Privacy Policy

Growth Mindset (operating at grwthmindset.com, also written as “tmindset” or “we”) keeps an email list and sells digital products. We collect the minimum information needed to do those two things and don’t sell or rent your data to anyone.

When you interact with this site, we may collect:

• Email address — if you sign up for the newsletter, download a lead magnet, or create an account.
• Name — if you provide one via Google sign-in or during purchase.
• Payment details — processed by Stripe. We never see or store your full card number.
• Reading and account activity — which articles you’ve viewed (tied to an anonymous cookie until you sign in), and basic account state (purchased products, order history).
• Traffic and campaign attribution — the URL paths you visit on this site, the referring site (e.g. twitter.com), and the campaign-tag query parameters (utm_source, utm_medium, utm_campaign, utm_content, utm_term) when present on an inbound link. We use this to understand which essays and channels work; we do not record your IP address or build any user profile from it.

• To deliver the newsletter and the lead magnets you request.
• To fulfill purchases and deliver the digital products you buy.
• To personalize your account experience (your purchases, your reading history within your own account).
• To understand which essays, products, and campaigns resonate so we can write and ship better work.

We rely on a small number of trusted third-party services to operate. Each sees only the data needed for the role it plays:

• Resend — sends transactional and newsletter emails. Sees your email address.
• Stripe — processes payments. Sees your payment details; we never store them ourselves.
• Neon — database hosting. Stores account data we collect.
• Vercel — web hosting. Sees standard web request logs (IP, user agent) for security and operational purposes, retained for a short window. Vercel does not see the contents of our database.
• Vercel Blob — file storage for the eBooks, Notion templates, and images we deliver. Does not see customer information beyond what’s embedded in file URLs.
• Google Fonts — serves typography. Per Google’s privacy policy.

We do not sell your data, rent it, or share it with advertisers. Each service above operates under its own privacy policy; the links are available on request via the email at the bottom of this page.

The site uses a small number of first-party cookies:

• Session cookie — identifies you as logged in when you sign in via magic link. Cleared when you sign out.
• Anonymous reader cookie (tmind_anon) — an opaque, randomly-generated identifier that lets us count distinct visitors and recognize a returning device without you needing to sign in. Does not identify you personally and persists for up to 400 days.
• Campaign attribution cookie (tmind_attribution) — when you arrive via a tagged link (e.g. one that includes ?utm_source=twitter), we store the campaign tags in a cookie so a purchase you make later can be attributed to the channel that brought you in. Cleared after 30 days. Contains only the campaign tags themselves — no personal information.

We do not use third-party advertising cookies, tracking pixels, or fingerprinting. You can clear these cookies anytime via your browser settings; doing so will sign you out and reset your anonymous reader and campaign attribution.

You have the right to:

• Access your data — email us and we’ll send a copy of what we have.
• Correct or update your data — email us, or update it yourself via the account page.
• Delete your data — email us with the subject “Delete my account” and we’ll remove everything within 14 days.
• Unsubscribe from emails — click the unsubscribe link at the bottom of any email we send. The link is one-click; no login required.
• Object to processing — if you believe we’re handling your data wrong, contact us and we’ll work it out.

If you’re in the EU/EEA, UK, or California, you have additional rights under GDPR, UK GDPR, and CCPA respectively. We honor all of them by default; contact us if you have a specific request.

We keep your data for as long as you have an account or are subscribed to the newsletter. If you unsubscribe and have no active orders, we keep your email on a suppression list for 2 years (so we don’t accidentally re-add you), then delete it.

Purchase and order records are retained for 7 years for tax and accounting purposes, which is required by law in most jurisdictions.

We’re a small operation and our service providers are based primarily in the United States and the European Union. By using the site, you consent to your data being transferred to and processed in those locations. Our service providers (Stripe, Resend, Vercel, Neon) all maintain data-protection standards compatible with GDPR and equivalent regulations.

This site is not intended for children under 13 (or 16 in the EU/EEA). We don’t knowingly collect data from children. If you believe a child has provided us with information, contact us and we’ll delete it.

We’ll update this page when our practices change or when third-party services we use change in material ways. The “Last updated” date at the top of this page reflects the most recent revision. For significant changes (new types of data collected, new service providers added, etc.) we will also email subscribers.

Email: hello@grwthmindset.com

For specific privacy requests (data access, deletion, etc.), use the subject line “Privacy:” followed by what you need. We respond within 14 days, usually faster.