← Back

Privacy Policy

This privacy policy explains how The Rational Path ("we", "us") collects and processes personal data when you visit rationalpath.co or use our services.

Last updated: June 2026

1. Controller

Rick Urbanski
c/o Namox GmbH, Bergbahnstraße 8, 01324 Dresden, Germany
Email: rick@rationalpath.co

2. What data we collect

  • Account data — email address, provided when you sign up via Magic Link.
  • Payment data — processed entirely by Stripe (our payment processor and merchant of record). We receive your email and a confirmation of payment but never see card numbers or bank details.
  • Course progress — lesson completion status and worksheet answers you enter, stored in our database (Supabase, hosted in the EU).
  • Analytics — we use PostHog to understand how visitors use the site. On public pages, PostHog runs in cookieless mode (no cookies, no personal identifiers). In the member area, PostHog may use local storage for session continuity.
  • Server logs — our hosting provider (Vercel) automatically collects IP addresses and request metadata for security and performance. These logs are retained briefly and not combined with other data.

3. Legal basis (GDPR Art. 6)

  • Contract performance (Art. 6(1)(b)) — processing your account, delivering the course, saving your worksheet answers.
  • Legitimate interest (Art. 6(1)(f)) — cookieless analytics, fraud prevention, server security.

4. Data processors

  • Supabase (EU region) — authentication and database hosting.
  • Stripe (US, EU-US Data Privacy Framework) — payment processing, merchant of record.
  • Resend (US, EU-US Data Privacy Framework) — transactional email delivery.
  • Vercel (US, EU-US Data Privacy Framework) — website hosting and edge delivery.
  • PostHog (US, EU-US Data Privacy Framework) — product analytics (cookieless on public pages).

5. Data transfers outside the EU

Some processors are based in the United States. Transfers are covered by the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs) as applicable.

6. Retention

Account and course data is kept as long as your account exists. Payment records are retained as required by tax law (typically 10 years). Analytics data is aggregated and contains no personal identifiers. You can request deletion at any time.

7. Your rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict or object to processing
  • Data portability
  • Lodge a complaint with a supervisory authority (in Germany: your state data protection authority)

To exercise any right, email rick@rationalpath.co.

8. Cookies

Public pages (sales page) do not set any cookies. The member area uses a session cookie for authentication, which is strictly necessary for the service to function and does not require consent.