Privacy Policy

Last updated: July 2025

Our Commitment to Your Privacy

At Women Building with AI, we take your privacy seriously. This policy explains how we collect, use, and protect your information when you use our website, courses, and community.

Information We Collect

• Email address (when you sign up for our newsletter or courses)
• Name (when provided for courses or community access)
• Payment information (processed securely through Stripe)
• Usage data (pages visited, features used)

How We Use Your Information

• To deliver courses and content you've purchased
• To send newsletters and updates (with your consent)
• To improve our services and user experience
• To communicate about your account or purchases

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: We process your email address for newsletters and marketing communications based on your explicit consent
• Contract: We process payment and course data to fulfill our contract with you when you purchase courses or services
• Legitimate Interest: We use analytics data to improve our services and user experience, which serves our legitimate business interests
• Legal Obligation: We may retain certain data to comply with tax, accounting, and legal requirements

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience on our website. Cookies are small text files stored on your device that help us:

• Necessary Cookies: Enable core functionality like security, network management, and accessibility
• Analytics Cookies: Help us understand how visitors use our site (with your consent)
• Marketing Cookies: Track advertising effectiveness and deliver relevant content (with your consent)

You can manage your cookie preferences at any time through our cookie consent banner. Note that disabling certain cookies may impact your experience on our website.

Data Retention

We retain your personal data for different periods depending on the type of information and purpose:

• Newsletter data: Until you unsubscribe or withdraw consent
• Course and payment data: 7 years for tax, accounting, and legal compliance requirements
• Analytics data: 25 months (Google Analytics standard retention period)
• Marketing and communication data: Until consent is withdrawn or you request deletion
• Account data: Until you request account deletion or data erasure

You can request deletion of your data at any time using our data deletion form, subject to any legal obligations we may have to retain certain information.

Third-Party Services

We work with trusted third-party services to provide our platform. Here's what data we share with each:

• Stripe (Payment Processing): Payment information, billing address, and transaction data only. We never store credit card details ourselves.
• ConvertKit (Email Marketing): Email addresses and names only, for newsletter delivery and marketing communications.
• Supabase (Database Hosting): All user data in encrypted form, hosted in secure data centers with SOC 2 compliance.
• Resend (Transactional Emails): Email addresses and names for sending course materials, receipts, and account notifications.
• Google Analytics (Website Analytics): Anonymized usage data and website interaction patterns to improve user experience.

All third-party services we use are GDPR-compliant and have appropriate data processing agreements in place. Data transfers to these services are protected by adequate safeguards.

Data Protection

We use industry-standard security measures to protect your personal information. Your payment information is processed through Stripe and we never store credit card details on our servers. All data is encrypted in transit and at rest, and we regularly review our security practices.

Your Data Rights

Under the General Data Protection Regulation (GDPR) and other data protection laws, you have the following rights:

1. Right to Access

You have the right to request a copy of the personal data we hold about you. This includes information about:

• The categories of data we process
• The purposes of processing
• Who we share your data with
• How long we keep your data

2. Right to Rectification

If you believe any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it. We will update your information as quickly as possible.

3. Right to Erasure (Right to be Forgotten)

You have the right to request that we delete your personal data in certain circumstances, including when:

• The data is no longer necessary for the purpose it was collected
• You withdraw consent (where consent was the legal basis)
• You object to the processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

4. Right to Restrict Processing

You can request that we limit how we use your personal data while we verify its accuracy, investigate your concerns, or if you've objected to our processing.

5. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can also request that we transfer this data directly to another service provider where technically feasible.

6. Right to Object

You have the right to object to processing of your personal data for direct marketing purposes or based on our legitimate interests. We will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests.

7. Right to Withdraw Consent

Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. This won't affect the lawfulness of processing based on consent before withdrawal.

How to Exercise Your Rights

To exercise any of these rights:

• For data deletion: Use our online data deletion request form
• For other requests: Email us at [email protected] with the subject line "GDPR Data Rights Request"

When contacting us, please include:

• Your full name and email address
• Which right(s) you wish to exercise
• Any relevant details about your request

We will respond to your request within 30 days. In some cases, we may need to verify your identity before processing your request.

Right to Lodge a Complaint

If you're not satisfied with how we handle your personal data, you have the right to lodge a complaint with your local data protection authority. However, we encourage you to contact us first so we can try to resolve your concerns.

Contact Us

If you have questions about this privacy policy or your data, please contact us at [email protected]