← Back to home Legal

Privacy Policy

Last updated: June 18, 2026

1. Who we are

This website (orderflowclub.com) and the Order Flow Club newsletter and educational products are operated by Maciej Harpeniuk ("Order Flow Club", "we", "us"), based in Poland. We are the data controller responsible for your personal data.

If you have any questions about this policy or how we handle your data, contact us at [email protected].

2. What data we collect

  • Newsletter sign-up: your email address, and your first name if you choose to provide it.
  • Technical data: when you visit the site, our hosting and security provider may automatically process limited technical data such as your IP address, browser type, and pages visited — for security and to keep the site running.
  • Purchases: if you buy a product, the purchase is processed by Gumroad, not by us. We receive limited order information (such as your email and which product you bought). We do not receive or store your full payment card details.

3. Why we use your data, and our legal basis

  • To send you the free starter resource and our newsletter — legal basis: your consent (Art. 6(1)(a) GDPR). You can withdraw consent at any time.
  • To respond to messages you send us — legal basis: our legitimate interest in replying to you (Art. 6(1)(f) GDPR).
  • To keep the website secure and working — legal basis: our legitimate interest (Art. 6(1)(f) GDPR).
  • To deliver products you purchase and to meet our legal and accounting obligations — legal basis: performance of a contract and legal obligation (Art. 6(1)(b) and (c) GDPR).

4. Who we share your data with

We use trusted third-party services to run Order Flow Club. Each one processes your data only as far as needed to provide its service:

  • MailerLite — email newsletter and sign-up forms (EU-based provider).
  • Gumroad — storefront and payment processing. Gumroad acts as Merchant of Record for your purchase, and its own privacy policy governs the transaction.
  • Cloudflare — website hosting, content delivery, and security.
  • Discord — if you join our community server, Discord processes your data under its own privacy policy.

We never sell your personal data.

5. International transfers

Some of our providers (for example Gumroad and Cloudflare) may process data outside the European Economic Area. Where that happens, the transfer is protected by appropriate safeguards such as the European Commission's Standard Contractual Clauses.

6. How long we keep your data

We keep your newsletter data until you unsubscribe or ask us to delete it. Purchase and accounting records are kept for as long as Polish law requires. Technical and security logs are kept only for a short period.

7. Your rights

Under the GDPR you have the right to: access your data; correct it; delete it; restrict or object to its processing; receive a copy of it (data portability); and withdraw consent at any time (withdrawing consent does not affect processing already carried out). To exercise any of these, email [email protected].

You have the right to lodge a complaint with the Polish supervisory authority: the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych — UODO), ul. Stawki 2, 00-193 Warsaw, Poland — uodo.gov.pl.

8. Cookies

The site may use a small number of cookies that are necessary for it to function and stay secure (for example, cookies set by Cloudflare), plus cookies set by the MailerLite sign-up form. We do not use cookies to build advertising profiles. You can control cookies through your browser settings.

9. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top always shows the current version.

10. Contact

Maciej Harpeniuk[email protected]

See also our Disclaimer.