Privacy

Effective May 2026 · Last reviewed 2026‑05‑02

What I collect

I’m Don Goldstein, founder of Muntin Digital in Silver Spring, MD. I collect personal information in five places, all visible to you when it happens:

The Window. When you write to me at /window/, your name, email, and message body are stored in a Cloudflare KV namespace I operate. Threads stay until you ask me to delete them. No third-party chat or scheduler sees your message.
The Workshop (optional account). If you sign in to save tool results, I store your email and a session identifier. Saved items, watches, and storefront-health properties live in a Cloudflare KV namespace tied to your account.
Forms. The contact, checklist, and audit forms post to a Cloudflare Worker I operate. Submissions are delivered by Resend so the email reaches my inbox and your confirmation reaches yours.
Field notes. If you submit a field note on an article, I store the body, your display name, and a one-way SHA-256 hash of your IP for abuse triage. Approved notes are published with attribution; the IP hash is dropped at 90 days.
Analytics. Plausible Analytics counts page views in aggregate. No cookies, no identifiers, no cross-site tracking. Reports go up to 2 years.

What I never do

The list of things I won’t do is the more useful part of this page. The full version is at /never/; the data-relevant subset:

I never sell your data. Not to advertisers, not to lead brokers, not to data resellers. There is no “legitimate interest” loophole that ever results in a payment.
I never run a remarketing pixel on the library. No Meta pixel, no Google Ads tag, no LinkedIn Insight, no third-party retargeting on any page that exists to teach — that’s articles, glossary, research, tools.
I never train AI on your data. Tools run in your browser; their inputs never reach a server. Where I use AI in the studio (drafts, alt text, search cross-links), the providers I use are configured with the “no training” setting on. Full policy at /ai/.
I never aggregate or resell what you typed into a tool. Margin Math, Plate Cost, Invoice Decoder — everything stays in your browser. The site has no server-side telemetry on any tool input.

Your rights

Maryland is my home jurisdiction; depending on where you live, you may have additional rights under the GDPR (EU/UK), CCPA (California), or other state privacy laws. The four that matter most:

Access. Email don@muntin.digital and I’ll send you a copy of everything tied to your name or email within 30 days.
Correction. Same channel; I’ll fix anything inaccurate within five business days.
Deletion. Workshop accounts can self-serve at /account/; deletion takes effect within minutes. For Window threads or form submissions, email me — I delete on request, no questions asked, within five business days.
Opt-out of marketing. The Library Letter and the Operator Drip both have an unsubscribe link in every message. One click. The list is in Buttondown, the unsubscribe is permanent.

If something on the data side feels wrong, write to don@muntin.digital — Mondays through Fridays, I write back within 4 hours; weekends, by Monday morning. If a security incident ever exposes your data, I notify affected operators within 72 hours and file with Maryland’s Attorney General within the 45-day PIPA window.

Vendors

Four third parties touch the data tied to this site. Each has its own privacy policy linked below. The principle is data-minimization: each vendor sees only what it needs to deliver the service you asked for.

Cloudflare — hosting (Pages), Workers, KV namespace, R2 backups. Standard log retention; no analytics. cloudflare.com/privacypolicy
Resend — transactional email delivery for forms, the Window, and the operator drip. Sees your email address and the body of the message you sent. resend.com/legal/privacy-policy
Plausible — cookieless aggregate analytics. Sees the URL you viewed and your country-level location. No cookies, no identifiers. The tracker script is self-hosted from this domain (/assets/p.js) and events are proxied through /api/event on this site’s worker, so your browser never makes a request directly to plausible.io. plausible.io/data-policy
Buttondown — newsletter delivery for the Library Letter and the operator drip. Sees your email address and which list you’re on. buttondown.com/privacy

Children

This site isn’t directed at children under 13 and I don’t knowingly collect data from them. If I find out I have, I delete it. Email me if you believe a child’s data was collected.

Changes

If I update this policy, the date at the top changes and the change appears in the changelog. Material changes (new vendor, new data type) get a paragraph; cosmetic edits (typo fixes) just bump the date.

Contact

Don Goldstein, Muntin Digital™

Maryland LLC · Silver Spring, MD

Email: don@muntin.digital

Reply within four business hours, Mon–Fri.

Sister surfaces: /security/ (data & security — nine claims, five tests) · /never/ (five guarantees a platform can’t make) · /ai/ (how AI is used in the studio) · /cookies.html (the three functional cookies, listed) · /methods/ (where every claim on the site comes from).