The Business Doctor

Privacy

Privacy Policy

Last updated: June 9, 2026

The Business Doctor (“we,” “us,” “our”) is operated by Ashley Matheson, a sole proprietor based in Newfoundland and Labrador, Canada. This Privacy Policy explains what information we collect when you use thebusinessdoctor.app, how we use it, and your rights regarding it.

This policy is written under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). If you are in the European Union, we honor additional rights under GDPR. If you are in California, we honor additional rights under CCPA. Both are described below.

What we collect

When you use The Business Doctor, we collect:

  • Your email address — collected by Gumroad when you purchase. We use it to deliver your unlock code, the full report, and to support refund or re-issue requests. No email is required to run the free pulse check.
  • The answers you give during the consultation — your responses to the Diagnostician's questions, which we send to Anthropic's Claude AI model to generate your analysis.
  • Payment information — handled entirely by Gumroad. We do not see or store your credit card details. We receive only an order confirmation and a customer email from Gumroad's webhook.
  • Usage data — aggregate token usage counts per AI route and model, for cost tracking. This does not contain personal information.

We do not collect or store:

  • Names, addresses, or phone numbers — unless you choose to include them in your interview answers
  • Cookies for advertising or third-party tracking
  • IP addresses or device identifiers beyond what is logged by our hosting provider for standard server operations

Where your information goes

We use the following third-party services, all hosted in the United States, to operate The Business Doctor:

  • Anthropic — your interview answers are sent to Anthropic's Claude AI model to generate your report. Anthropic does not use API data to train models.
  • Resend — used to deliver your unlock code and the full report by email. Resend processes your email address and the report content for delivery only.
  • Gumroad — payment processing as our merchant of record. Gumroad handles your card details directly under their own privacy policy.
  • Railway — application hosting and data storage. Stores your unlock token (so it can be redeemed), anonymous pulse-check inputs (business type, pain category, revenue bracket — no personally identifying information), and the email of paid customers (recorded by Gumroad on purchase, used to fulfill your unlock code).

For Canadian users: your data crosses borders when we send it to these US-based services. By using The Business Doctor, you consent to this transfer, as PIPEDA requires us to disclose.

How long we keep it

  • Your interview, analyses, and 90-day plan are stored in your browser's localStorage on your own device — not on our servers. You can clear this any time by clicking “Start over” or by clearing your browser data.
  • Your pulse-check inputs (a 3-5 word business description, the pain category you selected, and your revenue bracket) are stored anonymously on our server. We use them only to understand what kinds of businesses use the product and what they care about. We do not link them to your email.
  • Your email address, if you paid, is stored on our server because Gumroad records it when you check out, and we use it to issue and re-issue your unlock code on request.
  • Your unlock code, if you paid, is stored on our server until consumed and for a reasonable period after, so we can honor refund or support requests.
  • Aggregate usage data is retained for as long as we operate the service, for cost tracking purposes. It does not identify you.

We do not retain the raw text of your interview answers on our servers after the session generates your report.

Your rights

You have the right to:

  • Know what we have about you — email us and we'll send you a copy.
  • Correct anything inaccurate — email us with the correction.
  • Have it deleted — email us. We will remove your record within 30 days. Doing so may prevent us from honoring the 90-day rate limit on that email.

If you are in the EU: you also have GDPR rights to data portability, restriction, and objection. Our lawful basis for processing your data is contract performance (delivering the consultation you requested) and legitimate interests (preventing abuse, operating the service).

If you are in California: you have CCPA rights to know what we collect, delete it, and not be discriminated against for exercising these rights. We do not sell personal information.

To exercise any of these rights, email support@thebusinessdoctor.app.

Cookies and local storage

We use your browser's localStorage to keep your consultation session active between page loads. This is essential to operate the service and is not used for tracking or advertising. We do not use third-party cookies. We do not embed analytics or advertising pixels.

Children

The Business Doctor is built for business owners and is not directed at anyone under 18. We do not knowingly collect information from children.

Security

All communication with the site uses HTTPS. Data at rest is encrypted by our hosting provider. Our third-party providers maintain their own security standards. No system is perfectly secure; in the unlikely event of a data breach affecting your information, we will notify affected users promptly as required under PIPEDA.

Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top will change. Continued use of the service after an update constitutes acceptance of the revised policy.

Contact

Privacy questions, data requests, or anything else: support@thebusinessdoctor.app

Ashley Matheson, sole proprietor
Newfoundland and Labrador, Canada