Privacy Policy

We respect your privacy and process personal data in accordance with applicable privacy laws and widely accepted standards (including principles aligned with GDPR and CCPA where relevant). This policy applies to our website, course platform, support channels, and any related services.

If a local law provides you with stronger protections than this policy, we will apply those stronger protections to the extent required.

FloraCraft Academy acts as the controller (or “business”, depending on jurisdiction) for personal data processed through our website and services. For certain operations (e.g., payment handling), third parties may act as independent controllers or as processors on our behalf.

If you have questions, you can contact us using the details in the “Contact” section below.

We collect information you provide directly, information generated through your use of our services, and limited technical identifiers used to provide and secure the service.

• Account details: name, email, login state, optional profile fields.
• Support communications: messages, attachments you send, and metadata such as timestamps.
• Payment confirmation metadata: handled primarily by payment processors; we may receive limited confirmation details (e.g., status, last 4 digits, receipt identifiers).
• Course activity: enrollment, lesson progress, completion status, preferences, and learning interactions.
• Technical data: IP address (may be considered personal data), device and browser characteristics, locale, referral URLs, and cookie identifiers.
• Security signals: authentication events, suspected abuse indicators, rate-limiting and fraud prevention markers.

We do not intentionally collect sensitive categories of personal data (e.g., health, biometrics) and we ask that you do not submit such data through our forms or messages.

We use personal data to:

• Provide and operate our courses, accounts, and customer support.
• Personalize learning schedules and recommend content based on your activity.
• Process purchases and maintain records for accounting and tax compliance.
• Secure our systems, prevent fraud, and enforce our policies.
• Improve content quality and user experience through aggregated analytics.
• Send service messages (e.g., password resets, important updates) and, where permitted, marketing communications you can opt out from.

Where required by law, we rely on one or more legal bases to process personal data, including:

• Contract: to provide purchased courses and account features.
• Legitimate interests: to secure our services, improve content, and provide a reliable platform.
• Consent: for certain cookies or optional communications, where required.
• Legal obligation: to comply with accounting, tax, and regulatory requirements.

We use cookies and similar technologies to operate essential features, remember preferences, measure performance, and keep sessions secure. You can control cookies through our cookie banner and your browser settings.

We do not sell your personal data. We may share personal data with trusted service providers and partners only as needed to operate the service.

• Service providers (processors): hosting, analytics, email delivery, customer support tooling.
• Payment processors: to complete transactions and reduce fraud (they may act as independent controllers).
• Legal / compliance: when required by law or to protect rights, safety, and security.
• Business changes: in a merger, acquisition, or asset transfer, subject to applicable safeguards.

We operate globally. If personal data is transferred to another country, we rely on appropriate safeguards such as contractual protections and, where relevant, additional technical and organizational measures.

We retain personal data only for as long as necessary to provide the service, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary depending on the category of data, the purpose of processing, and applicable requirements.

• Account data: retained while your account remains active; some records may remain as needed for compliance and audit.
• Course activity: retained to provide continuity of learning and improve course quality.
• Support messages: retained to address issues and improve support quality; may be deleted or anonymized over time.
• Technical logs: retained for security and troubleshooting, typically for limited periods.

We implement reasonable administrative, technical, and organizational safeguards designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. No method of transmission or storage is 100% secure; therefore, we cannot guarantee absolute security.

If you suspect an account compromise, contact us promptly so we can assist and take protective measures.

Depending on your location, you may have rights regarding your personal data. These can include:

• Access and correction
• Erasure and restriction
• Portability
• Objection to processing
• Consent withdrawal (where processing is based on consent)
• Opt-out of certain disclosures or “sharing” where defined by law

You can submit a request via the contact details below. For security, we may need to verify your identity before fulfilling requests.

Our services are not directed to children under 13 (or a higher age if required by local law). We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will take appropriate steps to delete it.

We may update this policy to reflect changes in our practices, technologies, or legal requirements. We will post the updated version on this page and update the “Last updated” date.