Your Privacy Matters: We are committed to protecting your personal information and respecting your privacy rights.
1. Information We Collect
1.1 Information You Provide
- Account Information: Name, email address, phone number, role (school admin, instructor, student, parent)
- School Information: School name, address, martial art discipline, country
- Student Records: Names, contact information, grades, attendance, belt ranks, payment records
- Payment Information: Processed securely through Stripe or Curlec (we do not store full credit card numbers)
- Profile Information: Photos, bios, certifications, achievements
1.2 Automatically Collected Information
- Usage Data: Pages visited, features used, time spent, click patterns
- Device Information: Browser type, device type, operating system, IP address
- Cookies and Similar Technologies: Session data, preferences, authentication tokens
- Location Data: Approximate location based on IP address
1.3 Information from Third Parties
- Google OAuth: Name, email, profile picture (if you sign in with Google)
- Payment Processors: Transaction confirmations from Stripe/Curlec
2. How We Use Your Information
2.1 Service Delivery
- Create and manage your account
- Provide access to features based on your role
- Process payments and subscriptions
- Send service notifications and updates
- Provide customer support
2.2 Service Improvement
- Analyze usage patterns to improve features
- Fix bugs and technical issues
- Conduct research and development
- Personalize your experience
2.3 Communication
- Send account-related emails (password resets, security alerts)
- Notify you of new features and updates
- Send marketing emails (you can opt out)
- Respond to your inquiries
2.4 Legal and Safety
- Comply with legal obligations
- Protect against fraud and abuse
- Enforce our Terms of Service
- Protect users' safety and security
3. Data Sharing and Disclosure
3.1 We Share Data With:
| Party | Purpose | Data Shared |
|---|---|---|
| School Administrators | School management | Student/instructor data within their school |
| Parents/Guardians | Monitor child's progress | Their child's attendance, grades, progress |
| Payment Processors | Process payments | Billing information, transaction amounts |
| Cloud Infrastructure | Hosting and storage | All data (encrypted) |
| Analytics Services | Usage analytics | Anonymized usage statistics |
3.2 We DO NOT:
- Sell your personal data to third parties
- Share student data with advertisers
- Use student data for marketing purposes
- Share data across schools without permission
3.3 Legal Disclosure
We may disclose your information if required by law, court order, or to:
- Comply with legal processes
- Protect our rights and property
- Prevent fraud or security threats
- Protect user safety
4. Data Security
4.1 Security Measures
- Encryption: Data encrypted in transit (HTTPS/TLS) and at rest
- Access Controls: Role-based permissions, multi-factor authentication
- Regular Audits: Security reviews and penetration testing
- Secure Infrastructure: Industry-standard cloud hosting
- Password Protection: Bcrypt hashing for passwords
4.2 Payment Security
- PCI-DSS compliant payment processing via Stripe/Curlec
- We do not store full credit card numbers
- Tokenized payment methods
5. Data Retention
5.1 Active Accounts
- Data retained for as long as your account is active
- Student records retained as needed for school operations
- Payment records retained for 7 years (tax/legal requirements)
5.2 Inactive/Deleted Accounts
- Free accounts: Deleted after 12 months of inactivity
- Cancelled accounts: Data retained for 30 days, then permanently deleted
- You can request immediate deletion at any time
- Some data may be retained for legal compliance
6. Your Rights and Choices
6.1 Access and Control
- Access: View your personal data at any time
- Update: Modify your information through account settings
- Export: Download your data in standard formats
- Delete: Request account and data deletion
6.2 Communication Preferences
- Opt out of marketing emails (unsubscribe link in emails)
- Manage notification settings in account preferences
- Essential service emails cannot be opted out
6.3 For EU Residents (GDPR)
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
6.4 For Malaysian Residents (PDPA)
- Right to access your personal data
- Right to correct your personal data
- Right to withdraw consent
- Right to complain to authorities
7. Children's Privacy
7.1 Parental Consent
- The Service is not intended for children under 13
- Schools must obtain verifiable parental consent for student accounts
- Parents can review, modify, or delete their child's data
7.2 Student Data Protection
- Student data used only for educational purposes
- No advertising or marketing to students
- Additional security measures for student accounts
- Parents have full access to their child's data
8. International Data Transfers
Your data may be transferred and processed in countries outside your residence. We ensure appropriate safeguards:
- Standard contractual clauses approved by regulatory authorities
- Encryption during transfer
- Compliance with applicable data protection laws
9. Cookies and Tracking
9.1 Types of Cookies We Use
- Essential Cookies: Required for service functionality (authentication, security)
- Functional Cookies: Remember your preferences and settings
- Analytics Cookies: Help us understand how you use the Service
- Performance Cookies: Improve service performance
9.2 Managing Cookies
- You can control cookies through browser settings
- Disabling essential cookies may affect functionality
- Third-party cookies (Google OAuth) governed by their policies
10. Third-Party Services
We integrate with third-party services. Each has their own privacy policy:
- Google OAuth: Google Privacy Policy
- Stripe: Stripe Privacy Policy
- Curlec: Curlec Privacy Policy
11. Data Breach Notification
In the event of a data breach that affects your personal information:
- We will notify affected users within 72 hours
- We will notify relevant authorities as required by law
- We will provide information about the breach and remediation steps
12. Updates to This Policy
- We may update this Privacy Policy from time to time
- We will notify you of material changes via email or in-app notification
- Continued use after changes constitutes acceptance
- Previous versions available upon request
13. Data Controller and Processor
13.1 WayOfThe.Art as Data Processor
For student data, schools are the data controllers, and we act as data processors on their behalf.
13.2 WayOfThe.Art as Data Controller
For school administrator and instructor accounts, we are the data controller.
14. Your Responsibilities
As a school administrator, you are responsible for:
- Obtaining necessary consents from students and parents
- Complying with local data protection laws
- Maintaining data accuracy
- Protecting account credentials
- Notifying us of any data breaches
15. Contact Us
For privacy-related questions, data requests, or concerns:
Email: privacy@wayofthe.art
Data Protection Officer: dpo@wayofthe.art
Address: WayOfThe.Art, Malaysia
15.1 Data Subject Requests
To exercise your rights (access, deletion, correction), please email us at privacy@wayofthe.art with:
- Your full name and email address
- Specific request (access, delete, export, etc.)
- Verification of identity
We will respond within 30 days.
16. Supervisory Authority
If you believe we have not addressed your privacy concerns, you have the right to lodge a complaint with:
- Malaysia: Personal Data Protection Department (PDPD)
- EU: Your local Data Protection Authority
- Other jurisdictions: Your local privacy regulator
Consent
By using WayOfThe.Art, you consent to the collection, use, and sharing of your information as described in this Privacy Policy.