These terms are provided in English, which is the controlling language in the event of any discrepancy.
When you submit the $100 Question form, we collect your name, email address, and your question. When you use the contact form for full engagement inquiries, we collect your name, email address, your role or company (if you choose to provide it in the contact form), and your message. Payment information is processed by Stripe; we do not store card numbers.
We do not use tracking cookies, analytics platforms, or third-party advertising pixels on our site. Our hosting provider (Cloudflare) processes standard access logs as part of its network infrastructure.
The table below identifies each processing activity, its purpose, and — for users in the European Economic Area — the applicable lawful basis under GDPR Art. 6.
| Processing Activity | Purpose | Lawful Basis (GDPR) |
|---|---|---|
| Generating and delivering your strategic brief | Core service delivery | Contractual necessity (Art. 6(1)(b)) |
| Communicating with you about your question or engagement | Customer support, follow-up | Contractual necessity (Art. 6(1)(b)) |
| Processing payments and refunds via Stripe | Payment processing, legal obligation | Contractual necessity & legal obligation (Art. 6(1)(b) & (c)) |
| Retaining question and brief for 12 months post-delivery | Dispute resolution, refund handling | Legitimate interest (Art. 6(1)(f)) — interest: ability to resolve disputes; balanced against low intrusiveness of limited retention |
| Using anonymized, aggregated data to improve the service | Service improvement (question types and domains only; never your specific question or identity) | Legitimate interest (Art. 6(1)(f)) — interest: continuous improvement; balanced against full anonymization eliminating individual impact |
Your question is processed through artificial intelligence systems directed by a human strategist to generate your brief. This means your question text is transmitted to AI service providers — specifically Anthropic, OpenAI, and/or Google — as part of our analysis pipeline.
These providers act as data processors on our behalf under written Data Processing Agreements (DPAs). They process your data only as instructed and for the purpose of generating your brief. They do not use your questions to train their AI models under our agreements. Each provider's DPA is available through their respective enterprise or API documentation portals.
Brief delivery is handled via MailChannels, which acts as our email delivery processor under its standard data processing terms.
Site imagery disclosure: All images on mrglouton.ai are AI-generated using Google Gemini image generation. No images depict real people or real events.
We do not sell or share your personal information as defined under CCPA/CPRA. We share information only with the following categories of recipients, solely for the purposes described in Section 2:
We will not share your question, identity, or business context with any other third party unless required by law.
We retain your question and brief for up to 12 months from the date of delivery to handle follow-up requests, refunds, or disputes. After 12 months, we delete your question and associated personal data.
Contact form inquiries (name, email, message) submitted through the full engagement form are retained for up to 12 months from the date of submission, or until you request deletion, whichever comes first.
Anonymized, aggregated data (e.g., “23% of questions were about pricing strategy”) may be retained indefinitely. Payment records are retained as required by applicable tax and financial regulations.
You have the right to:
To exercise any of these rights, email [email protected]. We will respond within 30 days.
We use HTTPS encryption for all data transmission. Our site is hosted on Cloudflare Pages, which provides enterprise-grade network security and DDoS protection. Payment processing is handled entirely by Stripe (PCI-DSS compliant). We do not store credit card numbers. However, no method of electronic transmission is 100% secure, and we cannot guarantee absolute security.
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
We do not sell or share personal information as defined under CCPA/CPRA, including sharing for cross-context behavioral advertising.
The table below maps the personal information we collect to CCPA-defined categories:
| Data Collected | CCPA Category | Third Parties Shared With | Purpose | Retention |
|---|---|---|---|---|
| Name, email address | Identifiers | Stripe, MailChannels, AI providers | Service delivery, payment, communication | 12 months |
| Question submitted | Other personal information / Professional information | AI providers (Anthropic, OpenAI, Google) | Brief generation | 12 months |
| Payment data | Financial information | Stripe only | Payment processing | Per Stripe + legal requirements |
| Contact form message | Other personal information | MailChannels | Engagement inquiry response | 12 months |
To exercise your CCPA rights, email [email protected].
If you are in the European Economic Area (EEA), the lawful basis for each processing activity is identified in the table in Section 2 above.
International data transfers: Your personal data may be transferred to and processed in the United States by our AI service providers (Anthropic, OpenAI, Google) and email provider (MailChannels). These transfers are made subject to appropriate safeguards. Specifically, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission under GDPR Art. 46(2)(c), as incorporated into the Data Processing Agreements we maintain with each provider. Where the EU–U.S. Data Privacy Framework applies to a given provider, that framework also serves as a transfer mechanism.
EU representative: We do not maintain a formal establishment in the EEA. We are a small-scale, non-systematic processor of personal data and do not process special categories of data. We assess that we qualify for the exemption under GDPR Art. 27(2). If you are an EU data subject with a concern, you may contact us directly at [email protected] or lodge a complaint with the supervisory authority in your EU member state. A directory of EU data protection authorities is available at edpb.europa.eu.
We may update this policy. Changes will be posted here with an updated date. For material changes that affect how we process your personal data, we will notify registered users by email prior to the change taking effect.
Questions? [email protected]