Canary Paterns("we," "us," or "our") is operated by a sole proprietor based in Washington State, USA. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit canarypatterns.com or purchase any Thinking Forge product or service. It also describes the rights you have with respect to your personal information under applicable laws, including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). By using this site, you agree to the practices described in this policy.
Contents
1. Information We Collect
Information you provide directly
Email address — collected when you join the waitlist, make a purchase, or contact us directly.
Purchase information — when you buy a product, our payment processor (Stripe) collects your payment card details and billing information. We do not receive or store your full card number. We may receive your email address and a transaction identifier from Stripe to confirm your purchase.
Communications — if you contact us by email, we retain the content of that communication and your email address in order to respond.
Information collected automatically
Usage data — pages visited, time spent, referring URLs, and general navigation patterns.
Device and browser information — browser type, operating system, screen resolution, and similar technical data.
IP address — collected automatically by our hosting provider (Squarespace) as part of standard web server logging. Used for security and aggregate analytics only, not individual tracking.
Information we do not collect
We do not collect sensitive personal information such as government identification numbers, full financial account details, health or medical information, precise geolocation, racial or ethnic origin, religious beliefs, or biometric data.
2. How We Use Your Information
To fulfill purchases — delivering digital products you have purchased and providing post-purchase support.
To communicate with you — sending transactional emails related to your purchase, responding to support inquiries, and sending product updates or announcements to subscribers who have opted in.
To operate and improve the site — understanding how visitors use our site, diagnosing technical issues, and improving content and user experience.
To maintain security — detecting and preventing fraud, abuse, and unauthorized access.
To comply with legal obligations — retaining records as required by applicable law and responding to lawful requests from authorities.
We do not use your personal information to make automated decisions that produce legal or similarly significant effects, and we do not use it for targeted advertising, behavioral profiling, or sale to third parties.
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:
Performance of a contract — processing necessary to fulfill a purchase you have made or to provide services you have requested (Article 6(1)(b) GDPR).
Legitimate interests — processing necessary for our legitimate business interests, including operating and securing the site and improving our products, where those interests are not overridden by your rights (Article 6(1)(f) GDPR).
Consent — where you have given us explicit consent, such as opting in to our email waitlist or marketing communications (Article 6(1)(a) GDPR). You may withdraw consent at any time by unsubscribing or contacting us, without affecting the lawfulness of prior processing.
Legal obligation — processing required to comply with applicable laws and regulations (Article 6(1)(c) GDPR).
4. How We Share Your Information
We do not sell, rent, or trade your personal information. We share information only in the following limited circumstances:
Service providers — we share information with trusted third-party services that help us operate our business (see Section 5). These providers are permitted to use your information only to perform services on our behalf and are bound by appropriate data protection obligations.
Legal requirements — we may disclose your information if required by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
Business transfers — in the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We would provide notice before your information becomes subject to a materially different privacy policy.
With your consent — in any other circumstances, we will ask for your explicit consent before sharing your information.
5. Third-Party Services
We use the following third-party services to operate Canary Patterns. Each processes data according to their own privacy policies:
Stripe — payment processing. Stripe collects and processes your payment information directly and securely. We do not store full card numbers. Stripe Privacy Policy →
Mailchimp (Intuit) — email list management. Your email address is stored in Mailchimp when you join our waitlist or subscribe to updates. Mailchimp may process data in the United States. Mailchimp Privacy Policy →
Squarespace — website hosting and delivery. Squarespace processes standard server data including IP addresses.
We share only the minimum information necessary for these providers to perform their services and evaluate them for reasonable data protection practices.
6. Cookies and Tracking
Our site uses a minimal number of cookies. We do not use cookies to serve targeted advertising or to track you across other websites.
Types of cookies we may use
Strictly necessary cookies — required for the site to function. These cannot be disabled without affecting site functionality.
Analytics cookies — used to understand how visitors use the site in aggregate. These collect anonymized data and are not used to identify individuals.
Managing cookies
You can control cookies through your browser settings. Most browsers allow you to refuse, delete, or be notified when cookies are set. Disabling certain cookies may affect the functionality of the site. For more information, visit allaboutcookies.org.
If you are in the EEA or UK, we will seek your consent before placing any non-essential cookies, in accordance with applicable cookie laws.
7. Email Communications
We may send you the following types of email:
Transactional emails — order confirmations, product delivery, and responses to your direct inquiries. These are sent as a necessary part of completing a transaction and are not subject to marketing opt-out.
Marketing and product update emails — announcements about new products, and educational content. These are sent only to subscribers who have opted in, and every such email includes a clear unsubscribe link.
To unsubscribe from marketing emails, click the unsubscribe link in any email or contact us at hello@canarypatterns.com. We will process your request within 10 business days.
8. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes described in this policy:
Purchase records — retained for a minimum of 7 years to satisfy financial recordkeeping requirements.
Email list data — retained until you unsubscribe or request deletion.
Support communications — retained for up to 2 years after the matter is resolved.
Server logs — typically retained by Netlify for up to 30 days in accordance with their standard practices.
When data is no longer needed and no legal retention obligation applies, we delete it or anonymize it so that it can no longer be associated with you.
9. Data Security
We implement reasonable technical and organizational measures to protect your personal information, including:
HTTPS encryption across all pages of the site.
Use of reputable, security-focused third-party processors for sensitive data handling.
Limiting access to personal data to only those who need it to operate the service.
Regular review of our data handling practices.
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information using commercially acceptable means, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify you as required by applicable law.
10. International Data Transfers
Thinking Forge is based in the United States. If you are accessing the site from outside the United States, please be aware that your information may be transferred to, stored, and processed in the US, where data protection laws may differ from those in your country.
Our service providers (Stripe, Mailchimp, Netlify) may also process data in countries other than your own. Where required under GDPR, we rely on these providers' use of standard contractual clauses (SCCs) or other lawful transfer mechanisms to ensure appropriate protection for cross-border data transfers.
11. Your Rights — All Users
Regardless of where you are located, you have the right to:
Access — request a copy of the personal information we hold about you.
Correction — request that we correct inaccurate or incomplete information.
Deletion — request that we delete your personal information, subject to legal retention requirements.
Opt out of marketing — unsubscribe from marketing emails at any time.
To exercise any of these rights, email hello@canarypatterns.com. We will respond within 30 days and may ask you to verify your identity before acting on your request.
12. Your Rights — California Residents (CCPA / CPRA)
This section applies to residents of California and supplements the rest of this Privacy Policy.
Under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), California residents have the following rights:
Right to Know — the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of third parties with whom it is shared.
Right to Delete — the right to request deletion of your personal information, subject to certain exceptions such as legal recordkeeping obligations.
Right to Correct — the right to request correction of inaccurate personal information.
Right to Opt Out of Sale or Sharing — we do not sell or share your personal information for cross-context behavioral advertising. No opt-out action is required.
Right to Limit Use of Sensitive Personal Information — we do not collect or use sensitive personal information beyond what is necessary to provide our services.
Right to Non-Discrimination — we will not discriminate against you for exercising any of your CCPA/CPRA rights. You will not receive a different level of service or be charged a different price as a result of exercising these rights.
Categories of personal information collected (past 12 months)
Identifiers: email address, IP address
Commercial information: purchase records and transaction history
Internet or network activity: site usage and navigation data
How to submit a CCPA/CPRA request
Email hello@canarypatterns.com with the subject line "California Privacy Request." We will respond within 45 days, with a possible extension of up to an additional 45 days where necessary, with prior notice. You may designate an authorized agent to submit a request on your behalf with written permission.
13. Your Rights — EEA, UK & Switzerland (GDPR)
This section applies to individuals in the European Economic Area, the United Kingdom, and Switzerland.
Under the GDPR and applicable national implementing laws, you have the following rights:
Right of access (Art. 15) — the right to obtain confirmation of whether we process your data and to receive a copy of it, along with information about how it is used.
Right to rectification (Art. 16) — the right to have inaccurate data corrected and incomplete data completed without undue delay.
Right to erasure (Art. 17) — the right to request deletion of your data where it is no longer necessary for the purpose it was collected, where you withdraw consent, or where processing is unlawful, subject to applicable exceptions.
Right to restriction of processing (Art. 18) — the right to request that we limit how we use your data in certain circumstances, such as while the accuracy of data is being contested.
Right to data portability (Art. 20) — the right to receive your personal data in a structured, commonly used, machine-readable format where processing is based on consent or contract, and to transmit that data to another controller.
Right to object (Art. 21) — the right to object at any time to processing based on legitimate interests, including for direct marketing. Where you object to direct marketing, we will cease processing immediately.
Rights related to automated decision-making (Art. 22) — we do not engage in solely automated decision-making that produces legal or similarly significant effects.
Right to withdraw consent — where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
Right to lodge a complaint — you have the right to lodge a complaint with your local supervisory authority. In the UK: the Information Commissioner's Office (ico.org.uk). In the EU: your national data protection authority.
To exercise your GDPR rights, email hello@canarypatterns.com. We will respond within 30 days. Where requests are complex or numerous, we may extend this by a further two months and will notify you with the reason for the extension.
14. Children's Privacy
Thinking Forge is intended for professional adult users and is not directed at children. We do not knowingly collect personal information from anyone under the age of 16. If we become aware that we have inadvertently collected personal information from a child under 16, we will take prompt steps to delete it.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@canarypatterns.com and we will address the matter promptly.
15. Do Not Track
Some browsers transmit "Do Not Track" (DNT) signals to websites. Because there is no universally accepted standard for responding to DNT signals, we do not currently alter our data collection practices in response to them. We will revisit this position if a common technical standard is established.
16. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page. For significant changes, we may also notify active subscribers by email prior to the changes taking effect.
Your continued use of the site after changes are posted constitutes your acceptance of the updated policy. We encourage you to review this page periodically.
17. Contact Us
If you have questions, concerns, or requests related to this Privacy Policy or your personal information, please contact us:
Email: hello@canarypatterns.com
Location: Washington State, United States
We aim to respond to all privacy-related inquiries within 30 days. ·