← Back to home

Privacy Policy

Last updated: May 9, 2026

This Privacy Policy explains how Fiorella DiCarlo, RD, CDN ("we," "us," "our") collects, uses, shares, and protects your personal data when you visit glp1stability.com, take the quiz, or purchase the GLP-1 Stability System™ course ("Services").

We are based in Florida, United States, at 190 SE 5th Ave, Delray Beach, FL 33483. We can be reached at fiorella@fiorellard.com for any privacy questions or to exercise your rights under this Policy.

1. What we collect

Information you give us directly: name, email address, country/region, billing address (for Stripe), and your quiz responses (current GLP-1 status, symptom answers, score results, personality result).

Information collected automatically: IP address, browser type, device type, referring URL, pages visited, UTM parameters from campaign links, and timestamps. Some of this is collected via cookies and similar technologies (see Section 6).

Payment information: we do not store card numbers or full payment details. Payment processing is handled entirely by Stripe, who collects card information directly through their checkout. We receive only the customer email, the amount paid, a Stripe-generated session/customer ID, and a confirmation that the payment succeeded.

Course progress: if you create an account and use the course, we store the content you create and timestamps of your activity to deliver the service.

2. Why we use your data (lawful basis)

  • To deliver what you bought (Article 6(1)(b) GDPR - performance of contract): your email is used to give you access to the course, send order confirmations, and provide account-related communications.
  • To send marketing emails with your consent (Article 6(1)(a) GDPR - consent): if you submitted the quiz or opted in elsewhere, we send the path-specific email sequence and occasional broadcasts. You can unsubscribe at any time via the link in any email.
  • To improve the Services (Article 6(1)(f) GDPR - legitimate interests): we analyze aggregate quiz responses and conversion data to improve the funnel. We do not use this for any decision that has a legal or similarly significant effect on you.
  • To meet legal obligations (Article 6(1)(c)): tax records, dispute resolution, and similar legal needs.

3. Who we share data with

We use a small number of vendors who process data on our behalf (data processors). Each is contractually required to protect your data and not use it for their own purposes:

We do not sell your personal data, and we do not share it with third parties for their own marketing.

4. International data transfers

We are based in the United States and our service providers are primarily in the United States and the European Union. If you are in the EU, EEA, UK, or Switzerland, your personal data is transferred to the United States. We rely on the EU-US Data Privacy Framework where our processors are certified (Stripe, MailerLite) and on Standard Contractual Clauses where they are not, to provide an adequate level of protection.

5. How long we keep your data

  • Quiz responses: retained for 3 years from submission for funnel analysis, then deleted.
  • Course account data: retained while your account is active, plus 1 year after deletion.
  • Email subscriber records: retained until you unsubscribe or request deletion.
  • Payment records: retained for 7 years for tax and accounting purposes.
  • Server logs (IP, request data): retained for 90 days.

6. Cookies and tracking

We use cookies and similar technologies for two purposes:

  • Strictly necessary cookies (always active): authentication, payment session continuity, and basic security. These are required for the Services to function and are exempt from consent requirements.
  • Analytics cookies(consent required): Google Tag Manager and Google Analytics, used to understand aggregate traffic patterns. These cookies do not fire until you accept the cookie banner. You can change your choice at any time using the "Cookie preferences" link in the footer.

7. Your rights

Depending on where you live, you have the following rights over your personal data:

  • Access - request a copy of the data we hold about you.
  • Rectification - correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten") - request deletion of your data, subject to legal retention obligations.
  • Restriction - request that we limit how we use your data.
  • Portability - receive a machine-readable copy of the data you provided.
  • Objection - object to processing based on our legitimate interests.
  • Withdraw consent - revoke any consent you previously gave (e.g., marketing emails, analytics cookies).
  • Lodge a complaint - if you are in the EU/EEA, with your local supervisory authority. If you are in the UK, with the ICO.
  • Non-discrimination (CCPA) - we will not deny you services for exercising any of these rights.

To exercise any right, email fiorella@fiorellard.com from the email associated with your data. We will respond within 30 days.

8. Children's data

The Services are not directed to children under 16, and we do not knowingly collect personal data from children under 16. If you believe we have collected such data, contact us and we will delete it.

9. Security

We use industry-standard technical and organizational measures to protect your data, including HTTPS encryption in transit, strong authentication for our admin systems, and minimum-necessary access for our processors. No method of transmission or storage is 100% secure; we will notify affected users without undue delay in the event of a confirmed personal data breach as required by applicable law.

10. Changes to this Policy

We may update this Policy occasionally. Material changes will be posted here with a new "Last updated" date. Continued use of the Services after changes take effect constitutes acceptance.

11. Contact

For privacy questions, requests, or complaints, contact us at fiorella@fiorellard.com or by mail at: Fiorella DiCarlo, RD, CDN, 190 SE 5th Ave, Delray Beach, FL 33483, United States.