.

Even if that doesn’t happen, we would write in to any agreement exactly how we work with our clients, prospects, and subscribers. We would talk about our Privacy Policy extensively, how we expect them to honor those same processes, and warn them about the huge potential fines (up to 20 Million Euros for the GDPR) if they screw up.

So I don’t think it will be an issue.

But if you’re worried about that, you can either cut all ties with us now so you’re ready in 5 or 10 or 20 years … or wait until we notify you that the business is being sold, and request all of your data be purged at that point if you don’t want to take the chance.

Write to us at [email protected] with any concerns about this, and we’ll do our best to help.

“Is your website ‘secure’?”
We have taken as many precautions as we can to ensure that our website(s) cannot be hacked. We employ SSL (Secure Sockets Layer) encryption, fully-managed high-end webservers with up-to-date hardware and software, and extremely strong passwords.

Unfortunately, no measures can be guaranteed to provide 100% security. If this is not acceptable to you, we recommend that you do not subscribe to our email list, purchase a product of ours, or enter into a service contract with us.

“I Just Want to Know What Data You Have on Me!”
No problem, just ask.

Send us an email to [email protected] and we’ll get that information back to you within the GDPR’s 30-day limit. More likely, because we care about our customers and subscribers and are as responsive as possible … because it’s just good business … it might be within 3 days or even the same day. Take that, Big Government!

“I Just Want Out!”
If all of this is too much, I understand.

If you’re a mailing list subscriber only, simply click on the “Unsubscribe” link at the bottom of every email, and you’ll be permanently removed from the list. If you’d also like us to purge your record (even though it will show you as a deleted, non-contactable subscriber), just email us at [email protected] and ask.

If you’re a current or former customer of our services, or have purchased one of our products, simply email us at [email protected] and we’ll scrub everything from all of our systems to the best of our ability.

Please note that it may take up to ten (10) business days to fully process and comply with your request. There are various prescheduled events (like emails) which could take place and cause you to receive something after you have opted-out.

That shouldn’t be the case for the most part, as most requests can be fulfilled right when we receive them, but we’re trying to be realistic and plan for all eventualities.

Last Word in the “Straight Talk” Section
Everything I’ve written above is about as far away from legal language as you could possibly get. That’s because we want to conform not just to the letter of the law, but to the spirit of the law.

And we think that the spirit of the law is:

  1. To hold any private information to be as private as it can possibly be.
  2. To tell people that they can ask for anything that we have on them.
  3. To inform people about exactly what we are doing with that data.
  4. To tell them how they can modify their preferences.
  5. To make sure people can easily remove any personal data we have on them.

PLEASE NOTE: Our attorney rolled his eyes at everything above. It absolutely should not be used as the only source to determine what our Privacy Policy is.

Remember, it was the straight talk that I thought was pertinent, and that I’d want to read if I visited a website. The stuffy, corporate, legal-speak to fulfill all the requirements is below for your reading pleasure.

As a final reminder, if you have any questions or concerns whatsoever about this Privacy Policy, or anything that our company does concerning your personal information, simply email [email protected].

Official Attorney-Written Privacy Policy Below…

Your Privacy
Your privacy is important to us. To better protect your privacy we provide this notice explaining our online information practices and the choices you can make about the way your information is collected and used.

Our Commitment To Children’s Privacy
Protecting the privacy of the young is especially important. For that reason, this website will never collect or maintain information at our website from those we actually know are under 18, and no part of our website is structured to attract anyone under 18.  Under our Terms of Service, children under 18 are not allowed to access our service. In addition, specifically, we will not target Facebook Lead Ads toward anyone under 18 years of age.

Personal identification information
We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address, mailing address, phone number.

Users may, however, visit our Site anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site-related activities.

When visiting this website, the IP address used to access the site will be logged along with the dates and times of access. This information is purely used to analyze trends, administer the site, track the movement of users and gather broad demographic information for internal use. Most importantly, any recorded IP addresses are not linked to personally identifiable information.

Non-personal identification information
We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users’ means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.

Web browser cookies
Our Site may use “cookies” to enhance User experience, as well allow us to reach them as an anonymous member of a list – not personally in any way. A User’s web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. The User may choose to set their web browser to refuse cookies, or to alert you when cookies are being sent. If they do so, note that some parts of the Site may not function properly.

How we use collected information may collect and use User’s personal information, which you will specifically fill out and consent to via forms on the website, for the following purposes:
– To improve our Site
– To improve our products and services
– To communicate with you, and more specifically, to continue to send you email communications if you are a subscriber to our list
– To respond to any questions or requests you may have
– To notify you of any data breaches
– To comply with legal or regulatory obligations
– To improve your experience with our products and services
– To segment what ads we may show you based on what your collected information indicates that you are interested in.

How we protect your information
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.

Links to third party Websites
We have included links on this site for your use and reference. We are not responsible for the privacy policies on these websites. You should be aware that the privacy policies of these sites may differ from our own.

Sharing your personal information
We do not sell, trade, or rent Users personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above.

We may share some of your personal information with other third-party service providers, to perform services on our behalf or to assist us in providing services to you. It is important to note that any of these third-parties would be carefully selected by us after great scrutiny, to ensure that they are reputable, trustworthy companies – who have their own solid privacy policy and personal data security policy in force.

A few examples of these kinds of third-parties are:
– Webinar hosting platforms like Zoom, or
– Appointment and Calendaring services like or
– Customer support platforms like

Note that in all cases, a very limited amount of your personal information would be shared – likely just your name, email address, and phone number and sometimes less than that.

Please also note that in many cases, we would initiate an action with our service provider (Calendly, for example), that has nothing to do with your information. You, then, would accept a link/appointment and/or login to that service, and possibly enter your name and email address into *their* application or website, as an example.

Therefore, we are not really sharing any of your data in that scenario, but in the interest of being as transparent as possible, we want to document every eventuality.

Third-party Advertising
Third party vendors, including Google, may show you ads on other sites on the Internet relating to our website.  Third party vendors, including Google and Facebook, use cookies to serve ads based on a user’s prior visits to this website. Users may opt out of Google’s use of cookies by visiting the Google advertising opt-out page. In addition to any opt out offered by any of the services below, the User may opt out of a third-party service’s use of cookies by visiting the Network Advertising Initiative opt-out page.

Facebook Remarketing and Custom Audiences
Facebook uses cookies (also known as a “pixel”) to connect the activity of users who have visited our site to other advertisements we may run. Users may opt out of Facebook’s use of cookies by visiting the Facebook opt-out page.

Facebook Lead Ads
Any user information submitted to us through a Facebook Lead Ad will be governed by this privacy policy. As stated above in the section about minors, we specifically will ensure that no Facebook Lead Ads are targeted to anyone below 18 years of age.

Changes to this Privacy Statement
The contents of this statement may be altered at any time, at our discretion.

Your acceptance of these terms
By using this Site, you signify your acceptance of this policy and terms of service. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.

If you have any questions regarding the privacy policy of this website then you may contact us using the contact form on this website, or [email protected]

All trademarks mentioned herein are the property of their respective manufacturers.