The Upgrade Society

Privacy Policy

Last Updated: March 2026  ·  The Upgrade Society Enterprises LLC

This Privacy Policy explains how The Upgrade Society Enterprises LLC ("we," "us," "our") collects, uses, stores, and protects personal information from individuals who visit our website, apply for membership, or interact with our services in any capacity. By using our website or services, you consent to the practices described in this Policy.

1. What We Collect

We collect information you provide directly and information collected automatically through your interaction with our platforms:

• Application data: Name, email address, phone number, country of residence, and responses to application questions submitted via Typeform or any other intake method
• Payment data: All payments are processed by Stripe. We do not store card numbers or full payment details. We retain transaction records including amount, date, currency, and payer name, as required for accounting and dispute resolution
• Communication data: Emails, direct messages, and any communications sent to us or through our automated flows including ManyChat or GoHighLevel
• Usage data: IP address, browser type, device type, operating system, pages visited, time on page, scroll depth, and referral source — collected automatically via cookies, pixels, and analytics tools
• Marketing interaction data: Ad clicks, video views, form completions, comment interactions, and UTM parameters — collected via Meta Pixel, Instagram, and other tracking infrastructure

2. How We Use Your Data

• To process your application and manage your membership
• To communicate with you regarding your membership status, launch date, Society updates, and renewal
• To process payments, issue refunds where applicable, and maintain financial records
• To deliver concierge services and facilitate bookings on your behalf
• To run, target, and optimise paid advertising campaigns on Meta and Instagram
• To build Custom Audiences and Lookalike Audiences for ad targeting purposes
• To analyse website and funnel performance and improve conversion flows
• To enforce these Terms and investigate potential conduct violations
• To comply with applicable legal obligations, including tax, fraud prevention, and regulatory requirements

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and United Kingdom, we process your personal data on the following legal bases:

• Contract performance: Processing necessary to deliver your membership and associated services
• Legitimate interests: Analytics, security, fraud prevention, chargeback dispute resolution, and service improvement — where our interests do not override your rights
• Consent: Marketing communications and non-essential cookies and tracking — consent may be withdrawn at any time without affecting prior processing
• Legal obligation: Where processing is required by applicable law, including financial record-keeping and regulatory compliance

4. Who We Share Data With

We do not sell your personal data to any third party. We share data only with the following categories of service providers, each operating under contractual data protection obligations. These providers may use sub-processors of their own, which are governed by their respective privacy policies:

• Stripe — payment processing and fraud prevention
• Circle.so — community platform delivery and member management
• GoHighLevel (GHL) — CRM, pipeline management, and automated communications. GoHighLevel may engage sub-processors for infrastructure and delivery. Their data processing practices are governed by their Data Processing Agreement
• Typeform — application form submission and data capture
• Meta (Facebook / Instagram) — advertising platform. Data shared includes hashed email addresses for Custom Audience matching, retargeting, and Lookalike Audience creation. Meta operates as an independent data controller for its own ad platform purposes
• Email service providers — for transactional and marketing email delivery
• Legal and professional advisors — where required to protect our rights, enforce these Terms, or respond to legal proceedings

We may also disclose personal data where required by applicable law, valid court order, regulatory demand, or to protect the rights, property, or safety of The Upgrade Society, its members, or the public.

5. International Data Transfers

Our services are operated from the United States. If you are accessing our services from outside the US — including from the EEA, United Kingdom, UAE, or any other jurisdiction — your personal data may be transferred to and processed in the United States, where data protection laws may differ from those in your country. Where required by applicable law, we rely on Standard Contractual Clauses approved by the European Commission, the UK International Data Transfer Agreement, or other lawful transfer mechanisms to govern such transfers. By using our services, you acknowledge and consent to this transfer.

6. Cookies & Tracking Technologies

We use cookies and similar tracking technologies including pixels, tags, and local storage. Categories of use include:

• Essential cookies: Required for core site functionality — cannot be disabled without affecting service delivery
• Analytics cookies: Used to understand how visitors interact with our site, measure funnel performance, and improve user experience
• Advertising cookies: Meta Pixel and equivalent technologies used for ad measurement, conversion tracking, Custom Audience building, and retargeting across Meta platforms

You may manage cookie preferences through your browser settings. Disabling certain cookies may impair site functionality. If you are an EEA or UK resident, we will seek your consent for non-essential cookies prior to deployment where technically feasible. By using our site without adjusting your browser settings, you consent to our use of cookies as described here.

7. Do Not Sell or Share My Personal Information (California)

We do not sell your personal information as defined under the California Consumer Privacy Act (CCPA) or California Privacy Rights Act (CPRA). We do share certain data — including hashed email addresses — with Meta for advertising purposes, which may constitute "sharing" under CPRA. California residents may opt out of this sharing by contacting us at [email protected] with subject line: CCPA Opt-Out — [Your Name]. Note that opting out of ad-related sharing may reduce the relevance of any ads you see but does not affect your membership or access in any way.

8. Data Retention

We retain personal data for as long as necessary to deliver your membership, meet legal and financial record-keeping obligations, and resolve any disputes. Specifically:

• Active member data is retained for the duration of membership plus 3 years following lapse or termination
• Applicants who do not become members have their data retained for up to 12 months for re-engagement purposes, after which it is deleted unless you have affirmatively opted in to continued contact
• Payment records are retained as required by applicable tax and financial law, typically 7 years
• You may request deletion at any time subject to Section 9 — deletion requests cannot override legal retention obligations

9. Your Rights

Depending on your jurisdiction, you may have the following rights. To exercise any right, email [email protected] with subject line: Privacy — [Your Name]. We will respond within 30 days.

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data, subject to legal retention requirements
• Portability: Request your data in a structured, machine-readable format
• Restriction: Request that we restrict processing of your data in certain circumstances
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Where processing is consent-based, withdraw at any time without affecting prior lawful processing
• California opt-out: See Section 7 above

10. Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. Payment data is handled exclusively by Stripe, which is PCI-DSS Level 1 compliant. Access to member data within our internal systems is restricted to authorised personnel and contractors on a need-to-know basis. No method of internet transmission is entirely secure; we cannot guarantee absolute security and are not liable for breaches that result from factors outside our reasonable control.

11. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect, process, or retain personal data from minors. If you believe a minor has provided personal data to us, contact [email protected] immediately and we will delete it without undue delay.

12. Changes to This Policy

We may update this Privacy Policy at any time. Material changes will be communicated to active members by email and reflected in an updated "Last Updated" date at the top of this page. Continued use of our services after the effective date of an updated Policy constitutes acceptance. If you do not accept the updated Policy, contact us to request account closure — noting that legal retention obligations may require us to retain certain data regardless.

13. Supervisory Authority (EEA/UK)

If you are an EEA or UK resident and are not satisfied with our response to a privacy complaint or request, you have the right to lodge a complaint with your local data protection supervisory authority. In the UK, this is the Information Commissioner's Office (ICO).