1. Overview

This Privacy Policy describes how Ashgrove Watercolor School (“Ashgrove”, “we”, “us”, “our”) collects, uses, and safeguards personal information when you visit our website, enroll in classes, or interact with our services.

ControllerAshgrove Watercolor School
Data Protection Contact: [email protected]
Phone+1 (209) 472-8816
9:00–18:00 PT, Mon–Fri
Address411 Ashgrove Ave, Suite 208
Monterey, CA 93940, USA
We follow the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

2. Data We Collect

We collect information to provide, improve, and secure our services. Categories include:

Account & Identity
  • Name, email, password hash
  • Billing address, phone number
Usage & Device
  • IP address, timezone, language
  • Browser, device, pages visited
Payments
  • Transaction IDs, masked card details
  • Payment status, refund logs
Support
  • Messages, attachments, satisfaction surveys
Special categories: not intentionally collected Children's data: services for 16+

3. How We Use Data

  • Provide and personalize classes, memberships, and events
  • Verify identity and secure accounts
  • Process payments and manage invoices
  • Communicate service updates and promotions (opt-out available)
  • Protect against fraud, abuse, and security threats
  • Comply with legal obligations and resolve disputes

Automated decision-making

We do not conduct automated decisions that produce legal effects without human review.

4. Legal Bases

Under GDPR, our legal bases include:

  • Contract performance (Article 6(1)(b))
  • Legitimate interests (Article 6(1)(f)) — e.g., service improvement and security
  • Consent (Article 6(1)(a)) for non-essential cookies and marketing
  • Legal obligation (Article 6(1)(c))
CCPA/CPRA: “Sale/Share” not practiced without notice Opt-out links provided in communications

5. Cookies and Similar Technologies

We use cookies to remember preferences, maintain sessions, and analyze aggregate usage. Non-essential cookies are disabled unless you provide consent in the banner below.

  • Strictly necessary — required for login and security
  • Preferences — theme, language
  • Analytics — aggregate metrics to improve the site
  • Marketing — only if you opt-in
Current status: unknown

6. Your Rights

Depending on your location, you may have rights to access, rectify, delete, restrict/opt-out, port your data, or object to processing. To exercise these rights, submit a request below. We respond within 30 days, or as permitted by law.

We may ask for additional verification information to protect your account.

7. Data Retention

We retain personal data only for as long as necessary: account data for the lifetime of your account, billing records for at least 7 years, and support logs for up to 24 months unless required longer for legal reasons.

8. International Transfers

Where data is transferred internationally, we use appropriate safeguards such as Standard Contractual Clauses and risk assessments to protect your information.

9. Security

We employ defense-in-depth: encryption in transit, role-based access controls, audit logs, and regular vulnerability testing. While no system is perfectly secure, we continually improve our controls.

Technical measures

  • TLS 1.2+ encryption
  • Hashing and salting of credentials
  • Backups and monitoring

Organizational measures

  • Least-privilege access
  • Employee training
  • Vendor due diligence

10. Changes to this Policy

We may update this policy to reflect legal, technical, or business developments. Material changes will be notified via the website or email when appropriate.

11. Contact Us

If you have questions or concerns, contact our privacy team:

  • Email: [email protected]
  • Phone: +1 (209) 472-8816
  • Postal: 411 Ashgrove Ave, Suite 208, Monterey, CA 93940, USA