Privacy

Landing Doctor is a paid digital service operated by Maksym Postoliuk, an individual based in Poland. Payments are processed by LemonSqueezy as merchant of record. The product is delivered immediately on request.

Who is the data controller

Landing Doctor is operated by an individual based in Poland; payments are processed by LemonSqueezy as merchant of record. For all GDPR matters, the controller is the natural person listed below.

• Operator: Maksym Postoliuk — individual data controller, based in Poland (EU jurisdiction).
• Contact for privacy requests: audits@landingdoctors.com
• Data Protection Officer (DPO): No DPO has been appointed. Under GDPR Article 37, designating a DPO is mandatory only for public authorities, controllers whose core activities involve large-scale regular monitoring, or controllers processing special categories of data at scale. A single-operator audit business does not meet any of those triggers, so no DPO is required. You can still reach the controller directly at audits@landingdoctors.com.

Legal basis for processing

We process your data under the GDPR lawful bases listed below. Each purpose is mapped to a specific Article 6 ground so you can see exactly why each piece of data is held.

• Paid audit delivery. Performance of a contract — Art. 6(1)(b). When you buy a paid audit, we process the URL you submit, your billing email, and the report we generate so we can deliver what you bought.
• Recovery emails. Performance of a contract — Art. 6(1)(b) — and our legitimate interest in helping buyers retrieve a report they paid for, Art. 6(1)(f). We use the email you entered at checkout to resend the report link on request.
• Quiz funnel responses (anonymous). Legitimate interest — Art. 6(1)(f). The interest is improving the product: we look at which questions get skipped, which scoring buckets correlate with conversion, and where users drop off. Quiz sessions are anonymous unless you opt in on the final step.
• Follow-up nurture emails (free-audit users). Consent — Art. 6(1)(a). We only send these if you tick the explicit opt-in checkbox on the last quiz step. You can withdraw consent at any time via the unsubscribe link in every email or by writing to audits@landingdoctors.com.
• Payment processing via LemonSqueezy. Performance of a contract — Art. 6(1)(b) — and compliance with our tax / invoicing obligations, Art. 6(1)(c). LemonSqueezy is the merchant of record and collects the billing data it needs to issue an invoice and remit VAT under its own privacy policy.

Cookies, pixels & analytics

We are honest about what is currently loaded on the site. The marketing pages load the following third-party tags. A consent banner that gates these in the EU is on the roadmap and not yet shipped — until it is, the disclosures below are how we meet our Article 13 transparency duty.

• Meta Pixel (fbp / fbc cookies). Loaded for ad attribution and lookalike audiences on Meta platforms. In the EU, this technology requires prior consent under the ePrivacy Directive — our current setup is non-consent, which we treat as a gap to close, not as compliant.
• X (Twitter) Pixel. Loaded for ad attribution on X. Same EU consent gap as the Meta Pixel.
• Google Tag (gtag.js). Loaded for Google Ads conversion measurement. Same EU consent gap.

Status: A GDPR-compliant cookie banner that blocks these tags by default for EU visitors is in active planning. Until it ships, EU visitors who object can email audits@landingdoctors.com and we will document the request and treat your visit accordingly.

AI-generated output — EU AI Act Article 50 disclosure

The audit report is generated using a large language model — specifically Anthropic Claude. Your landing page content (the URL, the page HTML, and the visible text) is sent to Anthropic during the analysis. Per Anthropic's commercial API terms, your traffic is not used to train their models, and Anthropic does not retain the request body beyond the duration of the analysis call.

The output is reviewed against our 12-dimension methodology, but it is produced by an LLM. Buyers should treat the findings as expert-system commentary — useful, ranked, and grounded in CRO frameworks — rather than as personally rendered legal, marketing, or financial advice from a named human consultant. If a buyer needs a signed expert opinion, the paid audit is not that product.

International data transfers

Some of our processors are based in the United States. Each transfer relies on a specific legal mechanism that is listed below, so you can audit our chain.

• Anthropic (USA). Used for the LLM analysis itself. Transfer mechanism: EU-US Data Privacy Framework (DPF) certification with Standard Contractual Clauses (SCCs) as the contractual fallback.
• Vercel Inc. (USA). Hosting and CDN. Transfer mechanism: EU-US DPF certification plus SCCs.
• Resend (USA). Transactional email delivery. Transfer mechanism: EU-US DPF certification plus SCCs.
• LemonSqueezy (USA, as processor for billing). Merchant-of-record and payment processing. Transfer mechanism: Standard Contractual Clauses signed with LemonSqueezy as part of their data processing agreement.

When you run an audit, the content of the landing page you submit is read by Anthropic for the duration of the analysis. We do not persist your customer's landing page raw HTML in our database after the audit completes — only the finished report is stored, alongside the URL you submitted.

How long we keep your data

Retention is purpose-specific. We hold data only as long as needed for the purpose that justified collecting it, then we delete or anonymize.

• Order data (billing email, intake URL, generated report JSON). Kept for 90 days after the report is delivered, then anonymized — the URL is hashed, the email is removed, and the report JSON is dropped. Anonymized records survive for product analytics only.
• Free-audit records. Kept for 30 days after creation, then deleted automatically.
• Incomplete quiz sessions. Kept for 7 days, then deleted automatically.
• Outbound email log. Kept for 12 months for dispute resolution and compliance (e.g. proving an email was actually sent if a chargeback alleges otherwise). After 12 months the log row is deleted.

Your GDPR rights — and how to use them

As a data subject in the EU you have the following rights against us. They apply to data we hold about you specifically — anonymized analytics data is out of scope because it cannot be tied back to you.

• Right of access (Art. 15) — get a copy of the data we hold about you.
• Right to rectification (Art. 16) — correct inaccurate data.
• Right to erasure (Art. 17) — request deletion, sometimes called the right to be forgotten.
• Right to restriction (Art. 18) — pause processing while a dispute is open.
• Right to portability (Art. 20) — get your data in a structured, machine-readable format.
• Right to object (Art. 21) — object to processing based on legitimate interest, including the quiz analytics described above.
• Right to withdraw consent (Art. 7(3)) — withdraw consent for nurture emails at any time, without affecting prior lawful processing.

Right to lodge a complaint. You can complain to the Polish supervisory authority, Urząd Ochrony Danych Osobowych (UODO), at https://uodo.gov.pl. As an EU resident, you may also complain to the supervisory authority of your country of residence.

Response time. We respond within 30 days of receiving a verified request, as required by GDPR Article 12(3). For complex requests we may extend this once by up to two further months, in which case we will tell you within the first 30 days and explain why.

How to exercise a right. Email audits@landingdoctors.com. Subject line: "GDPR request — [right]". Include your order ID if you have one (for paid audits) or the email you used at checkout so we can locate your record. We may ask for one verification step if the request is sensitive.