Privacy Policy

When You Buy Something

Name, shipping address, email, and payment information. This is the bare minimum required to send a physical object to a physical location occupied by a physical human. We don’t store your full credit card number — that’s handled by our payment processor (Stripe), who has significantly more security infrastructure than we do and significantly less personality.

When You Create an Account

Email and a password you probably use for twelve other sites (please don’t). If you join the Underground, we also store your membership status and your permanent asset number. The asset number is, as promised, permanent.

When You Browse the Site

Standard server logs: IP address, browser type, pages visited, referring URL. This is what every web server on earth collects automatically. We use it to understand traffic patterns and make sure the site isn’t broken. We are not building a psychological profile of you. That’s someone else’s job.

When You Take the Threat Assessment

Your quiz responses are processed in your browser to generate your threat level. We don’t store your answers on our servers. Your cognitive vulnerability profile stays between you and your screen. As it should be.

When You Sign Up for The Wrap

Your email address. That’s it. We use MailerLite to manage our email list. You can unsubscribe at any time by clicking the link at the bottom of any email, at which point we will miss you but respect your decision.

To fulfill your order. To send you shipping updates. To contact you if something goes wrong with your order. To send you The Wrap if you opted in. To improve the site. To comply with legal obligations.

That’s the list. There is no second list.

Only the parties required to get your order from “confirmed” to “on your head”:

Payment Processing

Stripe processes your payment. Their privacy policy is at stripe.com/privacy. They’re publicly trusted by millions of businesses, which either means they’re trustworthy or they’re running the longest con in financial history.

Order Fulfillment

Our print-on-demand partners receive your shipping details to produce and ship your order. They get your name and address — not your browsing history, not your threat assessment score, not your deepest fears about 5G.

Email

MailerLite handles The Wrap distribution. Their privacy practices are at mailerlite.com/legal/privacy-policy.

Analytics

We may use basic analytics to understand site traffic. If we do, we’ll use privacy-respecting tools configured to collect the minimum data necessary.

We do not sell, rent, trade, barter, or exchange your personal information with anyone. Not advertisers. Not data brokers. Not that guy who keeps emailing us about “synergy opportunities.”

We use essential cookies to keep your shopping cart working and your login session active. These are functional cookies — the kind that make websites work, not the kind that follow you around the internet whispering about shoes you looked at once.

We do not use third-party advertising cookies. The irony of a cognitive defense brand tracking you with surveillance cookies would be a bit much, even for us.

You can request access to your personal data, ask us to correct it, or ask us to delete it. Email contact@tinfoil.wtf and we’ll handle it promptly. If you’re in California, you have rights under the CCPA. If you’re in the EU, you have rights under GDPR. If you’re anywhere else, we’ll still treat your request with the same respect because it’s the right thing to do.

To delete your account, email us. We’ll remove your data from our systems within 30 days, except for records we’re legally required to retain (order history, tax records, etc.).

We use SSL encryption, secure payment processing, and industry-standard security practices to protect your data. Is any system truly impenetrable? No. But we take reasonable precautions, which is more than can be said for most of the apps on your phone.

Our site is not directed at anyone under 13, and we do not knowingly collect data from children. If you’re under 13 and reading this privacy policy for fun, we respect your commitment to digital literacy but please go outside.

If we update this policy, we’ll post the revised version here with an updated date. For material changes, we’ll notify you via email or a prominent notice on the site. We won’t bury changes in fine print and hope you don’t notice — that’s the other guys’ move.

Questions, concerns, or existential anxiety about your data? Reach us at contact@tinfoil.wtf.