Skip to content
MAYAALLAN

Privacy Policy

Last updated: May 20, 2026

This policy describes how Maya Allan ("we," "us," or the "site") collects, uses, and shares personal information when you visit mayaallan.com or use the products and services offered through it.

If you have questions, write to us via the contact page.

1. Information we collect

We collect only what we need to deliver the site and the products you purchase.

  • Email address. When you purchase a book or session PDF, sign up for a newsletter, send a contact form, or use the AI tools' export feature, you provide your email so we can deliver what you asked for.
  • Payment information. Payments are processed by PayPal. We never see or store your full card number; we only receive the transaction ID, amount, currency, and the payer information PayPal returns (typically name and email).
  • Order records. We keep records of purchases — book or product purchased, price, date, buyer email — to deliver the product, send a download link, and meet our tax and accounting obligations.
  • Usage data. We log basic request information: a one-way hash of your IP address and user-agent (used for rate-limiting and to detect abuse), the referrer URL, the landing page, and any UTM parameters in the URL. We do not store your raw IP for analytics purposes.
  • Visitor and session identifiers. We set a long-lived first-party visitor ID and a per-visit session ID in cookies so we can measure things like "did the same person come back later and buy." These IDs are random; they do not contain personal information.
  • AI chat conversations. When you use Belief Inquiry, Integration, or Reset, your messages are sent to a third-party large-language-model provider in real time to generate the response. We do not persistently store the full transcript on our side unless you click "Save Session as PDF for $9.99" — in which case the transcript is held in encrypted Redis (Upstash) for up to 24 hours so we can render and email the PDF, and deleted as soon as delivery succeeds. If the 24-hour window passes without successful delivery, the transcript is automatically removed.

2. How we use information

  • To process orders and deliver digital goods (book downloads, session PDFs).
  • To send purchase confirmations and product update notices to buyers.
  • To operate the AI chat tools and the session-export feature.
  • To improve the site through aggregated analytics: which pages people land on, which links convert to purchase, what content people share.
  • To prevent abuse, fraud, and unauthorized access to admin areas.
  • To respond to inquiries you send through the contact form.
  • To meet legal obligations (tax records, dispute response, lawful requests).

3. Who we share information with

We do not sell personal information. We share it only with service providers we rely on to run the site, and only to the extent each provider needs to do its job.

  • PayPal — processes all payments. Card data goes directly to PayPal and is governed by PayPal's privacy policy.
  • Resend — delivers transactional email (purchase receipts, download links, contact-form replies, admin alerts). Email addresses pass through Resend to deliver mail.
  • Vercel — hosts the website and stores public assets in Vercel Blob (book PDFs, cover images, audiobook files).
  • Supabase — provides the database where orders, contact-form submissions, and aggregated analytics events are stored.
  • Upstash — provides the encrypted, short-lived Redis store used to hold AI chat session transcripts during the 24-hour window between "Save Session as PDF" checkout and email delivery.
  • AI providers (e.g. Anthropic, OpenAI, Google) — when you use the AI chat tools, your messages are sent to one of these providers to generate responses. Each provider applies its own privacy terms to that interaction.
  • ElevenLabs — voice-generation provider used to produce audiobook content. No customer data is sent to ElevenLabs in the normal course of operating the site.

We may also disclose information if required by law (e.g. a valid subpoena or court order) or to protect someone's rights or safety.

4. International transfers

The site is operated from the United States. If you are visiting from outside the United States, the information we collect will be transferred to and processed in the United States, which may have data protection rules different from those in your country.

5. Retention

  • Order records are kept as required by applicable tax and accounting law (typically six to seven years in the United States). After that period, records are deleted or anonymized.
  • Download tokens emailed after a purchase expire automatically (typically after 30 days and 5 download attempts).
  • Session-export transcripts live in Upstash Redis with a 24-hour time-to-live and are deleted as soon as the PDF has been delivered (whichever comes first).
  • Analytics events are retained for current product analysis. We honor deletion requests against your visitor and session identifiers — write to us via the contact page and reference the date range you want removed.
  • Contact form messages and newsletter subscriptions are kept until you ask us to delete them or until you unsubscribe.

6. Your rights

You can ask us to access, correct, or delete the personal information we hold about you. You can also unsubscribe from any marketing email at any time using the link in the email or by writing to us. We will respond to requests within a reasonable time and in line with applicable law.

If you are in the European Union, the United Kingdom, or California, you may have additional rights under the GDPR, UK GDPR, or CCPA — including the right to portability and the right to object to certain processing. Write to us via the contact page to exercise any of these rights.

7. Cookies and similar technologies

We use cookies and similar local-storage techniques for two purposes:

  • Strictly necessary — to keep you logged in to the admin area (if you are an administrator), to remember your in-progress purchase before redirecting you to PayPal, and to apply rate limits. These are always on.
  • Analytics (optional, consent-gated) — the visitor and session identifiers described above, used to measure how the site is performing in aggregate. We do not run third-party advertising trackers. If you are in the EU, the UK, or any other jurisdiction where consent is required for non- essential cookies, these are set only after you accept on the consent banner. You can revisit your choice at any time using the "Cookie preferences" link in the site footer.

You can block cookies in your browser settings; some site features may stop working if you do.

8. Children

The site is intended for adults. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided personal information to us, please contact us and we will delete it.

9. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top tells you when it last changed. Material changes will be communicated through a notice on the site or by email when appropriate.

10. Contact

Questions about this policy or about your information should be sent through our contact page.