Privacy Policy

PRIVACY POLICY

Information as a Commodity (IAAC)
A trade name of Northern Gaming L.L.C., a Minnesota limited liability company

Last Updated: March 29, 2026
Version 3.0

Section 1. Introduction

1.1 Scope of This Privacy Policy

This Privacy Policy (“Privacy Policy”) describes how Information as a Commodity (IAAC), a trade name of Northern Gaming L.L.C., a Minnesota limited liability company (“IAAC,” “we,” “us,” or “our”), collects, uses, processes, stores, and discloses personal information in connection with:

IAAC.IO;
Related websites and landing pages;
Educational services and courses;
In-person events; and
All related offerings (collectively, the “Services”).

1.2 Relationship to Terms & Conditions

This Privacy Policy is incorporated by reference into the Terms & Conditions.

In the event of any conflict:

This Privacy Policy governs with respect to personal data; and
The Terms & Conditions govern all other matters.

1.3 Jurisdictional Scope

This Privacy Policy is intended to comply with applicable data protection laws, including, where applicable:

United States privacy laws;
The General Data Protection Regulation (GDPR);
The UK GDPR; and
Applicable state-level privacy laws (e.g., California).

Applicability of specific rights depends on your jurisdiction.

1.4 No Expansion of Obligations

Nothing in this Privacy Policy shall be interpreted to:

Create obligations beyond those required by applicable law; or
Expand IAAC’s liability beyond what is expressly stated in the Terms & Conditions.

1.5 Updates to This Privacy Policy

IAAC may update this Privacy Policy at any time.

Updates will be reflected by a revised “Last Updated” date.

Your continued use of the Services constitutes acceptance of the updated Privacy Policy.

Section 2. Role of IAAC (Controller vs Processor Clarification)

2.1 IAAC as Data Controller

IAAC acts as a data controller with respect to personal information collected directly through the Services.

As a controller, IAAC determines:

The purposes of processing; and
The means by which personal information is processed.

2.2 Third-Party Providers (Processors and Independent Controllers)

IAAC uses third-party providers, including but not limited to:

Kajabi (platform and hosting);
Stripe (payment processing);
Cookiebot (consent management);
Google Tag Manager (conditional analytics deployment);
TryInteract (interactive assessments); and
YouTube (embedded content).

These providers may act as:

Data processors (processing data on IAAC’s behalf); or
Independent data controllers (processing data for their own purposes).

2.3 No Control Over Third-Party Practices

IAAC does not control and is not responsible for:

The privacy practices of third-party providers;
Their security measures; or
Their data processing activities.

Such providers are governed by their own privacy policies.

2.4 Direct Relationships with Third Parties

Your interactions with third-party providers may create a direct relationship between you and those providers.

IAAC is not responsible for:

Data collected directly by such providers; or
How such data is used.

2.5 No Agency or Joint Controller Relationship

Nothing in this Privacy Policy shall be interpreted to create:

A joint controller relationship;
An agency relationship; or
Responsibility for third-party processing activities.

2.6 Jurisdictional Application and Savings Clause

To the maximum extent permitted by applicable law:

This Section shall be enforced in full;
Any unenforceable provision shall be modified to the minimum extent necessary; and
The remainder shall remain valid and enforceable.

Nothing in this Section limits non-waivable statutory rights.

3.1 Categories of Information Collected

IAAC may collect personal information in the following categories:

Identifiers;
Contact information;
Technical and device information; and
Interaction and usage data.

3.2 Information You Provide Directly

You may provide personal information when you:

Register for Services;
Purchase products or services;
Complete forms, surveys, or assessments;
Communicate with IAAC; or
Participate in in-person or online events.

Such information may include:

Name;
Email address;
Responses to forms or questionnaires; and
Other information you choose to provide.

3.3 Payment Information (Third-Party Processed)

Payment information is processed exclusively by third-party providers (e.g., Stripe).

IAAC does not:

Store full payment card details;
Process payments directly; or
Maintain control over payment processing systems.

3.4 Information Collected Automatically

IAAC may automatically collect certain information when you access or use the Services, including:

IP address;
Device type and identifiers;
Browser type;
Operating system; and
Interaction data (e.g., pages visited, time spent).

3.5 Cookies and Similar Technologies

IAAC uses cookies and similar technologies to:

Operate the website;
Enable functionality; and
Support analytics (where permitted).

Non-essential cookies are controlled through a consent management platform (e.g., Cookiebot).

Technologies may include:

First-party cookies;
Consent-based analytics tools; and
Tag management systems (e.g., Google Tag Manager).

3.6 Conditional Data Collection (Consent-Based Systems)

Certain data collection activities (e.g., analytics tracking) occur only after user consent where required by applicable law.

Without consent:

Non-essential tracking technologies are not activated.

3.7 Third-Party Embedded Content

The Services may include embedded content (e.g., YouTube videos).

Such content may collect data directly from you under the third party’s privacy policy.

IAAC does not control such data collection.

3.8 No Collection of Sensitive Data by Default

IAAC does not intentionally collect:

Government identification numbers;
Full financial account details;
Passwords; or
Other highly sensitive personal information

unless explicitly required and provided through secure channels.

Section 4. How We Use Information

4.1 Core Purposes of Processing

IAAC uses personal information to:

Provide and operate the Services;
Process transactions;
Deliver content and materials;
Communicate with users; and
Maintain system functionality.

4.2 Operational Use Limitation

IAAC uses personal information only to the extent reasonably necessary to:

Deliver Services;
Support operations; and
Maintain communications.

IAAC does not use personal information for purposes beyond those described in this Privacy Policy.

4.3 Communications

IAAC may use personal information to send:

Transactional communications;
Service-related updates; and
Administrative notices.

Marketing communications are sent only where permitted by applicable law.

4.4 Analytics and Performance Monitoring

IAAC may use information to:

Understand usage patterns;
Improve Services; and
Monitor performance.

Such activities are subject to consent where required.

4.5 Legal and Compliance Purposes

IAAC may process personal information to:

Comply with legal obligations;
Respond to lawful requests; and
Enforce Terms and related agreements.

4.6 No Sale or Monetization of Personal Information

IAAC does not:

Sell personal information;
Trade personal information; or
Use personal information for monetary gain through third parties.

4.7 No Expansion of Use

IAAC does not use personal information in a manner that:

Is inconsistent with this Privacy Policy; or
Exceeds what is permitted under applicable law.

4.8 Relationship to Legal Basis (GDPR Context)

Where applicable, IAAC relies on:

Consent;
Contractual necessity;
Legitimate interests; and
Legal obligations

as the basis for processing.

4.9 Jurisdictional Application and Savings Clause

To the maximum extent permitted by applicable law:

This Section shall be enforced in full;
Any unenforceable provision shall be modified to the minimum extent necessary; and
The remainder shall remain valid and enforceable.

Nothing in this Section limits non-waivable statutory rights.

Section 5. Legal Basis for Processing (Where Applicable)

5.1 Applicability of Legal Basis Framework

This Section applies where required by applicable data protection laws, including the General Data Protection Regulation (GDPR) and UK GDPR.

In jurisdictions where such laws do not apply, this Section is provided for informational purposes only.

5.2 Contractual Necessity

IAAC processes personal information where necessary to:

Provide the Services;
Fulfill transactions; and
Perform obligations under the Terms & Conditions.

5.3 Consent

IAAC relies on consent where required by applicable law, including for:

Non-essential cookies;
Analytics tracking; and
Certain communications.

Where consent is required:

You may withdraw consent at any time; and
Withdrawal does not affect prior lawful processing.

5.4 Legitimate Interests

IAAC may process personal information based on legitimate interests, including:

Operating and improving the Services;
Maintaining system security; and
Communicating with users.

Such processing is conducted only where it does not override your applicable rights.

5.5 Legal Obligations

IAAC may process personal information to:

Comply with legal obligations;
Respond to lawful requests; and
Enforce legal rights.

5.6 No Expansion of Legal Basis

IAAC does not rely on legal bases beyond those described in this Section.

Processing is limited to what is permitted under applicable law.

5.7 Jurisdictional Application and Savings Clause

To the maximum extent permitted by applicable law:

This Section shall be enforced in full;
Any unenforceable provision shall be modified to the minimum extent necessary; and
The remainder shall remain valid and enforceable.

Nothing in this Section limits non-waivable statutory rights.

Section 6. Sharing and Disclosure of Information

6.1 Categories of Recipients

IAAC may share personal information with:

Service providers;
Payment processors;
Platform providers; and
Other third parties necessary to operate the Services.

6.2 Third-Party Service Providers

IAAC shares personal information with third-party providers solely to the extent necessary to operate the Services, including:

Kajabi (platform and hosting);
Stripe (payment processing);
Cookiebot (consent management);
Google Tag Manager (conditional analytics deployment);
TryInteract (interactive forms and assessments); and
YouTube (embedded content delivery).

6.3 Limited Purpose Disclosure

Personal information is shared only for:

Service delivery;
Operational functionality; and
Legal compliance.

IAAC does not share personal information beyond what is reasonably necessary.

6.4 No Sale or Monetization of Data

IAAC does not:

Sell personal information;
Share personal information for monetary consideration; or
Monetize personal data through third parties.

6.5 Independent Third-Party Responsibility

Third-party providers operate under their own privacy policies.

IAAC is not responsible for:

Their data handling practices;
Their security measures; or
Their independent processing activities.

6.6 Legal Disclosure

IAAC may disclose personal information where required to:

Comply with applicable law;
Respond to lawful requests; or
Protect rights, property, or safety.

6.7 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction.

Such transfers will be subject to applicable legal requirements.

6.8 No Joint Controller or Agency Relationship

Nothing in this Privacy Policy shall be interpreted to create:

A joint controller relationship;
An agency relationship; or
Shared responsibility for third-party processing.

6.9 Jurisdictional Application and Savings Clause

To the maximum extent permitted by applicable law:

This Section shall be enforced in full;
Any unenforceable provision shall be modified to the minimum extent necessary; and
The remainder shall remain valid and enforceable.

Nothing in this Section limits non-waivable statutory rights.

Section 7. Data Retention

7.1 Retention Principles

IAAC retains personal information only for as long as reasonably necessary to:

Provide the Services;
Fulfill contractual obligations;
Maintain operational functionality; and
Comply with applicable legal requirements.

7.2 No Fixed Retention Period Guarantee

IAAC does not guarantee retention of personal information for any specific period.

Retention periods may vary depending on:

The nature of the data;
The purpose of processing; and
Applicable legal or operational requirements.

7.3 Data Deletion and Removal

IAAC may:

Delete;
Anonymize; or
Remove

personal information when it is no longer required for the purposes described in this Privacy Policy.

Such actions may occur without prior notice, to the maximum extent permitted by applicable law.

7.4 No Obligation to Retain or Restore Data

IAAC is not obligated to:

Retain personal information indefinitely;
Restore deleted data; or
Maintain archival copies for user access.

7.5 Third-Party Retention

Personal information processed by third-party providers (e.g., Kajabi, Stripe) is subject to their respective retention policies.

IAAC does not control and is not responsible for third-party data retention practices.

7.6 Jurisdictional Application and Savings Clause

To the maximum extent permitted by applicable law:

This Section shall be enforced in full;
Any unenforceable provision shall be modified to the minimum extent necessary; and
The remainder shall remain valid and enforceable.

Nothing in this Section limits non-waivable statutory rights.

Section 8. Data Security

8.1 Security Measures

IAAC implements reasonable administrative, technical, and organizational measures designed to:

Protect personal information; and
Reduce the risk of unauthorized access, disclosure, or alteration.

8.2 No Guarantee of Security

No system, network, or method of transmission is completely secure.

IAAC does not guarantee:

Absolute security;
Prevention of unauthorized access; or
Protection against all threats or vulnerabilities.

8.3 Inherent Risk of Transmission

You acknowledge that transmission of information over the internet involves inherent risks.

You assume all risks associated with transmitting personal information through the Services.

8.4 Third-Party Security Disclaimer

IAAC relies on third-party providers (e.g., Kajabi, Stripe, Google services) for certain functions.

IAAC is not responsible for:

Security measures implemented by third parties;
Breaches or failures within third-party systems; or
Data handling practices outside IAAC’s control.

8.5 User Responsibility for Security

You are responsible for:

Maintaining the confidentiality of your account credentials;
Securing your devices and networks; and
Taking appropriate precautions when using the Services.

8.6 No Duty to Monitor or Detect Breaches

IAAC does not undertake a duty to:

Monitor user systems;
Detect security incidents affecting users; or
Provide incident response services.

8.7 Jurisdictional Application and Savings Clause

To the maximum extent permitted by applicable law:

This Section shall be enforced in full;
Any unenforceable provision shall be modified to the minimum extent necessary; and
The remainder shall remain valid and enforceable.

Nothing in this Section limits non-waivable statutory rights.

Section 9. User Rights (Where Applicable)

9.1 Applicability of Rights

Certain jurisdictions provide individuals with rights regarding their personal information, including under:

GDPR;
UK GDPR; and
Applicable U.S. state privacy laws.

These rights apply only where required by applicable law.

9.2 Types of Rights

Where applicable, you may have the right to:

Request access to personal information;
Request correction of inaccurate data;
Request deletion of personal information;
Request restriction of processing; and
Object to certain processing activities.

9.3 Right to Withdraw Consent

Where processing is based on consent:

You may withdraw consent at any time;
Withdrawal does not affect prior lawful processing.

9.4 Limitations and Conditions

Your rights are subject to:

Verification of your identity;
Legal and regulatory requirements; and
IAAC’s legitimate interests.

IAAC may deny or limit requests where permitted by applicable law.

9.5 No Absolute Rights

Nothing in this Privacy Policy grants absolute or unconditional rights.

All rights are limited to what is required under applicable law.

9.6 Requests and Response

Requests may be submitted through IAAC’s designated contact channels.

IAAC will respond within a reasonable timeframe consistent with applicable law.

9.7 No Expansion of Obligations

IAAC does not undertake obligations beyond those required by applicable law.

This Section shall not be interpreted to expand IAAC’s duties.

9.8 Jurisdictional Application and Savings Clause

To the maximum extent permitted by applicable law:

This Section shall be enforced in full;
Any unenforceable provision shall be modified to the minimum extent necessary; and
The remainder shall remain valid and enforceable.

Nothing in this Section limits non-waivable statutory rights.

Section 10. International Data Transfers

10.1 Cross-Border Processing

Personal information may be processed in:

The United States; or
Other jurisdictions where IAAC or its service providers operate.

10.2 Acknowledgment of Jurisdictional Differences

You acknowledge that:

Data protection laws may differ across jurisdictions; and
Such laws may provide different levels of protection.

10.3 Transfer Mechanisms (Where Applicable)

Where required by applicable law, IAAC may rely on appropriate safeguards, including:

Contractual arrangements; or
Other legally recognized transfer mechanisms.

10.4 Third-Party Transfers

Personal information may be transferred to third-party providers located in different jurisdictions.

Such providers operate under their own data protection frameworks.

10.5 No Guarantee of Equivalent Protection

IAAC does not guarantee that data protection standards in all jurisdictions will be equivalent.

10.6 User Consent to Transfers

By using the Services, you consent to:

Cross-border transfer of personal information; and
Processing in jurisdictions outside your own, where permitted by law.

10.7 Jurisdictional Application and Savings Clause

To the maximum extent permitted by applicable law:

This Section shall be enforced in full;
Any unenforceable provision shall be modified to the minimum extent necessary; and
The remainder shall remain valid and enforceable.

Nothing in this Section limits non-waivable statutory rights.

11.1 Age Restriction

The Services are intended only for individuals who are at least eighteen (18) years of age.

11.2 No Intentional Collection from Minors

IAAC does not knowingly collect personal information from individuals under eighteen (18) years of age.

11.3 Inadvertent Collection

If IAAC becomes aware that personal information has been collected from a minor:

Such information may be deleted; and
IAAC may take appropriate action to prevent further collection.

Such actions may occur without notice, to the maximum extent permitted by applicable law.

11.4 No Obligation to Monitor Age

IAAC does not undertake a duty to:

Verify the age of users; or
Monitor whether users are minors.

Responsibility for compliance with age requirements rests with the user.

11.5 Jurisdictional Application and Savings Clause

To the maximum extent permitted by applicable law:

(a) This Section shall be enforced in full;
(b) Any unenforceable provision shall be modified to the minimum extent necessary; and
(c) The remainder shall remain valid and enforceable.

Section 12. Communications and Consent Alignment

12.1 Relationship to Terms & Conditions

Communications are governed by the Terms & Conditions, including provisions related to:

Consent to communications; and
Delivery of notices.

12.2 Types of Communications

IAAC may send:

Transactional communications;
Service-related updates; and
Administrative notices.

12.3 Marketing Communications

IAAC may send marketing or promotional communications only where permitted by applicable law.

Such communications may include:

Course updates;
Service offerings; and
Related information.

12.4 Opt-Out Rights

You may opt out of marketing communications by:

Using unsubscribe mechanisms; or
Submitting a request to IAAC.

Opt-out does not apply to:

Transactional communications; or
Service-related notices.

12.5 No Guarantee of Delivery

IAAC is not responsible for:

Delayed or failed delivery of communications;
Email filtering or spam classification; or
User failure to receive or review communications.

12.6 No Expansion of Communication Obligations

IAAC does not undertake obligations to:

Send specific communications;
Provide reminders; or
Maintain ongoing contact beyond what is operationally necessary.

12.7 Jurisdictional Application and Savings Clause

To the maximum extent permitted by applicable law:

This Section shall be enforced in full;
Any unenforceable provision shall be modified to the minimum extent necessary; and
The remainder shall remain valid and enforceable.

Nothing in this Section limits non-waivable statutory rights.

Section 13. Changes to This Privacy Policy

13.1 Right to Modify

IAAC reserves the right to modify or update this Privacy Policy at any time, in its sole discretion.

13.2 Notice of Changes

Changes may be communicated through:

Updates posted on IAAC.IO;
Email communication (where available); or
Platform notifications.

IAAC is not obligated to provide individualized notice unless required by applicable law.

13.3 Effective Date of Changes

Changes to this Privacy Policy are effective:

Upon posting; or
As otherwise specified in the updated version.

13.4 Continued Use as Acceptance

Your continued use of the Services after changes are made constitutes acceptance of the updated Privacy Policy, to the maximum extent permitted by applicable law.

13.5 No Retroactive Expansion of Obligations

Updates to this Privacy Policy shall not be interpreted to:

Apply retroactively in a manner inconsistent with applicable law; or
Expand IAAC’s obligations beyond what is required at the time of processing.

13.6 Jurisdictional Application and Savings Clause

To the maximum extent permitted by applicable law:

This Section shall be enforced in full;
Any unenforceable provision shall be modified to the minimum extent necessary; and
The remainder shall remain valid and enforceable.

Nothing in this Section limits non-waivable statutory rights.

Section 14. Contact Information and Requests

14.1 Contact Method

For questions, requests, or concerns regarding this Privacy Policy, you may contact IAAC at:

[email protected]

14.2 Scope of Contact

Contact may be used for:

General inquiries;
Requests related to personal information (where applicable); and
Clarification of this Privacy Policy.

14.3 No Obligation to Provide Services Through Contact

IAAC is not obligated to:

Provide support beyond the scope of Services;
Offer individualized consultation; or
Respond to requests that are outside the scope of applicable legal requirements.

14.4 Verification Requirement

IAAC may require verification of identity before:

Processing requests; or
Disclosing personal information.

14.5 Response Limitations

IAAC may:

Limit responses; or
Decline requests

where permitted by applicable law, including where requests are:

Excessive;
Repetitive; or
Not legally required.

14.6 No Guarantee of Response Time

IAAC will respond within a reasonable timeframe consistent with applicable law.

IAAC does not guarantee specific response times beyond legal requirements.

14.7 No Expansion of Obligations

Nothing in this Section shall be interpreted to:

Expand IAAC’s obligations beyond applicable law; or
Create additional duties not otherwise required.

14.8 Jurisdictional Application and Savings Clause

To the maximum extent permitted by applicable law:

This Section shall be enforced in full;
Any unenforceable provision shall be modified to the minimum extent necessary; and
The remainder shall remain valid and enforceable.

Nothing in this Section limits non-waivable statutory rights.

Section 15. Interpretation, Construction, and Enforcement

15.1 Interpretation in Favor of Enforceability

To the maximum extent permitted by applicable law, this Privacy Policy shall be interpreted:

To give effect to its intent; and
To provide the fullest permissible protection to IAAC.

No provision shall be interpreted against IAAC solely on the basis that IAAC drafted this Privacy Policy.

15.2 No Strict Construction Against Drafting Party

The parties agree that:

This Privacy Policy shall not be construed against IAAC as the drafting party; and
The doctrine of contra proferentem shall not apply to the maximum extent permitted by applicable law.

15.3 Electronic Records and Evidence

You agree that:

Electronic records maintained by IAAC, including logs and system data,
Are admissible in any legal or regulatory proceeding

and shall be considered accurate and reliable to the maximum extent permitted by applicable law.

15.4 Language Control

This Privacy Policy is drafted in English.

In the event of any translation:

The English version shall control; and
Translations are provided for convenience only.

15.5 Relationship to Other Agreements

This Privacy Policy operates in conjunction with:

The Terms & Conditions; and
Other applicable IAAC policies.

Where applicable:

This Privacy Policy governs personal data;
The Terms govern all other matters.

15.6 No Expansion of Obligations

Nothing in this Privacy Policy shall be interpreted to:

Create obligations beyond those required by applicable law; or
Expand IAAC’s liability beyond what is set forth in the Terms & Conditions.

15.7 Jurisdictional Application and Savings Clause

To the maximum extent permitted by applicable law:

This Section shall be enforced in full;
Any provision found invalid or unenforceable shall be modified to the minimum extent necessary; and
The remainder shall remain valid and enforceable.

Nothing in this Section limits non-waivable statutory rights.

Section 16. Final Provisions and Global Savings Clause

16.1 Global Enforceability

This Privacy Policy is intended to comply with applicable privacy and data protection laws to the extent required.

It shall be interpreted and enforced in a manner consistent with such laws.

16.2 Severability

If any provision of this Privacy Policy is found to be:

Invalid;
Illegal; or
Unenforceable,

such provision shall be:

Modified to the minimum extent necessary; and
The remainder shall remain in full force and effect.

16.3 Non-Waivable Rights

Nothing in this Privacy Policy shall:

Waive rights that cannot be waived under applicable law; or
Limit protections that must be provided by law.

16.4 No Retroactive Liability Expansion

This Privacy Policy shall not be interpreted to:

Apply retroactively in a manner inconsistent with applicable law; or
Expand IAAC’s obligations beyond those in effect at the time of processing.

16.5 Binding Effect

This Privacy Policy forms part of the overall agreement governing use of the Services.

It is binding to the maximum extent permitted by applicable law.

16.6 Survival

Provisions that by their nature should survive shall remain in effect, including:

Data handling limitations;
Liability limitations; and
Enforcement provisions.

16.7 Final Savings Clause

To the maximum extent permitted by applicable law:

This Privacy Policy shall be enforced in full;
Any unenforceable provision shall be modified to preserve enforceability; and
The remainder shall remain valid and enforceable.

Join Our Free Trial