Information as a Commodity (IAAC)
A trade name of Northern Gaming L.L.C., a Minnesota limited liability company
Last Updated: March 3, 2026
Version 1.2
PART I — Plain English Summary
This summary is provided for convenience only. The full legal policy below governs.
Our Philosophy
IAAC is built on proportional data practices. We intentionally limit data collection and avoid behavioral advertising, retargeting, resale of personal information, or unnecessary tracking.
What We Collect
We collect only what is necessary to:
- Process payments
• Deliver course access
• Maintain account functionality
• Provide customer support
• Maintain required financial records
• Protect platform security and integrity
We do not sell personal information.
Platform Delivery
IAAC delivers its Services through the Kajabi platform. Kajabi processes certain data as a service provider under its own Data Processing Addendum (DPA).
Cookies
Non-essential cookies are blocked until consent is provided through Cookiebot.
Your Rights
You may request access, correction, deletion, restriction, objection, or portability of your personal data by contacting:
You may also lodge a complaint with a supervisory authority in your country of residence.
The legal policy below governs.
PART II — LEGAL POLICY
- Introduction
This Privacy Policy describes how Information as a Commodity (“IAAC”), a trade name of Northern Gaming L.L.C., collects, uses, processes, and protects personal information in connection with IAAC.IO and related services.
IAAC applies GDPR-level data protection standards globally.
IAAC acts as a data controller for personal information collected directly through IAAC.IO.
- Information We Collect
- Information You Provide Directly
We may collect:
- Name
• Email address
• Billing information
• Purchase history
• Communications submitted to us
We do not collect phone numbers unless voluntarily provided.
- Payment Processing
Payments are processed by Stripe, either directly or through Kajabi Payments.
IAAC does not store full credit card numbers.
Payment processors operate under their own privacy policies and may act as independent data controllers for payment-related data.
- Course Hosting and Platform Infrastructure
IAAC delivers Services through Kajabi.
Kajabi may process:
- Account credentials
• Login activity
• Technical usage data
• Device and browser metadata
• Security and fraud-prevention signals
• Infrastructure logs
Kajabi processes personal data as a service provider/processor pursuant to its Data Processing Addendum (DPA), which incorporates Standard Contractual Clauses for international data transfers where applicable.
IAAC does not control Kajabi’s internal infrastructure logging, security architecture, or subprocessor arrangements.
- Automatically Collected Technical Data
When visiting IAAC.IO, limited technical data may be processed automatically, including:
- IP address
• Browser type
• Device type
• Server log data
• Fraud-prevention indicators
Processing is limited to operational necessity, security, platform integrity, and legitimate business interests.
- QR Codes
IAAC uses static QR codes that encode direct URLs only.
IAAC does not collect scan metrics, geolocation data, device identifiers, or behavioral tracking data via QR codes.
- Legal Basis for Processing (GDPR Standard)
IAAC processes personal data under the following legal bases:
Contractual Necessity (Art. 6(1)(b))
To deliver purchased Services and manage accounts.
Legal Obligation (Art. 6(1)(c))
To comply with tax, accounting, and regulatory requirements.
Legitimate Interests (Art. 6(1)(f))
For:
- Platform security
• Fraud prevention
• Service integrity
• Abuse prevention
• Enforcement of contractual rights
Such interests are balanced against individual rights.
Consent (Art. 6(1)(a))
Non-essential cookies and tracking technologies operate only after consent is provided via Cookiebot where required.
- Cookies and Tracking Technologies
IAAC uses Cookiebot as its consent management platform.
Cookies may include:
Essential Cookies
Required for login, payments, and security.
Functional Cookies
Used to remember preferences.
Analytics Cookies
Kajabi and related providers may use analytics to measure performance.
Analytics cookies operate only after consent where required.
A detailed cookie declaration listing specific cookies, purposes, and retention periods is available through the Cookiebot declaration panel on IAAC.IO.
- How We Use Information
We use personal information to:
- Deliver purchased Services
• Process payments
• Provide customer support
• Maintain financial records
• Protect platform integrity
• Prevent fraud or misuse
• Enforce contractual rights
• Comply with legal obligations
IAAC does not sell, broker, or rent personal data.
- Data Retention
We retain personal information only as long as reasonably necessary.
Financial Records
Retained up to seven (7) years.
Course Account Data
Retained during the 365-day License Period and up to twenty-four (24) months after expiration unless deletion is requested or legally required.
Account data may be retained after license expiration where necessary for operational continuity, legal compliance, dispute resolution, fraud prevention, enforcement of contractual rights, or platform security.
Email Correspondence
Retained up to thirty-six (36) months.
Service providers may retain data in accordance with their own policies.
- International Data Transfers
IAAC operates in the United States.
If personal data is transferred outside the European Economic Area (EEA):
- Transfers may occur under an adequacy decision; or
• Where no adequacy decision exists, IAAC relies on Standard Contractual Clauses approved by the European Commission.
Kajabi’s DPA incorporates Standard Contractual Clauses where applicable.
- Data Security and Breach Notification
IAAC relies on third-party infrastructure providers, including Kajabi and Stripe, to host and process certain personal data.
These providers implement their own administrative, technical, and organizational safeguards.
IAAC implements reasonable administrative safeguards appropriate to its size and operational role.
In the event of a personal data breach affecting IAAC-controlled data, IAAC will rely on information provided by service providers (where applicable) to assess scope and risk and will provide notification as required by applicable law.
Nothing in this section guarantees absolute security.
- Your Data Protection Rights
Subject to applicable law, you may:
- Access your data
• Request correction
• Request deletion
• Restrict processing
• Object to processing
• Request portability
• Withdraw consent
Requests may be submitted to:
You have the right to lodge a complaint with a supervisory authority.
IAAC may verify identity prior to fulfilling requests.
- Educational Nature and No Compliance Guarantee
IAAC provides educational services only.
IAAC does not warrant compliance with GDPR, CCPA/CPRA, HIPAA, PCI-DSS, ISO 27001, NIST, or other regulatory frameworks.
This Privacy Policy reflects IAAC’s current data handling practices and does not create a professional advisory relationship.
- Children’s Privacy
IAAC services are intended for individuals 18 years or older.
IAAC does not knowingly collect personal information from minors.
If IAAC becomes aware that personal data from a minor has been collected inadvertently, such data will be deleted promptly upon discovery.
- Dispute Resolution
To the extent permitted by applicable law, disputes relating to this Privacy Policy are subject to the dispute resolution provisions set forth in the IAAC Terms and Conditions.
Nothing limits your right to lodge a complaint with a supervisory authority.
- Changes to This Policy
IAAC may update this Privacy Policy periodically.
Updates will be reflected in the “Last Updated” date.
Continued use of Services constitutes acceptance of updates.
- Contact Information and Privacy Lead
IAAC has designated a Privacy Lead responsible for overseeing data protection practices.
Privacy inquiries may be directed to:
You may use this contact to exercise your rights under applicable data protection law.
Â
