Privacy Policy · DOPE CEOs
[email protected]
Legal

Privacy Policy

Effective: May 2026 · Operator: Crystal Phan LLC

This Privacy Policy explains how Crystal Phan LLC, an Arizona limited liability company (the "Company," "we," "us"), collects, uses, shares, and protects your information when you visit dopeceos.com, purchase the DOPE CEOs Operator Bootcamp, or otherwise interact with us (the "Services").

We keep this short and direct: we collect what we need to deliver our Services, we don't sell your personal information, and you have rights over your data. Contact [email protected] to exercise any right described below.
Table of Contents
  1. 01Information We Collect
  2. 02How We Use Your Information
  3. 03Legal Bases (GDPR)
  4. 04Sharing & Disclosure
  5. 05Cookies & Tracking
  6. 06Data Retention
  7. 07Data Security
  8. 08Your Rights
  9. 09California Residents (CCPA/CPRA)
  10. 10EU/UK Residents (GDPR)
  11. 11Canadian Residents (PIPEDA)
  12. 12Children's Privacy
  13. 13International Transfers
  14. 14Third-Party Links
  15. 15Changes to This Policy
  16. 16Contact

01 Information We Collect

Information You Provide

  • Account & checkout details: name, email, billing address, business name (if provided)
  • Payment information: we may collect data necessary to process your payment, including your payment instrument number and the security code associated with it. All payment data is stored by Stripe; we do not store full card numbers on our servers. You may find Stripe's privacy notice at stripe.com/privacy.
  • Communications: emails, DMs, support requests, and any content you submit during the Bootcamp (e.g., questions, comments, survey responses)
  • Bootcamp participation: session attendance, replay views, Slack/community activity, and any voluntary information you share with the cohort

Information Collected Automatically

  • Usage data: pages visited, time on page, referral source, clicks, browser type, device type, operating system, IP address (often truncated), approximate location (country/region)
  • Cookies and similar technologies: see Section 5

Information from Third Parties

  • Payment confirmation data from our payment processor
  • Email engagement data (opens, clicks) from our email platform
  • Analytics data (aggregate, non-identifying) from our analytics providers

02 How We Use Your Information

We use your information to:

  • Process your purchase and deliver the Bootcamp
  • Send transactional emails (receipts, access details, schedule updates)
  • Provide customer support and respond to inquiries
  • Operate, improve, and personalize our Services
  • Send marketing communications you've opted into (you can unsubscribe at any time via the link in any marketing email)
  • Comply with legal obligations and enforce our Terms & Conditions
  • Detect, prevent, and address fraud, abuse, security incidents, and chargebacks
  • Aggregate or anonymize information for analysis, marketing, and case studies (in non-identifying form)
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

03 Legal Bases (GDPR)

If you are in the EU, UK, or another jurisdiction with a similar legal framework, we rely on the following legal bases to process your data:

  • Contract: to deliver the Bootcamp you purchased
  • Legitimate interests: to operate, secure, and improve our Services; to prevent fraud and abuse
  • Consent: for marketing communications (where required) and certain non-essential cookies
  • Legal obligation: to comply with tax, accounting, and regulatory requirements

04 Sharing & Disclosure

We share your information only with:

  • Service providers who help us operate (e.g., payment processors like Stripe; email/CRM platforms like Go High Level; webinar platforms like Zoom; analytics; community platforms; hosting providers). These providers are bound by confidentiality and data-protection obligations.
  • Legal authorities and parties when required by law, subpoena, or to enforce our Terms or protect rights, safety, and property
  • Successors in the event of a merger, acquisition, sale of assets, or similar transaction (your data follows the standard rights and protections described in this Policy)
  • Other Bootcamp participants, but only with respect to information you voluntarily share inside the cohort (e.g., your name shown during a Zoom session, or messages you post in the community)

05 Cookies & Tracking

We and our service providers use cookies, pixels, and similar technologies to:

  • Operate the site (essential cookies)
  • Remember your preferences
  • Measure traffic and improve the site (analytics)
  • Measure marketing campaign performance

For specific information about how we use these technologies and how you can refuse certain cookies, see our Cookie Notice.

You can also control cookies through your browser settings. Most browsers let you refuse cookies or alert you when cookies are being sent. Disabling some cookies may limit certain features of the Services. We honor "Do Not Track" signals where required by law.

06 Data Retention

We retain your information only as long as necessary to:

  • Provide the Services
  • Comply with legal, accounting, or reporting obligations (typically up to seven (7) years for tax and financial records)
  • Resolve disputes and enforce our agreements

When information is no longer needed, we either delete it or anonymize it.

07 Data Security

We use reasonable administrative, technical, and physical safeguards to protect your information, including encryption in transit (HTTPS), restricted access, and secure third-party processors. However, no system is 100% secure. You use the Services at your own risk and are responsible for maintaining the confidentiality of any credentials you use.

08 Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your data (subject to legal retention obligations)
  • Restrict or object to certain processing
  • Port your data to another service
  • Withdraw consent where processing is based on consent
  • Opt out of marketing communications at any time
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, email [email protected]. We will respond within the timeframes required by applicable law. We will not discriminate against you for exercising your rights.

Withdrawing Your Consent

If we are relying on your consent to process your personal information (which may be express or implied depending on applicable law), you have the right to withdraw your consent at any time. You can withdraw consent by contacting us using the details in Section 16 or by updating your preferences. Please note that withdrawal does not affect the lawfulness of any processing conducted before your withdrawal, nor does it affect processing conducted in reliance on lawful grounds other than consent.

Opting Out of Marketing Communications

You can unsubscribe from our marketing emails at any time by clicking the unsubscribe link in any marketing email, or by contacting us directly. Once unsubscribed, you will be removed from our marketing lists. We may still send you service-related messages (e.g., receipts, schedule updates, account changes) that are necessary for the administration of your purchase or to respond to your requests.

Updating or Closing Your Account

If you want to review, change, or delete information we hold about you, contact us at [email protected]. Upon request, we will deactivate or delete your information from our active databases. We may retain certain information in our files to prevent fraud, resolve disputes, troubleshoot problems, assist with investigations, enforce our Terms, and comply with legal obligations such as tax recordkeeping.

09 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (as amended by the CPRA), including:

  • The right to know what personal information we collect, use, disclose, and sell or share
  • The right to delete personal information we collected from you
  • The right to correct inaccurate personal information
  • The right to opt out of "sale" or "sharing" of personal information (note: we do not sell or share personal information for cross-context behavioral advertising)
  • The right to limit use and disclosure of sensitive personal information
  • The right to non-discrimination for exercising any of the above

To exercise these rights, email [email protected]. We may need to verify your identity before responding.

10 EU/UK Residents (GDPR)

If you are in the EU, UK, EEA, or Switzerland, you have rights under the GDPR (or UK GDPR) as described in Section 8. The data controller is Crystal Phan LLC (contact information below). You have the right to lodge a complaint with your local data protection authority. International data transfers (typically to the United States) are governed by appropriate safeguards including Standard Contractual Clauses where required.

11 Canadian Residents (PIPEDA)

If you are located in Canada, the Personal Information Protection and Electronic Documents Act ("PIPEDA") and applicable provincial laws govern our processing of your personal information.

We may process your information when you have given us specific permission (express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (implied consent). In limited cases, we may be legally permitted to process your information without your consent, including:

  • Where collection is clearly in your interests and consent cannot be obtained in a timely way
  • For investigations and fraud detection or prevention
  • For business transactions where conditions allowed by law are met
  • Where disclosure is required to comply with a subpoena, warrant, or court order
  • Where the information is publicly available and specified by regulation

Canadian residents have the right to access their personal information, request correction of inaccurate information, and withdraw consent at any time (subject to legal or contractual restrictions). To exercise any of these rights, contact [email protected]. You also have the right to file a complaint with the Office of the Privacy Commissioner of Canada.

12 Children's Privacy

Our Services are intended for adults age 18 and older. We do not knowingly collect personal information from children under 13 (or under 16 in the EU/UK). If you believe we have collected such information, please contact us and we will delete it promptly.

13 International Transfers

We are based in the United States. If you access our Services from outside the United States, your information will be transferred to, stored, and processed in the United States and/or other countries where our service providers operate. Data protection laws in those jurisdictions may differ from those in your country.

14 Third-Party Links

Our Services may contain links to third-party websites or platforms. This Policy does not apply to those external sites. We encourage you to review the privacy policies of any site you visit.

15 Changes to This Policy

We may update this Policy from time to time. The current version is always posted at dopeceos.com/privacy. Material changes will be communicated by posting an updated effective date or, where required, by direct notice. Continued use of the Services after the effective date constitutes acceptance of the updated Policy.

16 Contact

Questions, requests, or complaints about this Privacy Policy? Contact:

Crystal Phan LLC
4960 S Gilbert Rd #1 PMB 419
Chandler, AZ 85249
[email protected]