Privacy Policy

The Compass Framework ("we," "us," or "our") operates the website at thecompassframework.co. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit our website, submit information through our contact form, subscribe to our newsletter, or create an account.

The Compass Framework is owned and operated by Ken H. Allman, II. By accessing or using our website, you agree to the terms of this Privacy Policy. If you do not agree with the practices described herein, please do not use our website.

We collect personal information that you voluntarily provide to us when you interact with our website. The types of information we may collect include:

We use the personal information we collect for the following purposes:

• Responding to inquiries: To reply to your contact form submissions, answer your questions, and provide information about The Compass Framework, workshops, and speaking engagements.
• Sending newsletters: To deliver our newsletter and updates to subscribers who have opted in.
• Account management: To create and manage your user account, authenticate your identity, and provide access to account-specific features.
• Website improvement: To analyze usage patterns and improve the functionality, content, and user experience of our website.
• Legal compliance: To comply with applicable laws, regulations, and legal processes.

We use a limited number of third-party services to operate our website. We carefully select providers that maintain strong privacy and security practices.

We do not sell, trade, or rent your personal information to third parties. We do not share your information with third parties for their own marketing purposes.

The Compass Framework takes a minimal approach to cookies. We use only essential cookies that are strictly necessary for the operation of our website.

• Session cookies: Used to maintain your authenticated session if you are logged into an account. These cookies expire when you close your browser or after a defined session period.
• Authentication tokens: Used by Supabase Auth to securely manage user sessions and prevent unauthorized access.

We do not use advertising cookies, marketing trackers, or analytics services that track individual users across websites. We do not participate in cross-site tracking or targeted advertising.

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected:

• Contact form submissions: Retained for as long as needed to address your inquiry and for a reasonable period thereafter to maintain a record of our communications, typically no longer than three (3) years.
• Newsletter subscriptions: Your email address is retained for as long as you remain subscribed. Upon unsubscribing, your email address will be removed from our active mailing list within thirty (30) days.
• Account data: Retained for as long as your account remains active. If you request account deletion, your data will be permanently removed within thirty (30) days of your request.

We may retain certain information for longer periods when required by law or for legitimate business purposes, such as fraud prevention or enforcement of our terms.

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it, including:

• Encryption in transit: All data transmitted between your browser and our website is encrypted using TLS (Transport Layer Security) via HTTPS.
• Encryption at rest: Data stored in our Supabase database is encrypted at rest using AES-256 encryption.
• Secure authentication: Passwords are hashed using industry-standard algorithms and are never stored in plain text. Authentication is managed through Supabase Auth with support for secure session management.
• Access controls: Access to personal data is restricted to authorized personnel on a need-to-know basis.
• Regular reviews: We regularly review and update our security practices to address emerging threats and vulnerabilities.

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining robust safeguards.

You have the following rights regarding your personal information:

• Right of access: You may request a copy of the personal information we hold about you. We will respond to your request within thirty (30) days.
• Right of correction: You may request that we correct any inaccurate or incomplete personal information we hold about you.
• Right of deletion: You may request that we delete your personal information. We will comply with your request unless we are legally required to retain the information. Deletion requests will be processed within thirty (30) days.
• Right to withdraw consent: Where we rely on your consent to process your personal information (such as newsletter subscriptions), you may withdraw your consent at any time.
• Right to opt out: You may opt out of receiving marketing communications from us at any time by using the unsubscribe link in our emails or by contacting us directly.

To exercise any of these rights, please contact us using the information provided in Section 11 below. We may need to verify your identity before processing your request.

The Compass Framework website is not directed at children under the age of thirteen (13). We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information as quickly as possible.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately so that we can take appropriate action.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Effective Date" at the top of this page and, where appropriate, notify you via email or a prominent notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website after any changes constitutes your acceptance of the updated Privacy Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through any of the following methods: