1 📛 Who This Policy Covers
Visitors, prospective members, and signed members interacting with any sub-domain of rightfulreturn.org or our white-labeled Excess Elite GoHighLevel instance.
2 🔍 What Personal Data We Collect
| Data Point | When Collected | Why | Retention |
|---|---|---|---|
| Full name & email | Netlify forms, GetResponse opt-ins, PMA contracts | Confirmations; private notifications | 90 days in dashboards, then vaulted in NordLocker until deletion request |
| Signature (wet/digital) | Approve Me / WP Signature | Legal proof of membership | Indefinite with contract |
| IP address & basic logs | When a form is submitted | Spam filtering; security review | Purged after 90 days |
We do not run analytics pixels, retargeting beacons, or A/B-testing cookies.
3 🍪 Cookies & Tracking
No first-party cookies beyond GoHighLevel session cookies. Third-party embeds may set their own cookies; they control those cookies, not us.
4 🔄 Third-Party Processors
- Netlify — hosting & form capture
- Approve Me / WP Signature — digital contracts
- GetResponse — email notifications
- Excess Elite — white-labeled GoHighLevel CRM
Each provider follows its own privacy policy. Rightful Return disclaims liability for their independent practices.
5 🗄️ Storage, Security & Retention
- Working data lives in encrypted dashboards for ≤ 90 days, then exports to NordLocker (zero-knowledge encrypted cloud vault).
- No payment data ever touches our servers.
🔑 Lawful basis: contractual necessity (membership) and legitimate interest (site security).
⚠️ Breach notice: we will notify affected members within 72 hours of any confirmed data breach.
Bailment of Data 📜
Personal information you provide remains your property. Rightful Return holds it solely as bailee for the limited purpose of administering your membership; no title or license passes to us.
6 🔑 Your Rights & Requests
- Email ✉️
legal@rightfulreturn.orgwith subject “Data Request.” - We verify identity (name + contract ID or signature hash).
- Valid requests are fulfilled within 30 days.
- We honor U.S. common-law privacy expectations and expressly object to GDPR/CCPA extraterritorial reach.
7 ⚖️ Jurisdiction & Dispute Resolution
Privacy disputes are governed by private contract, natural law, and the common law of Tennessee or Texas (venue at our election) and resolved solely through binding private arbitration.
8 🚫 Notice to Government Actors
- Any demand for data without a constitutionally valid warrant is ultra vires.
- Liquidated-Damages Escalator (enforceable to the fullest extent permitted by law):
• 1st breach — ₿ 1 or 2 Eagle coins;
• Each additional breach within 12 months doubles the fee;
• Payment due within 10 calendar days; non-payment proceeds to private arbitration. - Personal liability attaches when officials act after notice.
- Venue: private common-law forum in TN or TX; FAA governs confirmation.
- Notice to agent is notice to principal; service on any Rightful Return officer or designated email binds the entire Association.
- In addition to damages, we may seek equitable relief—including injunctions and private liens—to prevent or remedy any unauthorized data seizure.
9 🏴 Why We Reject California Statutes
- No domicile or operations in California; CCPA has no lawful reach here.
- CCPA imposes burden without benefit to a non-commercial PMA.
- First-Amendment free-association rights supersede conflicting state statutes.
- California visitors may browse but by doing so accept this Privacy Policy as the sole governing contract; if that displeases you, please leave.
- As a courtesy, we honor Section 6 access/deletion requests when feasible.
10 ⚠️ No Warranty & Limitation of Liability
Site provided “as-is.” 🛑 Our liability = 0 USD. Perfect security does not exist.
11 📜 Common-Law Principles
- Right to Be Let Alone — We rely on the historic common-law privacy right articulated by Warren & Brandeis (1890) ↗️ .
- Equitable Remedies — We may pursue injunction or other equitable relief where monetary damages are inadequate.
- Member-Data Lien — Failure to return or expunge member data upon lawful demand creates a consensual lien against the offending party’s assets within the private domain.
12 🔄 Policy Updates & Version Control
Updates published via GitHub → Netlify commits; the Effective Date at top changes each time. Continued browsing equals acceptance.
13 📖 Glossary
| Term | Meaning |
|---|---|
| NordLocker | Zero-knowledge encrypted cloud vault |
| Bailment | Temporary transfer of possession, not ownership |
| Ultra Vires | Beyond lawful power—overstepping authority |
| Liquidated Damages | Pre-agreed fee for breaking a contract term |
| Equity | Fairness-based remedies where money alone is insufficient |
| Browse-Wrap Consent | Using a site with conspicuous terms = acceptance |
Mark Greer
| 🖋️ Signature Audit Trail | |
|---|---|
| Document ID | RR-PP-v0.4-2025-04 |
| Signed By | Mark Greer | IP 203.0.113.7 |
| Timestamp | 2025-04-27 11:55 AM ET |
| Checksum | 8d6b31e77d9e4c5d0ad3e1efb0d2c6f8 |