Privacy Policy
This Privacy Policy explains what personal data we collect when you visit this website or buy the course, why we collect it, and what your rights are. We collect the minimum we need to run the business.
1. Who we are
The Online Safety Course for Families ("we", "us", "our") is the data administrator (data controller) for any personal data collected through this website and through the course.
To exercise your data rights or ask any privacy question, email us at info@onlinesafetycourseforfamilies.com.
2. What we collect
When you visit the website
- Standard server logs: IP address, browser type, referrer, pages visited, timestamps.
- Google Analytics 4 cookies and identifiers, used to understand traffic sources and how visitors interact with the site.
- Meta Pixel (Facebook Pixel) cookies and identifiers, used to measure the performance of our Meta advertising, attribute purchases to specific ads, and build audiences for retargeting.
- Google Tag Manager loads these tags, but does not collect personal data on its own.
When you buy the course
- Your name and email address, used to deliver your access link and receipts.
- Billing information, collected and processed by our payment processor. We do not see or store your card details.
- Your purchase history: which products, when, at what price.
When you receive our emails
- Your email address and engagement data (whether emails were opened or clicked), so we can stop sending if you are no longer engaging.
When you contact us
- Whatever you write in your message and the email address you send it from.
3. Why we collect it (and the legal basis)
| Purpose | Legal basis (GDPR) |
|---|---|
| Deliver the course you paid for | Performance of contract |
| Send the included monthly Scam Alert emails for 12 months | Performance of contract (included with purchase) |
| Send transactional emails (receipts, refund confirmations, updates about your purchase) | Performance of contract |
| Provide customer support | Performance of contract / legitimate interest |
| Comply with tax and accounting obligations | Legal obligation |
| Improve the website using analytics | Legitimate interest, with consent where required |
| Send marketing emails beyond the included Scam Alerts | Consent (you can opt in or out any time) |
4. Who we share data with
We share the minimum necessary with trusted service providers:
- Payment processor (Lemon Squeezy, Inc.): processes your purchase, handles billing, manages refunds. They act as an independent data controller for payment data under their own privacy policy.
- Email delivery provider: sends our Scam Alert and transactional emails on our behalf.
- Hosting provider (Netlify, Inc.): hosts this website and stores standard access logs.
- Google LLC (Google Analytics 4, Google Tag Manager): receives site usage data so we can measure traffic and improve the site.
- Meta Platforms, Inc. (Meta Pixel): receives data about page visits, key actions, and purchases on this site so we can measure the performance of our Meta ads, attribute conversions, and serve relevant ads to people who have visited or shown interest in the course.
We do not sell your personal data for money. We do share limited data with Google and Meta for the purposes described above, including through cookies and pixels used to support advertising. Under California law (CCPA/CPRA), some of this activity may be considered "sharing" of personal information for cross-context behavioral advertising. You can opt out at any time using the "Do Not Sell or Share My Personal Information" link in the footer of any page.
5. International data transfers
Some of our service providers are based outside the European Economic Area (EEA) or the United Kingdom. Where personal data is transferred outside the EEA or UK, we rely on Standard Contractual Clauses or other safeguards approved under the GDPR.
6. How long we keep your data
- Purchase records: as long as required by tax and accounting law in our jurisdiction (typically 5 to 7 years).
- Email subscriptions: until you unsubscribe, plus a short period for record-keeping.
- Support correspondence: typically 2 years after the conversation ends.
- Analytics: typically 14 months, in aggregated form.
7. Your rights
If you are in the EEA, the UK, or a similar jurisdiction, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your data ("right to be forgotten"), subject to our legal retention obligations.
- Restrict or object to processing.
- Receive your data in a portable format.
- Withdraw consent at any time, for processing based on consent.
- Lodge a complaint with your local data protection authority. In Poland this is the President of the Personal Data Protection Office (UODO), uodo.gov.pl.
To exercise any of these rights, email info@onlinesafetycourseforfamilies.com. We respond within 30 days.
California residents (CCPA/CPRA): you have the right to know what personal information we collect about you, request access to or deletion of that information, correct inaccurate information, and limit the use of sensitive personal information. You also have the right to opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising. We do not sell your personal information for money, but our use of Meta Pixel may qualify as "sharing" under California law. To opt out, click the Do Not Sell or Share My Personal Information link in the footer of any page, or email info@onlinesafetycourseforfamilies.com. We also honor Global Privacy Control (GPC) browser signals as an opt-out. We will not discriminate against you for exercising these rights.
Canada and Australia residents also have rights to access, correct, and request deletion of personal information held about them, under PIPEDA, Quebec's Law 25, and the Australian Privacy Act 1988. Use the same contact email to exercise these rights.
8. Cookies and similar technologies
This website uses the following categories of cookies and pixels:
- Essential cookies: required for the site to function. No consent needed.
- Analytics (Google Analytics 4): helps us understand how visitors find and use the site. Cookies in the
_gaand_ga_*families. Retained up to 14 months. IP addresses are anonymized by default. - Advertising (Meta Pixel): measures the effectiveness of our Meta (Facebook and Instagram) advertising, attributes purchases, and serves relevant ads to people who have visited the site. Cookies in the
_fbpand_fbcfamilies. Retained up to 90 days.
You can refuse advertising cookies by configuring your browser, by enabling Global Privacy Control, or by emailing us via the "Do Not Sell or Share My Personal Information" link in the footer. You can also opt out of Meta ad personalization in your Facebook or Instagram account settings, and opt out of Google ad personalization at adssettings.google.com.
9. Children
This website and the course are intended for adults. We do not knowingly collect personal data from anyone under 16. If you believe we have collected such data, contact us and we will delete it.
10. Security
We take reasonable technical and organizational measures to protect your data. No system is 100% secure. In the event of a personal data breach affecting your data, we will notify you and the relevant authorities as required by law.
11. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent version. Material changes will be communicated by email to active customers where appropriate.