Legal
Privacy Policy
01. Overview & Scope
This Privacy Policy describes how An Audience From Anywhere, operated by Adrian Roup ("we," "us," or "our"), collects, uses, stores, and shares personal information when you visit anaudiencefromanywhere.com (the "Site"), use the Camera Score tool at test.anaudiencefromanywhere.com, make a purchase through our Shopify store, or subscribe to our email communications.
We are based in Santa Monica, California, United States. We serve customers and visitors globally, including from the European Union, the United Kingdom, Canada, and other jurisdictions. Depending on where you are located, you may have specific legal rights regarding your personal information, as described in the sections below.
By using our Site and services, you acknowledge the practices described in this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our services and contact us at hello@anaudiencefromanywhere.com to request deletion of any data we may hold about you.
02. Information We Collect
A. Camera Score Tool
When you submit the Camera Score intake form at test.anaudiencefromanywhere.com, we collect the following information you provide voluntarily:
- First name and last name
- Email address
- Company or organisation name
- Job title
- LinkedIn profile URL (if provided)
This tool is hosted on Vercel infrastructure. No payment information is collected through this tool.
B. Shopify Store Purchases
When you place an order through our Shopify-powered store at anaudiencefromanywhere.myshopify.com, our e-commerce platform (Shopify) collects:
- Name and email address
- Shipping and billing address
- Payment information (processed directly by Shopify and/or Stripe — we do not store full payment card data)
- Order history and purchase details
- IP address and browser/device information
For physical book orders, your name and shipping address are shared with our fulfilment partner, Acutrack, solely for the purpose of shipping your order. See Section 5 for full details.
C. Email Marketing (Klaviyo)
When you subscribe to our email list, we collect through Klaviyo:
- Email address
- First name (if provided at signup)
- Email engagement data (opens, clicks, unsubscribes)
- Purchase history (synced from Shopify, if you are also a customer)
D. Analytics & Usage Data
When you visit our Site, we and our service providers may automatically collect:
- Pages viewed, time spent on pages, and navigation paths
- Referring website or source (e.g. a link you clicked)
- Device type, operating system, and browser
- IP address (typically truncated or anonymised)
- General geographic region (country/city level)
E. LinkedIn OAuth (if authorised)
If you choose to connect your LinkedIn account in connection with our services, we may receive from LinkedIn the information you authorise, which may include your public profile data, name, email address, and professional information. You can revoke this access at any time through your LinkedIn account settings.
F. Communications You Send Us
If you contact us by email or other means, we retain the content of your message and your contact details in order to respond to your inquiry and for our records.
03. How We Use Your Information
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Deliver and improve the Camera Score tool assessment | Name, email, company, job title, LinkedIn URL | Legitimate interest; performance of a contract |
| Process and fulfil orders (including physical book shipment) | Name, email, shipping address, order data | Performance of a contract |
| Process payments | Payment details (via Shopify/Stripe) | Performance of a contract; legal obligation |
| Send transactional emails (order confirmations, shipping notifications) | Email, name, order details | Performance of a contract |
| Send marketing emails and newsletters | Email, name, engagement data | Consent (EU/UK); legitimate interest (US/CA where permitted) |
| Personalise email content and product recommendations | Purchase history, engagement data | Consent / legitimate interest |
| Analyse site usage and improve our services | Analytics and usage data | Legitimate interest |
| Comply with legal obligations and resolve disputes | All categories as required | Legal obligation; legitimate interest |
| Prevent fraud and ensure security | IP address, order data, device data | Legitimate interest; legal obligation |
We do not use your personal information for automated decision-making or profiling that produces legal or similarly significant effects without your explicit consent.
04. Lawful Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data only when we have a lawful basis to do so under GDPR Article 6. The bases we rely on are:
- Performance of a contract (Article 6(1)(b)): Where processing is necessary to fulfil an order you have placed, to deliver the Camera Score assessment you requested, or to respond to your inquiry.
- Legitimate interests (Article 6(1)(f)): For analytics, improving our services, fraud prevention, and providing the Camera Score assessment service. Our legitimate interests are balanced against your rights and do not override them. You may object to processing based on legitimate interest at any time (see Section 10).
- Consent (Article 6(1)(a)): For marketing emails sent to EU/UK subscribers. You may withdraw consent at any time by clicking "Unsubscribe" in any email or by contacting us.
- Legal obligation (Article 6(1)(c)): Where we are required to process data to comply with applicable law (e.g. tax and accounting records).
Where we rely on consent as our lawful basis, you have the right to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.
05. Sharing & Third-Party Processors
We do not sell your personal information. We share personal data only with trusted third-party service providers (data processors) who are contractually bound to process data only on our behalf and in accordance with our instructions. Our current processors are:
| Processor | Purpose | Data Shared | Location |
|---|---|---|---|
| Shopify Inc. | E-commerce platform & payment processing infrastructure | Name, email, address, order data, payment data | Canada / Global |
| Stripe, Inc. | Payment processing (via Shopify) | Payment card data, billing address | United States |
| Klaviyo, Inc. | Email marketing & automation | Email, name, purchase history, engagement data | United States |
| Vercel, Inc. | Hosting for Camera Score tool | Form submissions, IP address (server logs) | United States / Global Edge |
| Acutrack, Inc. | Physical book fulfilment and shipping | Name and shipping address (print orders only) | United States |
| Resend | Transactional email delivery | Email address, name, email content | United States |
| LinkedIn Corporation | OAuth authentication & profile data (if authorised by user) | LinkedIn profile data (only if you connect your account) | United States |
Other Disclosures
We may also disclose your personal information:
- To comply with law: In response to a valid legal request (such as a court order, subpoena, or government demand), or where required by applicable law.
- To protect rights: Where necessary to protect the rights, property, or safety of An Audience From Anywhere, our users, or others.
- Business transfers: In connection with a merger, acquisition, reorganisation, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website if such a transfer occurs and your data will remain subject to this Privacy Policy.
- With your consent: For any other purpose with your explicit consent.
We do not share personal information with third parties for their own advertising or marketing purposes without your explicit consent.
06. Cookies & Tracking Technologies
We and our third-party service providers use cookies, pixel tags, and similar tracking technologies on our Site. A cookie is a small file stored on your device that enables certain functionality and helps us understand how you use our Site.
Types of Cookies We Use
| Cookie / Technology | Set By | Category | Purpose |
|---|---|---|---|
_shopify_session, cart |
Shopify | Strictly Necessary | Maintains your shopping cart and session state; required for store functionality |
_shopify_y, _y |
Shopify | Analytics | Unique visitor tracking to understand store traffic |
__kla_id |
Klaviyo | Marketing / Tracking | Identifies Klaviyo subscribers across sessions to enable email personalisation and attribution |
| Analytics cookies | Analytics provider | Analytics | Aggregated page view and referral data to understand site usage |
EU & UK Visitors: Under the ePrivacy Directive, non-essential cookies
(including the Klaviyo __kla_id tracking cookie) require your prior consent
before being set. We are working to implement a cookie consent banner for EU and UK visitors.
Until that is in place, you may opt out of Klaviyo tracking by using your browser's cookie
controls or a tool such as the
NAI opt-out tool.
Managing Cookies
Most browsers allow you to control cookies through their settings. You can typically:
- View and delete cookies already on your device
- Block cookies from specific sites or all sites
- Set your browser to notify you when a cookie is being set
Note that disabling certain cookies (particularly Shopify session cookies) may prevent the store from functioning properly. Disabling the Klaviyo cookie will not affect your ability to receive emails you have already subscribed to.
You can also opt out of Klaviyo's tracking by following the unsubscribe link in any of our emails, which removes the association between your browser and your email address.
07. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required or permitted by law.
| Data Category | Retention Period | Reason |
|---|---|---|
| Camera Score intake form submissions | 24 months from submission, or until deletion requested | Providing follow-up assistance and improving the tool |
| Shopify order records | 7 years from order date | Tax and accounting legal obligations |
| Klaviyo active subscribers | Duration of subscription; see note below | Email marketing |
| Klaviyo unsubscribed contacts | Suppression list retained indefinitely; personal data deleted within 24 months of unsubscribe | Honour opt-out preferences; compliance |
| Server and access logs (Vercel) | Up to 90 days | Security monitoring; debugging |
| Support and email correspondence | 3 years from last contact | Resolving disputes; improving service |
For Klaviyo subscribers who have not engaged (i.e. opened or clicked any email) for 18 or more consecutive months, we will suppress and schedule deletion of their personal data, unless they have an active purchase relationship with us or have otherwise re-engaged.
When data is no longer required, we securely delete or anonymise it. If deletion is not immediately possible (e.g. data is held in backup systems), we will isolate the data from further processing until deletion is feasible.
08. Security
We take reasonable and appropriate technical and organisational measures to protect your personal information from unauthorised access, disclosure, alteration, or destruction. These measures include:
- HTTPS/TLS encryption in transit for all Site communications
- Access controls limiting who can access personal data to those with a business need
- Reliance on industry-standard platforms (Shopify, Klaviyo, Vercel) that maintain their own extensive security programmes, including SOC 2 Type II compliance where applicable
- Payment card data is never stored by us directly — it is processed by Shopify and Stripe, both PCI DSS compliant
No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware (where required by GDPR) and will notify affected individuals without undue delay.
09. International Data Transfers
We are based in the United States. Your personal information may be transferred to, and processed in, countries other than your country of residence. These countries may have data protection laws different from those of your country.
Our third-party processors (Shopify, Klaviyo, Vercel, Stripe, Resend) are primarily based in the United States. If you are located in the EEA or the United Kingdom, please be aware that these transfers are governed by the following safeguards:
- Standard Contractual Clauses (SCCs): For transfers of personal data from the EEA/UK to the US, we and our processors rely on the European Commission's Standard Contractual Clauses (2021 version) or the UK International Data Transfer Addendum (UK IDTA), as applicable, which provide appropriate safeguards for the transfer.
- Adequacy decisions: Where an adequacy decision has been issued by the European Commission or the UK ICO covering the destination country or sector, we rely on that decision.
- Data Privacy Framework: Some of our US-based processors participate in the EU-US Data Privacy Framework (DPF) or the UK Extension to the DPF, which provides an adequacy mechanism for transatlantic data transfers.
You may request information about the specific transfer mechanisms we use for your data by contacting us at hello@anaudiencefromanywhere.com.
10. Your Rights Under GDPR & UK GDPR
If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) and the UK GDPR:
Right of Access
Request a copy of the personal data we hold about you (Article 15). We will respond within 30 days.
Right to Rectification
Request correction of inaccurate or incomplete personal data (Article 16).
Right to Erasure
Request deletion of your personal data ("right to be forgotten") where there is no compelling reason for continued processing (Article 17).
Right to Restrict Processing
Request that we limit how we use your data in certain circumstances (Article 18).
Right to Data Portability
Receive your personal data in a structured, commonly used, machine-readable format (Article 20).
Right to Object
Object at any time to processing based on legitimate interest, including profiling and direct marketing (Article 21).
Right to Withdraw Consent
Where processing is based on your consent, you may withdraw it at any time without affecting prior lawful processing.
Right to Lodge a Complaint
You have the right to lodge a complaint with your local data protection authority.
Supervisory Authorities
Depending on your location, the relevant supervisory authority may be:
- EU: Your national data protection authority (a full list is available at edpb.europa.eu)
- UK: Information Commissioner's Office (ICO) — ico.org.uk
How to Exercise Your Rights
To exercise any of these rights, please send a request to hello@anaudiencefromanywhere.com with the subject line "GDPR Data Request" and a description of your request. We may ask you to verify your identity before acting on any request. We will respond within 30 days (with up to a 60-day extension for complex requests, with notice to you).
11. Your Rights Under CCPA / CPRA (California Residents)
If you are a California resident, you may have certain rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). We provide these rights voluntarily as a matter of best practice, even if our business volume does not meet the statutory thresholds for mandatory compliance.
Categories of Personal Information Collected
In the preceding 12 months, we have collected the following categories of personal information:
- Identifiers: Name, email address, IP address
- Commercial information: Purchase history, order details
- Internet or other electronic network activity: Browsing activity on our Site, cookie data
- Professional or employment-related information: Job title, company name, LinkedIn URL (Camera Score tool only)
- Geolocation data: General location inferred from IP address
Your California Privacy Rights
- Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months, the categories of sources from which it was collected, the business or commercial purpose for collecting it, and the categories of third parties with whom we have shared it.
- Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions (e.g. completing a transaction, legal obligations, security).
- Right to Correct: You may request correction of inaccurate personal information.
- Right to Opt Out of Sale or Sharing: We do not sell personal information for monetary consideration. We do not share personal information for cross-context behavioural advertising at this time. If this changes, we will update this policy and provide an opt-out mechanism.
- Right to Limit Use of Sensitive Personal Information: We do not use or disclose sensitive personal information for purposes beyond those permitted by the CPRA.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights. We will not deny goods or services, charge different prices, or provide a different level of quality because you exercised your rights.
How to Submit a CCPA Request
To exercise your rights, email us at hello@anaudiencefromanywhere.com with the subject line "California Privacy Request". We will acknowledge your request within 10 business days and respond within 45 calendar days (with up to a 45-day extension if necessary, with notice).
We may need to verify your identity before fulfilling your request by asking you to provide information that matches what we have on file.
12. Canadian Residents (PIPEDA)
If you are a resident of Canada, your personal information is collected, used, and disclosed in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.
Under PIPEDA, you have the right to:
- Know why we collect, use, or disclose your personal information
- Access your personal information held by us
- Challenge the accuracy and completeness of your information and request correction
- Complain to our Privacy Officer if you believe your privacy rights have been violated
- Lodge a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca)
We collect personal information only with your consent (express or implied) or as otherwise permitted by law. You may withdraw consent to our use of your personal information at any time, subject to legal or contractual restrictions, by contacting us as described in Section 16.
Note that our service providers (Shopify, Klaviyo, Vercel, Stripe, Resend, Acutrack) process data primarily in the United States. By using our services, you acknowledge that your personal information may be processed outside of Canada. If you have concerns about cross-border transfers, please contact us.
13. Email Marketing & CAN-SPAM Compliance
If you subscribe to our email list, you agree to receive marketing communications from us. All marketing emails we send comply with the requirements of the CAN-SPAM Act (15 U.S.C. § 7704) and, for EU/UK subscribers, the GDPR and ePrivacy Directive.
CAN-SPAM Act (US)
In accordance with the CAN-SPAM Act, our marketing emails:
- Clearly identify themselves as advertising or promotional in nature
- Use honest and non-deceptive subject lines
- Include a clear and conspicuous mechanism to opt out of future emails
- Include our physical mailing address in the email footer
- Honour opt-out requests promptly (within 10 business days)
Opting Out
You may unsubscribe from marketing emails at any time by:
- Clicking the "Unsubscribe" link in the footer of any marketing email
- Emailing us at hello@anaudiencefromanywhere.com with "Unsubscribe" in the subject line
Please note that even after unsubscribing from marketing emails, you may still receive transactional emails related to orders you have placed (order confirmations, shipping updates, receipts). These are not marketing emails and cannot be unsubscribed from while an order is active.
EU & UK Marketing Consent
For subscribers located in the EU or UK, we obtain explicit opt-in consent before sending marketing emails. You can withdraw your consent at any time using the unsubscribe methods above. Withdrawing consent does not affect the lawfulness of any emails sent before you withdrew consent.
14. Children's Privacy
Our Site and services are not directed to children under the age of 16, and we do not knowingly collect personal information from anyone under 16. If you are a parent or guardian and believe that a child has provided us with personal information without your consent, please contact us immediately at hello@anaudiencefromanywhere.com and we will take steps to delete that information.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Notify you by email (if we have your email address and the change is material) or by posting a prominent notice on our website
We encourage you to review this Privacy Policy periodically. Your continued use of our services after any changes constitutes your acceptance of the updated policy, except where consent is required under applicable law, in which case we will seek your consent explicitly.
16. Contact Us
For any questions, concerns, or requests related to this Privacy Policy or the way we handle your personal information, please contact:
An Audience From Anywhere
Attn: Privacy / Adrian Roup
Santa Monica, California, United States
hello@anaudiencefromanywhere.com
anaudiencefromanywhere.com
If you are located in the EU or UK and have a concern that we have not resolved to your satisfaction, you also have the right to lodge a complaint with your local data protection supervisory authority (see Section 10).
We aim to respond to all privacy-related requests within the legally required timeframes — typically 30 days for GDPR requests and 45 calendar days for CCPA requests.