Privacy Policy

Effective date: January 1, 2026

Last updated: January 8, 2026

This Privacy Policy explains how Auto Dojo: The Path to Excellence collects, uses, shares, and protects personal information when you:

• Visit or use our website(s), platforms, and hosted course areas (collectively, the “Site”);
• Enroll in online courses, attend live training or coaching, or use any services we provide; and
• Opt in to receive marketing by email or SMS/text messaging.

By using our services or providing personal information, you accept the practices described in this policy.

1. Controller / Contact Information

Data controller: Auto Dojo: The Path to Excellence, Cole Ave, Dallas, TX, USA
Email for privacy inquiries: [email protected] 

2. What information we collect

A. Information you give us

• Contact information: name, email, phone number, billing/shipping address (where applicable).
• Account & course data: username, hashed password, course enrollment history, progress and certification data.
• Payment data: payment method (credit/debit card tokenized by payment processor), billing address (we do not store full card numbers — our payment processor handles card data).
• Communications and support: messages, chat transcripts, recordings of live sessions (only if you consent or as required for the service).
• Marketing preferences & consents: opt-in / opt-out selections for email and SMS.

B. Information collected automatically

• Usage data and diagnostics (IP address, device and browser type, pages visited, time spent).
• Cookies and similar technologies (see Cookies section).

C. Information from third parties

• Analytics providers, advertising partners, platform providers (e.g., Google Analytics, hosting providers), social login providers, payment processors, email/SMS vendors (e.g., Mailchimp, Twilio) and other service providers.
• Business partners and affiliates (if you register for co-branded events).

3. How we use personal information (purposes)

We use personal information to:

• Provide and improve our services and course delivery (enrollments, certificate issuance, course access).
• Process payments and refunds.
• Communicate important account, billing, and service messages.
• Send marketing communications if you have consented.
• Operate and improve the Site (analytics, troubleshooting).
• Comply with legal obligations and respond to lawful requests.
• Prevent fraud, abuse, and protect our rights and property.

Legal bases (if you are an EU/EEA resident): where applicable, processing is based on consent, contract performance, compliance with legal obligations, legitimate interests (e.g., fraud detection, security, service improvements) or other lawful bases set out in the GDPR. EUR-Lex

4. Email & SMS marketing — consent and opt-out

Email (commercial email)

We send promotional emails only to people who have consented or where otherwise lawful. Every commercial email will include a clear opt-out/unsubscribe link. We comply with the CAN-SPAM Act’s requirements: truthful header info, honest subject lines, identification of commercial content, and a clear opt-out mechanism. ftc.gov+1

SMS / text messages

We will only send marketing text messages if you explicitly opt in to receive them, and we will obtain the required level of consent (prior express written consent where required). Our opt-in flows will include the disclosure of message frequency, consent to receive marketing messages from Auto Dojo: The Path to Excellence, and instructions on how to opt out (e.g., reply STOP). You may revoke consent at any time by following the opt-out instructions in each message or contacting us. Because TCPA rules and court/agency guidance change, we maintain detailed records of opt-ins and consent capture. Federal Communications Commission+1

Recommended opt-in sample language (SMS):
“By checking this box and entering my mobile number, I consent to receive recurring marketing text messages from Auto Dojo: The Path to Excellence at the number provided. Message & data rates may apply. Reply STOP to opt out. Reply HELP for help.”

5. Sharing personal information (who we share with)

We may share personal information with:

• Service providers who help deliver the Site and services (hosting, payment processors, email/SMS platforms, analytics).
• Business partners (co-hosted events, vendor integrations) where needed.
• Legal, regulatory, or law enforcement authorities when required by law or to protect rights.
• Successors or purchasers in the event of a merger, sale or reorganization.

We require service providers to implement appropriate security and confidentiality measures and only process data on our instructions.

6. Cross-border data transfers

Because we operate and use service providers worldwide, your personal data may be transferred outside your country. For transfers from the EEA/UK we rely on appropriate safeguards (for example, Standard Contractual Clauses or other lawful transfer mechanisms) when transferring personal data to countries without an adequacy decision. For details on SCCs and international transfer mechanisms see the EU guidance on Standard Contractual Clauses. European Commission+1

7. Data retention

We retain personal information only as long as necessary for the purposes described (e.g., to provide services, comply with legal obligations, resolve disputes, enforce agreements). Typical retention periods: account records (as long as account active + [1–7] years for accounting/legal needs), marketing opt-ins (until you opt out), support tickets (2–7 years). We will delete or anonymize data when no longer needed unless retention is required by law.

8. Security

We use administrative, technical and physical safeguards to protect personal information (SSL/TLS for data in transit, access controls, encryption of backups where feasible). No system is 100% secure — we cannot guarantee absolute security — and we recommend you take reasonable steps to secure your account (strong password, unique password). In the event of a personal data breach that creates a risk to your rights and freedoms, we will notify affected individuals and regulators as required by law.

9. Children’s privacy

Our Site and services are for adults; we do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided personal information without parental consent, we will take steps to delete the information. Operators of child-directed services must follow COPPA, which imposes strict parental consent and notice requirements; if your content is directed at or likely to attract children under 13, notify us immediately so we can assess COPPA obligations. ftc.gov

10. Your privacy rights (EU/UK/EEA residents)

If you are located in the EU/EEA/UK, you have rights under the GDPR including: access, correction, erasure (right to be forgotten), restriction of processing, data portability, objection to processing (including direct marketing), and the right to withdraw consent. You can exercise these rights by contacting us at privacy@[yourdomain].com. You also have the right to lodge a complaint with your local data protection authority. EUR-Lex

11. California residents (CCPA / CPRA notice)

If you are a California resident, you have additional rights under California law (CCPA/CPRA), including the right to:
• Know what categories of personal information we collect and disclose, and the purpose;
• Request access to or deletion of personal information;
• Opt out of the sale or sharing of personal information (we do not “sell” personal information outside legal definitions unless indicated — if we ever do so we will provide a clear “Do Not Sell or Share My Personal Information” link).
To exercise these rights, submit a verified request to privacy@[yourdomain].com or use the toll-free number [INSERT]. We will not discriminate against you for exercising your rights. For the official summary of California consumer privacy rights and compliance requirements, see California Attorney General / CPRA guidance. California DOJ+1

12. Cookies and tracking technologies

We use cookies and similar technologies (web beacons, local storage) to operate the Site and for analytics, marketing, and personalization. You can manage cookie preferences through our cookie banner and browser settings. Blocking cookies might limit some parts of the Site.

13. Third-party links and services

Our Site may include links or embedded content from third parties (payment providers, video platforms, social networks). Those third parties have their own privacy policies and we are not responsible for their practices. We recommend reviewing their privacy policies before interacting.

14. Automated decision-making and profiling

We may perform limited automated processing to personalize course recommendations and communications, but we do not perform automated decisions with legal or similarly significant effects without human review. If you are subject to automated decision-making and wish to challenge it or request human review, contact privacy@[yourdomain].com.

15. Changes to this policy

We may update this Privacy Policy. We will post the revised policy with a new effective date and notify users as required. Material changes (for example a change in processing purpose) will be communicated more directly where required (email, site banner).

16. How to exercise your rights / contact us

To exercise any rights (access, deletion, opt-out, data portability), or if you have questions about this policy, contact:
[email protected]. We may ask for information to verify your identity.

If you are an EU/EEA resident you also have the right to file a complaint with a supervisory authority (for example, in the Member State where you live or work).

17. DMCA / Copyright content removal requests

For claims of copyright infringement on our Site, contact our designated agent at [email protected] and include the details required by the DMCA.

18. Dispute resolution and governing law

This policy and any dispute arising out of it are governed by the laws of Texas, USA, except to the extent local laws require otherwise. Where applicable, users retain rights granted by consumer protection laws in their jurisdiction.

19. Recommended vendor & implementation checklist

(Use this checklist when implementing and before publishing.)

  1. Consent capture — Ensure all email & SMS opt-in flows record timestamped consent and the exact language presented. Maintain opt-in logs. (Critical: TCPA and GDPR). Federal Communications Commission+1

  2. Cookie banner & preference center — Implement a banner that honors consent choices for tracking cookies and a privacy dashboard.

  3. DSAR process — Implement a documented Data Subject Access Request workflow (verify requestor identity, respond within GDPR/CPRA timelines). EUR-Lex+1

  4. SCCs / transfer safeguards — Put SCCs or other safeguards in place if EU/EEA personal data is processed or stored outside the EU/EEA. European Commission

  5. Vendor contracts — Ensure Data Processing Agreements with cloud, analytics, email/SMS and payment providers.

  6. Retention schedule — Publish internal retention schedule aligned to legal & business needs.

  7. COPPA checks — If you serve kids or collect data likely from children, implement parental consent flows and label content appropriately. ftc.gov

20. Legal disclaimer & next steps

This draft is intended to be comprehensive and actionable for an online training + coaching business that markets by email and SMS. It is not a substitute for legal advice. I strongly recommend (1) tailoring the placeholders (company name, DPO, phone, jurisdiction) and (2) having an attorney review the final policy before publishing — especially for TCPA/SMS flows and any cross-border data transfers.