Mike Lito's Trader University

Privacy Policy

Last updated [DATE] Effective [DATE] Version [1.0]

Draft for counsel — not yet in force

This document is a structured draft prepared for review by a licensed privacy attorney. Bracketed values are placeholders and must be replaced with your actual vendors, retention periods, and entity details. Applicability of the GDPR, CCPA/CPRA, and other state laws depends on where you and your students are and how much data you process — confirm before publishing. It is not legal advice.

What we collect, why we collect it, who sees it, and how to make us stop. Written in plain language on purpose — a policy nobody can read protects nobody.

23 fields to complete before publishingeach gold token below is a blank

01Scope

This policy explains what [LEGAL ENTITY NAME] d/b/a Mike Lito's Trader University collects, why, who sees it, and what you can do about it. It covers this website, our application and enrollment process, our live sessions and recordings, and our student community.

It does not cover your broker, your charting platform, or any other third party. Their privacy practices are their own.

02What we collect

What you give us

  • Application: name, email, country/time zone, trading experience, what you trade, and whatever you write in the free-text answers.
  • Enrollment: billing name and address, and the last four digits and card type from our payment processor. We never see or store your full card number.
  • In the program: your journal entries, playbook, screenshots you upload, session chat, and mentor notes.
  • Support: anything you send us by email or in a form.

What we collect automatically

  • IP address, approximate location derived from it, browser and device type, pages viewed, referring page, and timestamps.
  • Session attendance and video watch progress.

We don't ask for your brokerage credentials, account balance, or account statements, and no instructor or mentor will ever ask you for them. If someone claiming to be from Mike Lito's Trader University asks, it isn't us — report it to [SUPPORT@DOMAIN].

03Why we use it

  • To review applications and run admissions.
  • To deliver the program: access, live sessions, recordings, mentor reviews, and your evaluation.
  • To take payment and handle refunds, chargebacks, and payment plans.
  • To email you about your cohort — dates, changes, materials. These are service messages, not marketing, and you can't opt out of them while enrolled.
  • To send marketing email if you asked for it. There's an unsubscribe link in every one.
  • To improve the curriculum, in aggregate — which lectures get rewatched, where people drop off.
  • To keep the room safe, prevent fraud and account sharing, and enforce our terms.
  • To meet legal, tax, and accounting obligations.

Where the GDPR applies, our legal bases are: performance of a contract (delivering the program), legitimate interests (security, fraud prevention, product improvement), consent (marketing, cookies that aren't strictly necessary), and legal obligation (tax records).

04Session recordings

Live sessions are recorded and added to the library for the cohort. Recordings can include your voice, your video if your camera is on, your display name, your chat messages, and your screen if you share it.

You can attend with your camera off and a display name that isn't your legal name. Recordings are visible to your cohort and staff, not to the public, and we don't use them in advertising without your written permission.

05Cookies and analytics

We use strictly necessary cookies to keep you signed in and to keep the site secure. Those can't be turned off without breaking the site.

We also use [ANALYTICS PROVIDER] to understand traffic, and [AD PLATFORM PIXELS, IF ANY — LIST THEM OR DELETE THIS LINE] to measure ads. Where required, we ask for consent before setting these and honor Global Privacy Control signals.

You can clear or block cookies in your browser. Ad pixels are the ones that matter for the “sale/share” question below — if you run any, list them by name here rather than gesturing at them.

06Who we share it with

We don't sell your personal information for money. We share it with service providers who need it to run the business, under contracts that limit what they can do with it:

  • Payments: [PROCESSOR] — billing details, so they can charge your card.
  • Course platform and video: [LMS / VIDEO HOST] — account and progress.
  • Live sessions: [MEETING PLATFORM] — name, audio, video, chat.
  • Email: [ESP] — name and email.
  • Community: [COMMUNITY PLATFORM] — display name and posts.
  • Analytics and hosting: [PROVIDERS].

We also disclose information when the law requires it, to respond to lawful requests, to protect our rights or someone's safety, and to an acquirer if the business is sold — in which case we'll tell you before your information moves under a different policy.

07How long we keep it

  • Applications not accepted: [12] months, then deleted.
  • Student records and journals: for the length of your access plus [24] months.
  • Session recordings: [24] months.
  • Payment and tax records: as long as tax and accounting law requires, typically [7] years.
  • Web logs: [90] days.

08Your rights

Depending on where you live, you may have the right to access a copy of your information, correct it, delete it, port it, limit how we use sensitive information, opt out of targeted advertising or any “sale” or “share,” withdraw consent, or appeal a decision we make on a request.

Ask by emailing [PRIVACY@DOMAIN]. We'll verify it's you — usually by replying to your account email — and respond within the time the law allows, typically 45 days in the US and 30 days under the GDPR. You can use an authorized agent. We won't charge you or treat you worse for asking.

Some things we can't delete on request: payment records we're required to keep, and content that's part of another student's record. We'll tell you if that's the case and delete the rest.

If you're in the EEA or UK, you can complain to your supervisory authority. If you're in California, you can also designate an agent and appeal a denial by replying to our decision.

09Security

We use encryption in transit, access controls, and least-privilege staff access, and we review who has access to student records [quarterly]. No system is perfectly secure, and we won't pretend otherwise. If a breach affects you, we'll notify you and the relevant regulator as required by law.

10Minors

This program is for adults. We don't knowingly collect information from anyone under 18, and we don't enroll them. If you believe a minor has given us information, write to [PRIVACY@DOMAIN] and we'll delete it.

11International transfers

We operate in the United States, and our service providers may process information there or elsewhere. If you're outside the US, your information will be transferred to the US, which may not offer the same protections as your home country. Where required, we rely on [STANDARD CONTRACTUAL CLAUSES / OTHER MECHANISM].

12Changes and contact

If we change this policy materially, we'll update the date at the top and email enrolled students before it takes effect.

[LEGAL ENTITY NAME] d/b/a Mike Lito's Trader University
[STREET ADDRESS]
[CITY, STATE, ZIP]
Privacy: [PRIVACY@DOMAIN]