Legal
Last updated: May 1, 2026 · The Guidebook & Co.™ LLC, Massachusetts
The Guidebook & Co LLC ("Company," "we," "us," or "our") is committed to protecting your personal information. This Privacy Policy describes how we collect, use, store, share, and protect information about you when you visit theguidebookco.com (the "Site"), create an account, purchase a product, or otherwise interact with us. It also describes your rights regarding your personal information under applicable privacy law, including the General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"), and other applicable state and international privacy laws.
Please read this Privacy Policy carefully. By using the Site or purchasing any product, you acknowledge that you have read and understood this policy.
The Guidebook & Co LLC 134 King Street, Groveland, MA 01834-2011 Privacy inquiries: [email protected] Support: [email protected]
For GDPR and UK GDPR purposes, The Guidebook & Co LLC acts as the data controller with respect to personal data collected through the Site.
2.1 Information You Provide Directly:
(a) Account information: name, email address, password (stored in hashed form), and other information you provide at registration.
(b) Purchase information: name, billing address, shipping address (for physical products), email address, and payment method. We do not store full payment card numbers; payment processing is handled by PCI-DSS-compliant third-party processors.
(c) Communications: information you provide when you contact us for support, send feedback, or otherwise communicate with us.
(d) User-generated content: any content you submit through the Site, including reviews, comments, or form submissions.
2.2 Information Collected Automatically:
(a) Log data: IP address, browser type and version, operating system, referring URL, pages viewed, time and date of access, and time spent on pages.
(b) Device information: device type, device identifiers, and screen resolution.
(c) Cookies and similar technologies: as described in the Cookie Policy, incorporated herein by reference.
(d) Clickwrap acceptance records: timestamp (UTC and local), IP address, user agent, Terms version accepted, customer email, and order ID, as required for legal enforceability.
2.3 Information from Third Parties:
We may receive information about you from payment processors, analytics providers, email service providers, and other service providers who assist us in operating the Site and delivering products.
We use the information we collect for the following purposes:
(a) To process and fulfill orders, including delivery of Digital Products and shipment of Physical Products;
(b) To create and manage your account;
(c) To communicate with you about your orders, account, or inquiries;
(d) To send transactional emails (order confirmations, shipping notices, account notices);
(e) To send marketing communications, where you have provided consent or where permitted by applicable law;
(f) To maintain records of clickwrap acceptance for legal enforceability purposes;
(g) To detect, prevent, and investigate fraud, unauthorized access, and violations of these Terms;
(h) To comply with applicable legal obligations, court orders, and regulatory requirements;
(i) To improve and optimize the Site and our products;
(j) To enforce our Terms of Service and other legal agreements.
For individuals located in the European Economic Area, United Kingdom, or Switzerland, we process personal data on the following legal bases:
(a) Contract performance: processing necessary to fulfill your order, manage your account, and provide you with purchased products (GDPR Article 6(1)(b));
(b) Legal obligation: processing required to comply with applicable law (GDPR Article 6(1)(c));
(c) Legitimate interests: processing for fraud prevention, security, legal defense, and improvement of our services, where such interests are not overridden by your rights and interests (GDPR Article 6(1)(f));
(d) Consent: processing of personal data for marketing communications, analytics cookies, and other purposes where you have provided explicit, freely given, specific, informed, and unambiguous consent (GDPR Article 6(1)(a)). You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
We do not sell your personal information. We do not share your personal information with third parties for their own marketing purposes without your consent. We may share your information in the following limited circumstances:
(a) Service providers: We share information with third-party service providers who assist us in operating the Site and delivering products, including payment processors, shipping carriers, email delivery providers, cloud hosting providers, and analytics providers. These providers are contractually required to protect your data and use it only as directed by us.
(b) Legal requirements: We may disclose information when required by applicable law, court order, legal process, or government request, or when we believe disclosure is necessary to protect the rights, property, or safety of the Company, our customers, or others.
(c) Business transfers: If the Company is involved in a merger, acquisition, asset sale, or other business transfer, your information may be transferred as part of that transaction. We will provide notice before your personal information becomes subject to a different privacy policy.
(d) Enforcement: We may share information to enforce our Terms of Service, protect against fraud, or defend legal claims.
(e) Consent: We may share information for other purposes with your explicit prior consent.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, as required by applicable law, or as necessary to defend legal claims. In general:
(a) Account information is retained for the duration of your account and for 3 years after account closure unless a longer period is required by law.
(b) Purchase records and clickwrap acceptance logs are retained for 7 years to satisfy tax, accounting, and legal enforceability requirements.
(c) Marketing preference and consent records are retained for 5 years after the last interaction or withdrawal of consent.
(d) Server log data is retained for up to 12 months.
Upon expiration of applicable retention periods, we delete or anonymize personal data in a secure manner.
We implement appropriate technical and organizational security measures designed to protect your personal data against unauthorized access, accidental loss, destruction, or disclosure. These measures include encryption of data in transit (TLS), hashed storage of passwords, access controls, and regular security reviews.
No method of transmission or storage is completely secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected individuals and applicable regulatory authorities as required by applicable law.
We use cookies and similar technologies as described in the Cookie Policy, available at theguidebookco.com/cookies and incorporated herein by reference.
The Site is not directed to children under the age of 13 (or 16 for users in the EEA). We do not knowingly collect personal information from children under those ages. If you believe we have inadvertently collected information from a child, please contact us at [email protected] and we will promptly delete such information.
10.1 General Rights. Depending on your jurisdiction, you may have the following rights with respect to your personal data:
(a) Access: the right to request a copy of the personal data we hold about you;
(b) Correction: the right to request correction of inaccurate or incomplete personal data;
(c) Deletion (erasure): the right to request deletion of your personal data, subject to legal retention requirements;
(d) Restriction: the right to request that we restrict processing of your personal data in certain circumstances;
(e) Portability: the right to receive your personal data in a structured, commonly used, machine-readable format;
(f) Objection: the right to object to processing based on legitimate interests or for direct marketing purposes;
(g) Withdrawal of consent: the right to withdraw consent at any time where processing is based on consent.
10.2 How to Exercise Your Rights. To exercise any of the above rights, submit a written request to [email protected] with sufficient information to verify your identity. We will respond to all verifiable requests within the time periods required by applicable law (30 days under GDPR, 45 days under CCPA/CPRA). We will not discriminate against you for exercising your privacy rights.
10.3 Right to Lodge a Complaint. If you are located in the EEA or UK, you have the right to lodge a complaint with your local data protection supervisory authority. In the United States, you may contact applicable state regulators.
This Section supplements the Privacy Policy for California residents.
11.1 Categories of Personal Information Collected. In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA/CPRA:
11.2 Purposes of Collection. We collect the above categories for the business and commercial purposes described in Section 3.
11.3 No Sale or Sharing of Personal Information. We do not "sell" or "share" personal information within the meaning of the CCPA/CPRA. We do not sell personal information to third parties for monetary consideration or exchange personal information for cross-context behavioral advertising.
11.4 Sensitive Personal Information. We do not use or disclose sensitive personal information for purposes beyond those permitted by Section 7027 of the CPRA regulations.
11.5 Your CCPA/CPRA Rights. California residents have the right to: (a) know what personal information is collected and how it is used; (b) delete personal information, subject to legal exceptions; (c) correct inaccurate personal information; (d) opt out of sale or sharing (not applicable here, as we do not sell or share); (e) limit use of sensitive personal information (not applicable here); and (f) non-discrimination for exercising privacy rights.
11.6 Exercising California Rights. To exercise your CCPA/CPRA rights, contact us at [email protected]. We will verify your identity before processing your request.
The Guidebook & Co LLC is based in the United States. If you are located outside the United States, your personal data will be transferred to and processed in the United States, which may not provide the same level of data protection as your home jurisdiction. Where such transfers involve personal data of EEA or UK residents, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs, June 2021 version) or adequacy decisions, as applicable.
The Site may contain links to third-party websites. We are not responsible for the privacy practices of third-party sites and encourage you to review their privacy policies before providing any personal information.
We may update this Privacy Policy at any time. We will post the revised policy on the Site with an updated "Last Updated" date. We encourage you to review this policy periodically. Material changes will be communicated by prominent notice on the Site or by email.
Questions about this Privacy Policy or your personal data:
[email protected] The Guidebook & Co LLC 134 King Street, Groveland, MA 01834-2011
Copyright 2026 The Guidebook & Co LLC. All rights reserved.