Privacy Policy

Cookie Categories and Consent Management

Essential Cookies (No Consent Required):

• Session management and user authentication
• Course progress tracking and saved preferences
• Security and fraud prevention
• Payment processing and transaction security

Analytics Cookies (Consent Required):

• Google Analytics: Website traffic analysis, user behavior insights
• Hotjar: Heatmaps and user session recordings (if implemented)
• Facebook Analytics: Social media performance tracking
• Opt-out Options: Google Analytics Opt-out

Marketing Cookies (Consent Required):

• Facebook Pixel: Personalized advertising and conversion tracking
• Google Ads: Remarketing and advertisement performance
• LinkedIn Insight: Professional audience targeting

Cookie Consent Management: You can modify your cookie preferences at any time through our consent management system or your browser settings. Blocking certain cookies may limit website functionality.

Essential Service Providers:

• Course Hosting: Kajabi (course delivery platform)
• Payment Processing: Stripe, PayPal (PCI DSS compliant processors)
• Email Services: ConvertKit, Mailchimp (marketing communications)
• Cloud Storage: Amazon Web Services, Google Cloud (secure data hosting)

Analytics and Marketing:

• Website Analytics: Google Analytics (anonymized data)
• Social Media: Facebook, Instagram, LinkedIn (advertising pixels)
• Customer Support: Zendesk, Intercom (help desk services)

Legal and Compliance:

• Legal Authorities: When required by law, court order, or regulatory request
• Business Protection: To protect our rights, property, safety, or investigate fraud
• Business Transfers: In case of merger, acquisition, or business sale (with notice)

GDPR Rights (European Union Users):

• Right to Access: Request copies of your personal data and processing information
• Right to Rectification: Correct inaccurate or incomplete personal information
• Right to Erasure: "Right to be forgotten" (with legal limitations for business records)
• Right to Restrict Processing: Limit how we process your data in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Opt-out of processing based on legitimate interests or direct marketing
• Rights Related to Automated Decision-Making: Contest purely automated decisions (including profiling)

CCPA Rights (California Residents):

• Right to Know: Categories and specific pieces of personal information collected
• Right to Delete: Request deletion of personal information (with business exceptions)
• Right to Opt-Out: "Do Not Sell My Personal Information" (we don't sell data)
• Right to Non-Discrimination: Equal service regardless of privacy rights exercise
• Right to Correct: Request correction of inaccurate personal information

How to Exercise Your Rights:

• Email: support@pouyaeti.com
• Subject Line: "Privacy Rights Request - [Specific Right]"
• Identity Verification: We may request verification to protect your privacy
• Response Time: 30 days (GDPR) or 45 days (CCPA) from verified request
• No Fee: Rights requests are processed free of charge

Technical Safeguards:

• Encryption: SSL/TLS encryption for all data transmission
• Access Controls: Role-based access with multi-factor authentication
• Regular Updates: Security patches and system updates
• Firewall Protection: Network security and intrusion detection
• Secure Backups: Encrypted backup storage with access controls

Organizational Safeguards:

• Staff Training: Regular privacy and security awareness training
• Data Minimization: Collect only necessary information for stated purposes
• Vendor Assessment: Security evaluation of all third-party processors
• Incident Response: Documented breach notification and response procedures

Data Breach Notification:

In the event of a personal data breach, we will:

• Notify supervisory authorities within 72 hours (GDPR requirement)
• Inform affected users without undue delay when high risk to rights and freedoms
• Document all breaches and remediation measures taken
• Conduct post-incident reviews to prevent future breaches

Retention Periods:

• Account Data: Retained while account is active plus 2 years after closure
• Course Progress: Maintained for lifetime access or until account deletion
• Payment Records: 7 years for tax and accounting requirements
• Marketing Data: Until unsubscribe or consent withdrawal
• Support Records: 3 years for quality assurance and issue resolution
• Legal Documentation: As required by applicable laws and regulations

Deletion Procedures:

• Automated deletion based on retention schedules
• Secure data destruction using industry-standard methods
• Third-party processor notification for coordinated deletion
• Backup purging according to retention policies

Types of Communications:

• Transactional Emails: Course access, payment confirmations, account updates (essential)
• Educational Content: Course announcements, learning tips, industry insights
• Promotional Materials: New course launches, special offers, affiliate promotions
• Newsletters: Weekly/monthly updates about business and marketing strategies

Consent Management:

• Double Opt-in: Email confirmation required for newsletter subscriptions
• Clear Consent: Separate checkboxes for different communication types
• Easy Unsubscribe: One-click unsubscribe in all marketing emails
• Granular Control: Choose specific types of communications to receive

Policy Changes: We may update this Privacy Policy to reflect:

• Changes in applicable privacy laws and regulations
• New features, services, or business practices
• Enhanced security measures or data protection practices
• User feedback and privacy enhancement requests

Notification Process:

• Material Changes: 30 days advance notice via email
• Minor Updates: Website notification and updated effective date
• Continued Use: Constitutes acceptance of updated policy
• Withdrawal Option: You may close your account if you disagree with changes