Privacy Policy.

1. Who we are

This privacy policy applies to Corestratagems LLC ("Corestratagems", "we", "our", or "us"), the publisher of AD Auditor and the operator of corestratagems.com.

For any privacy-related question or request, contact us at info@corestratagems.com.

2. What we collect and why

We try to collect the minimum information needed to deliver, support, and improve our products.

From customers who purchase a license

• Email address — so we can deliver your license file, contact you about your purchase, and let you re-download your license if you lose it.
• Name — used to personalize transactional communications. Providing it is optional.
• License ID and license type — issued by us when you purchase. Lets us identify which license belongs to which customer.
• Purchase information — transaction ID, amount, currency, country, license purchased, and payment method type are collected by Lemon Squeezy and shared with us as needed to fulfill orders, provide support, and maintain accounting records. Full payment card details are never sent to or stored by Corestratagems; Lemon Squeezy handles those directly.
• Marketing opt-in status — only if you affirmatively check the "send me product updates" box at checkout. The default is no marketing email.

From website visitors

• Standard web-server logs — IP address, user agent string, page accessed, timestamp. Used for security and to debug site issues. Retained for up to 30 days.
• Theme preference — your light/dark mode choice is stored in your browser's local storage so the site remembers it. This never leaves your device.

From AD Auditor itself

The AD Auditor desktop application runs entirely on your workstation. It does not phone home, send telemetry, or transmit your Active Directory data anywhere. Your scan results, settings, and credentials stay on the machine you installed it on. The only network connection AD Auditor makes is to your own Domain Controller.

3. Legal basis for processing (GDPR)

If you are in the European Economic Area or the United Kingdom, the legal bases on which we process your personal data are:

• Contract — to deliver your license file and provide customer support after purchase.
• Consent — for marketing communications, where you have explicitly opted in.
• Legitimate interest — for fraud prevention, debugging, and the security of our website.
• Legal obligation — for retaining transactional records as required by tax and accounting law.

4. Who we share your information with

We do not sell your personal information. We share it only with the third-party service providers we need to operate, and only the minimum required:

• Lemon Squeezy — payment processing, checkout, tax handling, and license-purchase records.
• Proton Mail — transactional email delivery, including license files and receipts, and marketing email only if you opted in.
• Akamai/Linode — hosting provider for corestratagems.com.

Where applicable, we rely on these providers' privacy terms, security commitments, and data-processing terms to protect personal information.

5. How long we keep it

• License records (email, name, license ID, purchase metadata) — retained for the life of the license plus 7 years for tax and accounting reasons.
• Marketing list — until you unsubscribe, at which point your record is deleted within 30 days.
• Web server logs — up to 30 days.
• Support correspondence — 3 years from the last interaction.

6. Your rights

Regardless of where you live, you can ask us to:

• See what information we hold about you.
• Correct any inaccuracies.
• Delete your data, subject to records we are legally required to keep.
• Export a copy of your data in a portable format.
• Withdraw consent for marketing email at any time, or just click the unsubscribe link in any marketing email.

To exercise any of these rights, email info@corestratagems.com. We will respond within 30 days.

If you are in the EU or UK and you believe we have not handled your data appropriately, you have the right to complain to your local data protection authority.

7. California residents

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you the same rights described in Section 6, plus the right to opt out of any "sale" of your personal information. We do not sell personal information. No special request is needed to enforce this.

8. Security

We use industry-standard practices to protect your data, including encryption in transit (HTTPS), restricted administrative access, and offsite backups. No system can be guaranteed 100% secure, but if we become aware of a breach affecting your information we will notify you and, where applicable, the relevant authorities within the timeframe required by law, including within 72 hours for GDPR-covered breaches.

9. Cookies and tracking

This website does not use tracking cookies. We do not run third-party analytics, advertising scripts, or social-media tracking pixels. The only browser storage we use is localStorage to remember your theme preference, which never leaves your device.

10. Children

AD Auditor is a business tool for IT administrators. We do not knowingly collect personal information from anyone under the age of 18. If you believe a minor has provided us with personal information, contact us and we will delete it.

11. International transfers

If you are outside the United States, your information will be transferred to and stored on servers in the United States. Where the EU GDPR applies, we rely on the Standard Contractual Clauses approved by the European Commission as the legal mechanism for this transfer.

12. Changes to this policy

We may update this policy from time to time. The most current version is always available on this page. Material changes that affect how we use existing customer data will be communicated by email to active customers.

13. Contact

Privacy questions, requests, or complaints: info@corestratagems.com