Comprehensive Privacy Policy

1. Introduction and Scope

Culinary Alchemy Academy ("Company", "we", "us", or "our") is deeply committed to protecting your privacy and ensuring that your personal information is handled safely, responsibly, and in strict accordance with applicable global data protection regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This comprehensive Privacy Policy governs your use of our website, our mobile applications (if any), and our educational video subscription services (collectively, the "Service"). By accessing or using the Service, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Policy.

2. Detailed Breakdown of Information We Collect

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device ("Personal Information").

2.1. Identifiers

This includes real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, or other similar identifiers.

2.2. Commercial Information

Records of products or services purchased, obtained, or considered, such as our $230 Annual Master subscription, including purchasing or consuming histories or tendencies.

2.3. Financial Data

While we facilitate payments, all financial transactions are processed by highly secure, PCI-DSS compliant third-party payment processors (e.g., Stripe, PayPal). We do not directly collect, store, or process full credit card numbers or bank account details on our servers.

2.4. Internet or Other Similar Network Activity

Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

2.5. Geolocation Data

Physical location or movements, determined through IP address masking or other localized tracking technologies to provide relevant regional content and tax compliance.

3. Lawful Basis and Methods of Data Processing

We process your Personal Information under the following lawful bases:

• Contractual Necessity: To perform the contract we are about to enter into or have entered into with you (e.g., providing access to course materials).
• Legitimate Interests: For our legitimate business interests, provided your fundamental rights do not override those interests. This includes fraud prevention, network security, and direct marketing of similar products.
• Legal Obligation: To comply with a legal or regulatory obligation, such as tax reporting.
• Consent: Where you have provided explicit, informed consent for a specific processing activity.

4. Data Sharing, Sub-processors, and Third-Party Disclosures

We maintain a strict anti-selling policy. We do not, and will not, sell your Personal Information. However, to operate effectively, we share data with the following categories of third parties:

• Service Providers: Cloud hosting providers (e.g., AWS, Google Cloud), email delivery services, customer relationship management (CRM) software, and video hosting platforms.
• Professional Advisors: Lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
• Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or other sale of all or a portion of our assets, user data may be one of the transferred assets.

5. Data Retention Policies

We will only retain your Personal Information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, and applicable legal requirements. Generally, user account data is retained for the lifetime of the account plus 7 years for tax and legal compliance.

6. International Data Transfers

Your information, including Personal Information, may be transferred to - and maintained on - computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction. By using our Service, you consent to this transfer, ensuring that adequate safeguards, such as Standard Contractual Clauses (SCCs), are in place.

7. Your Privacy Rights (GDPR and CCPA)

You possess comprehensive rights regarding your data:

• Right to Know/Access: You can request a copy of the Personal Information we hold about you.
• Right to Rectification: You can request that we correct any inaccurate or incomplete data.
• Right to Erasure (Right to be Forgotten): You can request the deletion of your data, subject to certain legal exceptions.
• Right to Restrict Processing: You can ask us to suspend the processing of your data in specific scenarios.
• Right to Data Portability: You can request your data in a structured, commonly used, machine-readable format.
• Right to Opt-Out: California residents may opt-out of the "sale" of personal information (though, as stated, we do not sell data).

8. Children's Privacy (COPPA Compliance)

Our Service does not address anyone under the age of 13 (or higher age threshold in certain jurisdictions). We do not knowingly collect personally identifiable information from children. If a parent or guardian becomes aware that their child has provided us with Personal Data without parental consent, please contact us immediately for deletion.

9. Contact the Data Protection Officer (DPO)

If you have any questions, concerns, or requests to exercise your rights under this Privacy Policy, please contact our dedicated support and compliance team at:

Email: [email protected]

Address: 1250 Market Street, Suite 420, San Francisco, CA 94103, USA