PYTHIA CAPITAL

← Back to Home

Our Commitment to Privacy

At Pythia Capital, LLC ("Pythia Capital," "we," "our," or "us"), privacy is not a compliance checkbox — it is a core design principle aligned with our Living Systems Investing (LSI) framework. We have intentionally built our technology stack around privacy-first, open-source, and sovereignty-respecting tools.

This Privacy Policy applies to all websites and services across pythiacapital.io and its subdomains, including edge.pythiacapital.io, garden.pythiacapital.io, vault.pythiacapital.io, and newsletter.pythiacapital.io, as well as The Edge of Chaos Collective and The Pythia Scrolls services.

Our Privacy-First Technology Stack

We believe you deserve to know exactly where your data lives and how it is protected. Our infrastructure is built on:

• Nextcloud — self-hosted on Hetzner servers located in Finland (EU), providing encrypted file storage, client collaboration, and community tools. Your data is not stored on US Big Tech infrastructure. Member community spaces use Nextcloud Talk for discussion (messages automatically anonymized on account deletion) and Nextcloud Collectives in read-only mode for curated research content.
• Buttondown — a privacy-respecting newsletter platform used for The Coherence Lab Letter and subscriber management. Analytics are turned off by default. Subscriber source is tracked only by signup tag. No behavioral tracking.
• Stripe — industry-standard payment processing. Pythia Capital never sees or stores your full payment card details.
• Cloudflare — DNS, CDN, and security layer for all pythiacapital.io domains. Cloudflare uses only strictly necessary security cookies — no advertising or tracking cookies. No cookie consent banner is required for our static sites.
• Loom — used for non-sensitive video content. Loom collects general analytics (views, watch time) but does not require member login. Sensitive or member-only video content will be delivered via Cloudflare Stream.
• YouTube — Pythia Capital does not use YouTube to host its own content. YouTube links may appear as third-party references in our research or essays only.
• Quartz — open-source static site generator for garden.pythiacapital.io. No tracking scripts, advertising networks, or cookies.
• Elestio — managed hosting provider for Nextcloud and future self-hosted services, servers located in Finland (EU).
• Whereby — privacy-respecting video conferencing for external meetings (Norwegian company, GDPR compliant, no guest account required).
• n8n — open-source workflow automation (self-hosted on Elestio), used for secure internal process automation. Planned addition.
• OnlyOffice — open-source document editing suite integrated with Nextcloud. Planned addition.
• Artificial Intelligence — Pythia Capital uses AI tools including Claude (Anthropic), Grok (xAI), and Perplexity to assist with research, writing, and operations. We do not share member personal data, private founder information shared in confidence, or confidential client details with AI systems.
• Other Software — We may add new tools and services over time. Any new service providers will be selected based on the same privacy-first principles and disclosed in updated versions of this policy.

Information We Collect

We collect only what is necessary to provide our services:

Personal Information You Provide:

• Name and email address (newsletter signup, service applications)
• Professional background and investment experience (for accredited investor verification for The Pythia Scrolls Hub & Spoke tier)
• Payment information (processed securely by Stripe — we do not store card numbers)
• Communications you send us directly

Information Collected Automatically:

• IP address and standard web log data
• Browser type and operating system
• Pages visited and time spent (used only to improve our services)

We do not use advertising networks, behavioral tracking pixels, or sell data to third parties. Ever.

Lawful Basis for Processing (GDPR Article 6)

For subscribers and members who are EU residents, we process your personal data under the following lawful bases:

• Newsletter subscriptions — Consent (Article 6(1)(a)). You may withdraw consent at any time by unsubscribing.
• Service delivery — Contractual necessity (Article 6(1)(b)). Processing your name and email is necessary to deliver the service you subscribed to.
• Payment processing — Contractual necessity (Article 6(1)(b)) and legal obligation (Article 6(1)(c)) for tax and financial record-keeping.
• Accredited investor verification — Legal obligation (Article 6(1)(c)) under applicable securities law.
• Retention of financial records beyond your membership — Legal obligation (Article 6(1)(c)) under US tax law and legitimate interests (Article 6(1)(f)) for legal claim defense.

How We Use Your Information

• To deliver newsletter issues of The Coherence Lab Letter
• To manage your membership in the Edge of Chaos Collective or The Pythia Scrolls
• To process payments via Stripe or direct invoicing
• To communicate with you about your membership or subscription
• To comply with legal obligations, including securities law requirements for accredited investor verification
• To improve our services based on aggregate, non-identifying usage patterns

Data Retention Schedule

We retain your data only as long as necessary for the purpose it was collected, subject to legal obligations:

• Financial and payment records — 7 years from filing date (US IRS requirements). These records are retained even after membership ends.
• Consent and opt-in records — 3 years after unsubscribe.
• Accredited investor certifications — Duration of Hub & Spoke membership plus reasonable wind-down period.
• Personal contact data — Deleted within 30 days of a valid erasure request, except where retention is required by law.
• Community discussion content — Nextcloud Talk messages expire automatically based on conversation settings. Message attribution is automatically anonymized by Nextcloud Talk when an account is deleted.

Community Content and Architecture

The Edge of Chaos Collective community spaces are designed with data governance in mind:

• Nextcloud Collectives — curated research and framework content is created and managed by Pythia Capital. Members have read-only access. No member-generated content is stored in Collectives.
• Nextcloud Talk — all member discussion happens in Talk, which automatically anonymizes message attribution when an account is deleted.
• Files and documents — stored in Group Folders owned by Pythia Capital, not individual member accounts. Member departure does not affect Group Folder contents.

Data Storage and Security

Member data and private research materials are stored in our self-hosted Nextcloud instance on Hetzner servers in Finland (EU), subject to EU data protection standards. Hetzner is a German company operating under EU jurisdiction and is not subject to the US CLOUD Act.

We implement industry-standard security measures including encrypted connections (HTTPS/TLS), access controls, and regular security reviews.

Third-Party Service Providers

We share limited information with the following service providers solely to deliver our services:

• Stripe — payment processing (GDPR compliant and DPF-certified)
• Buttondown — newsletter delivery (GDPR-compliant DPA available)
• Cloudflare — DNS and security infrastructure
• Hetzner — server hosting (Finland, EU)
• Whereby — video conferencing (Norwegian company; GDPR compliant)

We do not sell, trade, or rent your personal information to any other third party.

Accredited Investor Information

For The Pythia Scrolls (Hub & Spoke tier), we are required to verify accredited investor status as defined under Rule 501 of the Securities Act of 1933, as amended. Information provided for this purpose is used solely for verification and regulatory compliance and is stored securely in our Nextcloud vault.

Your Rights

You have the right to:

• Access the personal information we hold about you
• Correct inaccurate information
• Request deletion of your data (subject to legal retention requirements)
• Unsubscribe from communications at any time
• Export your data in a portable format
• Object to processing based on legitimate interests

To exercise any of these rights, contact us at team@pythiacapital.io. We will respond within 30 days.

EU Data Subjects — Additional Rights

If you are located in the European Union or EEA, you have additional rights under the GDPR, including the right to restriction of processing, data portability, and the right to lodge a complaint with your local supervisory authority.

Pythia Capital stores primary member data on Hetzner servers in Finland (EU), which significantly reduces cross-border transfer concerns. Where data is processed by US-based services (Stripe, Buttondown), those services maintain GDPR-compliant Data Processing Agreements.

As a small US-based operator serving EU subscribers, Pythia Capital is in the process of appointing an EU representative under GDPR Article 27. Inquiries: team@pythiacapital.io.

Cookies

Our static sites use Cloudflare's strictly necessary security cookies only — no advertising cookies, no third-party tracking. No cookie consent banner is required for these sites.

Children

Our services are not directed at children under 13. We do not knowingly collect information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to active subscribers and members. The current version is always available at edge.pythiacapital.io.

Contact

Questions about this Privacy Policy? Contact us at:
team@pythiacapital.io
Lynn Marie DePippo | Founder & CEO, Pythia Capital
edge.pythiacapital.io

Pythia Capital, LLC | Commonwealth of Massachusetts | March 2026

← Back to Home