Privacy Policy

This online privacy policy is designed to better serve those who are concerned about how their Personally Identifiable Information (PII) is being used online. PII, as defined in US privacy regulation and information security, is information that can be used alone or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our online privacy policy carefully to understand how we collect, use, protect, or otherwise handle your PII in accordance with our website.

Disclaimer

This information is intended solely for educational and informational purposes and should not be construed as legal advice. The content provided is general in nature and may not reflect the most up-to-date information. We strongly advise consulting with qualified legal counsel to ensure your compliance with applicable laws and regulations in connection with your use of our services.

Data Storage

Our store is hosted on WordPress Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through WordPress data storage, databases, and the general WordPress application. They store your data on a secure server behind a firewall. If you choose a direct payment gateway to complete your purchase, WordPress stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

Information Collection

When purchasing or registering on our site, as appropriate, you may be asked to enter your name, email address, mailing address, identity card, contact number, or other details to help you with your experience. When you create an account and use the Services, including through a third-party platform, we collect any data you provide directly, including:

  • Account Data: In order to use certain features (like enrolling in a course), you need to create a user account. When you create or update your account, we collect and store the data you provide, like your email address, password, and date of birth, and assign you a unique identifying number (“Account Data”).
  • Profile Data: You can also choose to provide profile information like a photo, headline, website link, social media profiles, or other data. Your Profile Data will be publicly viewable by others.
  • Shared Content: Parts of the Services let you interact with other users or share content publicly, including by posting reviews on a course page, asking or answering questions, sending messages to students or instructors, or posting photos or other work you upload. Such shared content may be publicly viewable by others depending on where it is posted.

Information Use

We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, browse the website, or use certain other site features in the following ways:

  • To register on our website to use it.
  • To buy products or digital services.
  • To manage our relationship with you, including notifying you about changes to our terms or privacy policy, requesting that you leave a review, or asking you to take a survey.
  • To manage and protect our business and this site (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data).
  • To send you our email newsletter and other automated email communications.
  • To make recommendations and suggestions to you about goods or services that may be of interest to you.
  • To personalize your experience and allow us to deliver the type of content and product offerings in which you are most interested.
  • To improve our website to better serve you.
  • To allow us to better service you in responding to your customer service requests.
  • To process transactions.
  • To send periodic emails regarding your order or other products and services.
  • To follow up with you after correspondence (live chat, email, or phone inquiries).

SMS Marketing

Before beginning with SMS marketing, it is essential to update your privacy policy to include key information on SMS sending. In particular, if you ever want to apply for a short code, you need to include certain information in your privacy policy to be considered for approval.

SMS Privacy Policy Best Practices

As a best practice, your privacy policy should include an accurate description of your program and how you will handle data in connection with that program. We also recommend including information regarding what you do with the phone numbers you collect, how you use them, who you share them with, etc. The privacy policy should be accessible from the opt-in method (e.g., signup form).

SMS Abandoned Cart Disclosure

Privacy policies must explicitly state how information is captured by the website to determine when a customer’s cart has been abandoned (e.g., website cookies, plugins, etc.). If you are using SMS in an abandoned cart, include a disclosure about this in your privacy policy.

Third-Party Data Sharing

Many wireless carriers have specific requirements about how you describe data-sharing provisions in your privacy policy. While the carriers may differ in what specific language they approve or deny, their overall objective is to assure consumers that their opt-in data and SMS consent status will not be shared in an impermissible or unlawful way. To be clear, these carrier guidelines function independently of any restrictions on data “sharing” or “selling” as defined by various data privacy laws (such as the GDPR, CCPA, or other similar legislation) that may apply to your business.

If your privacy policy already provides for data sharing or selling to nonaffiliated third parties, you need to clarify that such data sharing or selling will not include a user’s SMS opt-in data or consent status (because explicit, one-to-one consent is required for SMS). If your privacy policy does not currently mention data sharing, you need to insert a similar clarification that you will not share SMS opt-in or consent status for non-service-related purposes.

Example Language for Third-Party Data Sharing

Your SMS opt-in data and consent status will not be shared with any nonaffiliated third parties for any purpose other than providing the SMS services for which you have opted in. We do not sell or share your SMS opt-in data or consent status with any third parties for marketing or advertising purposes without your explicit consent.

Customer Data Processing Appendix

Customer Data means any personal data that we process on behalf of a customer via the Service, as more particularly described in this DPA.

Data Protection Laws signifies all information protection laws and guidelines applicable to a party’s handling of Customer Data under the Agreement, including, where applicable, EU Data Protection Law and Non-EU Data Protection Laws.

GDPR-EU Data Protection Law

EU Data Protection Law signifies all data protection laws and guidelines applicable to Europe, including (I) Regulation 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; (iii) applicable national implementations of (i) and (ii); and (iv) in respect of the United Kingdom (“UK”) any applicable national legislation that replaces or converts in domestic law the GDPR or any other law relating to data and privacy as a consequence of the UK leaving the European Union.

Non-EU Data Protection Laws means the California Consumer Privacy Act (“CCPA”); the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”); and the Brazilian General Data Protection Law (“LGPD”), Federal Law no. 13,709/2018.

Parties’ Roles: If EU Data Protection Law or the LGPD applies to either party’s processing of Customer Data, the parties acknowledge and agree that with regard to the processing of Customer Data, the customer is the controller and we are a processor acting on behalf of the customer, as further described in Annex A (Details of Data Processing) of this DPA.

Purpose Limitation: We shall process Customer Data only in accordance with the customer’s documented lawful instructions as set forth in this DPA, as necessary to comply with applicable law, or as otherwise agreed in writing (“Permitted Purposes”). The parties agree that the Agreement sets out the customer’s complete and final instructions to us in relation to the processing of Customer Data, and processing outside the scope of these instructions (if any) shall require prior written agreement between the parties.

Customer Compliance: The customer represents and warrants that (i) it has complied, and will continue to comply, with all applicable laws, including Data Protection Laws, in respect of its processing of Customer Data and any processing instructions it issues to us; and (ii) it has provided, and will continue to provide, all notice and has obtained, and will continue to obtain, all consents and rights necessary under Data Protection Laws for us to process Customer Data for the purposes described in the Agreement. The customer shall have sole responsibility for the accuracy, quality, and legality of Customer Data and the means by which the customer acquired Customer Data. Without prejudice to the generality of the foregoing, the customer agrees that it shall be responsible for complying with all laws (including Data Protection Laws) applicable to any emails or other content created, sent, or managed through the Service, including those relating to obtaining consents (where required) to send emails, the content of the emails, and its email deployment practices.

Lawfulness of Customer’s Instructions: The customer