Privacy Policy

1. Introduction

We’re World Tea Academy. We take your privacy seriously. This policy explains what data we collect, why we need it, and what we do with it.

This applies to:

• Our website
• Emails we send you
• Any interactions with our ads elsewhere online

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you voluntarily provide when you:

• Create an account to access courses and earn certifications
• Purchase courses (all courses include lifetime access)
• Complete course lessons, quizzes, and certification exams
• Subscribe to our newsletter or educational content
• Contact us for support or course inquiries
• Leave course reviews or share tea tasting notes

This information may include:

• Full name
• Email address
• Mailing/billing address
• Phone number (if provided)
• Payment information (processed securely by our payment processors)
• Course enrollment information
• Communication preferences
• Any other information you choose to provide

2.2 Information Automatically Collected

When you visit our Site, we automatically collect certain information about your device and browsing behavior:

Device Information:

• IP address
• Browser type and version
• Device type and operating system
• Unique device identifiers
• Mobile network information

Usage Information:

• Pages visited and time spent on pages
• Referring/exit pages
• Date and time stamps
• Clickstream data
• Course progress and completion data
• Search queries on our Site

Location Information:

• General geographic location based on IP address
• Precise location (only if you grant permission)

2.3 Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information and improve your experience. See Section 9 (Cookie Policy) for detailed information.

3. How We Use Your Information

We use the information we collect to:

3.1 Provide and Improve Services

• Process your orders and deliver purchased courses/products
• Create and manage your account
• Send order confirmations and course access information
• Provide customer support
• Improve our Site functionality and user experience
• Develop new products and services

3.2 Marketing and Communications

• Send emails about new courses and offers (only if you’ve opted in)
• Show you relevant ads
• Send newsletters with tea education content
• Occasionally ask for feedback to improve

3.3 Analytics and Business Operations

• Understand how people use the Site (what works, what doesn’t)
• Prevent fraud and keep accounts secure
• Meet legal requirements (taxes, data protection laws, etc.)
• Handle disputes or issues that come up

3.4 Legal Requirements

• Comply with laws and regulations
• Respond to valid legal requests
• Enforce our Terms of Service when needed

4. Third-Party Services and Data Sharing

We use third-party tools to run the Site and handle payments. These companies are contractually bound to keep your data secure and not misuse it. We rely on trusted, industry-standard providers.

4.1 Analytics Services

Google Analytics

• What it does: Tracks Site traffic and how people navigate the Site
• What it collects: Page views, time on Site, device type, general location
• Our IDs: G-V1DT3TZ2Y7, GT-TNLB3ND
• Opt-out: Browser extension here

Lucky Orange

• What it does: Records sessions and creates heatmaps so we can see where people click and scroll
• What it collects: Mouse movements, clicks, scrolling, form interactions
• Why: Helps us find confusing parts of the Site

Metorik

• What it does: E-commerce analytics for orders and customer data
• What it collects: Purchase history, cart activity, how you found us (UTM parameters)
• Cookie retention: 6 months

4.2 Marketing and Funnel Tools

WooFunnels

• What it does: Tracks the checkout process and conversions
• What it collects: Page views, conversion events, UTM parameters

4.3 Security and Spam Prevention

CleanTalk

• What it does: Blocks spam on forms and comments
• What it collects: Email addresses, IP addresses, browser info

4.4 Payment Processor

Stripe

• What it does: Processes all payments
• What it collects: Name, billing address, payment card details
• Important: We never see or store your complete card details. Stripe handles all payment data securely (PCI DSS compliant).

4.5 Shipping Provider

Australia Post

• What it does: Handles shipping for physical products
• What we share: Your name and shipping address to create shipping labels
• Why: Can’t ship without it

4.6 Hosting & Infrastructure

Our website and application data are hosted primarily on servers in the United States using reputable cloud infrastructure providers, including Google-operated data centers. These providers process data on our behalf under contractual obligations that include confidentiality, security, and data protection requirements.

4.7 Email Service Provider

Postmark

• What it does: Sends transactional and marketing emails
• What it collects: Email open rates, link click tracking
• Why: Helps us understand which emails are useful and which aren’t

4.8 CDN & Security

Cloudflare

• What it does: Content delivery network (CDN) and DDoS protection
• What it collects: IP addresses, browser information, request logs
• Why: Speeds up the site and protects against attacks
• Privacy Policy: View Cloudflare privacy policy

4.9 Other Service Providers

We may share information with:

• IT service providers (for technical support and maintenance)
• Professional advisors (lawyers, accountants, auditors)

4.10 Business Transfers

If we are involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. You will be notified via email and/or prominent notice on our Site.

4.11 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Court orders or subpoenas
• Government or law enforcement requests
• Legal proceedings
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activity

4.12 With Your Consent

We may share your information for any other purpose disclosed to you with your consent.

5. Data Retention

We keep your data as long as we need it—or as long as the law requires. Here’s the breakdown:

Retention Periods:

• Account & Course Access: Maintained for lifetime as long as you have purchased courses (we provide lifetime access to all courses purchased)
• Course Progress Data: Retained indefinitely to maintain your lifetime course access and certifications
• Purchase Records: 7 years minimum (required for tax/accounting and to honor lifetime access guarantee)
• Marketing Data: Until you unsubscribe or we determine it is no longer needed (typically after a period of inactivity)
• Analytics Data: 26 months (Google Analytics default)
• Security Logs: 90 days to 1 year

Important: Since we promise lifetime course access, we keep your account data forever unless you explicitly ask us to delete it. If you delete your account, you lose access to everything you’ve purchased—no refunds, no recovery.

6. Data Security

We use industry-standard security to protect your data from unauthorized access or breaches.

Security Measures Include:

• SSL/TLS encryption for data transmission
• Secure payment processing (PCI DSS compliant processors)
• Regular security audits and updates
• Access controls and authentication
• Employee training on data protection
• Secure data backup procedures

Reality check:

• No online system can be guaranteed 100% secure
• We do our best, but we can’t guarantee absolute security
• Keep your password secure—that’s on you

7. Your Privacy Rights

7.1 All Users

You have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Opt-Out: Unsubscribe from marketing communications at any time
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to processing of your information for certain purposes

7.2 California Residents (CCPA/CPRA Rights)

If you’re in California, you get some extra rights under state law:

Right to Know:

• Categories of personal information collected
• Specific pieces of personal information collected
• Sources of personal information
• Purposes for collecting/sharing personal information
• Categories of third parties with whom we share information

Note: Most of this information is already described in Section 2 (Information We Collect) and Section 4 (Third-Party Services). If you need specific details about YOUR data, email us.

Right to Delete:

• Request deletion of personal information we collected from you (subject to exceptions)

Right to Opt-Out:

• We do not “sell” personal information as defined by CCPA
• You have the right to opt-out of sharing for cross-context behavioral advertising
• You can request an opt-out by emailing us (see “To Exercise Your Rights” below)

Right to Non-Discrimination:

• We will not discriminate against you for exercising your CCPA rights

Right to Limit Use of Sensitive Personal Information:

• We do not collect or use sensitive personal information as defined by CPRA

Verification:
We’ll confirm your identity by verifying your account email and, if needed, requesting additional information related to your account or most recent order. This helps protect you from unauthorized requests.

Using an Agent:
You can have someone make requests on your behalf—just need proof they’re authorized.

7.3 European Users (GDPR Rights)

If you’re in Europe (EEA, UK, or Switzerland), GDPR gives you these rights:

Legal Basis for Processing:

• Contract: Processing necessary to fulfill our contract with you (course delivery, payment processing)
• Legitimate Interest: Analytics, fraud prevention, marketing to existing customers
• Consent: Newsletter subscriptions, optional tracking
• Legal Obligation: Tax records, legal compliance

Additional Rights:

• Right to withdraw consent at any time
• Right to lodge a complaint with your supervisory authority
• Right to restrict processing
• Right to data portability

International Data Transfers:
We’re based in the US. If you’re outside the US, your data gets transferred here. US laws might not be as strict as yours, but we use standard security practices to keep it safe.

8. Children’s Privacy

Our Site isn’t for kids under 13, and we don’t knowingly collect their data. If you’re under 13, don’t use the Site, create accounts, or buy anything.

If we accidentally collect data from a kid under 13, we’ll delete it immediately. Parents, if you think this happened, email us at privacy@australianteamasters.com.au.

Note: Parents are responsible for supervising minors using our Site.

9. Cookie Policy

9.1 What Are Cookies?

Cookies are tiny files saved on your device when you visit. They help us recognize you and remember things like your login or preferences.

9.2 Types of Cookies We Use

Strictly Necessary Cookies:

• Essential for Site operation
• Enable navigation and basic features
• Cannot be disabled without affecting Site functionality
• Examples: Session management, security tokens

Performance/Analytics Cookies:

• Collect information about how you use our Site
• Help us improve Site performance
• Providers: Google Analytics, Lucky Orange, Metorik
• Retention: Up to 26 months

Functionality Cookies:

• Remember your preferences and choices
• Provide enhanced features
• Examples: Language preferences, course progress

Marketing/Advertising Cookies:

• Track your browsing across websites
• Display relevant advertisements
• Measure ad campaign effectiveness
• Providers: Google Ads (if enabled), Facebook Pixel (if enabled)
• Where required by law: Marketing cookies are only used after you provide consent.

Source Tracking Cookies (Metorik):

• Track how you found our Site (UTM parameters, referrers)
• Retention: 6 months
• Cookie Name: mtk_src_trk

9.3 Third-Party Cookies

Some cookies are placed by third-party services on our Site:

• Google Analytics
• Lucky Orange
• WooFunnels tracking scripts
• Payment processor (Stripe)
• Social media platforms (if you interact with social buttons)

9.4 Managing Cookies

Browser Settings:
Most browsers allow you to:

• View cookies stored on your device
• Delete cookies
• Block all cookies
• Block third-party cookies
• Receive notifications before cookies are stored

Note: Blocking cookies may affect Site functionality and your user experience.

Cookie Management Links:

• Chrome: chrome://settings/cookies
• Firefox: about:preferences#privacy
• Safari: Preferences > Privacy
• Edge: edge://settings/privacy

Opt-Out Tools:

• Google Analytics opt-out add-on
• NAI opt-out page
• DAA opt-out page

9.5 Do Not Track Signals

Some browsers have “Do Not Track” (DNT) features. We do not currently respond to DNT signals, as there is no universal standard for how to interpret them.

10. User-Generated Content

If you post reviews, images, or videos on our Site:

Public Information:

• Your content will be publicly visible
• It may be viewed by other users and third parties
• It may be indexed by search engines

Content Rights:

• You’re giving us permission to display and share what you post (but you still own it)
• We won’t sell your content or use it inappropriately

How We Protect Your Privacy:

• We avoid displaying your full name where possible—using first name only or initials
• We minimize personally identifiable information in public displays
• We take privacy seriously and design features with your anonymity in mind

Moderation:

• We can remove content that violates our policies or is inappropriate
• We might edit content if legally required or for clarity

Privacy Consideration:

• Do not include sensitive personal information in public content
• Once published, content may be copied or shared by others
• Deletion requests may not remove all copies from the internet

11. Third-Party Links

Our Site may contain links to third-party websites, applications, or services that we do not own or control.

Important:

• This Privacy Policy does not apply to third-party sites
• We are not responsible for third-party privacy practices
• Third-party sites have their own privacy policies
• We encourage you to review their policies before providing information

Third-Party Content:

• Social media widgets and share buttons
• Embedded videos (YouTube, Vimeo)
• External resources and references
• Partner or affiliate sites

12. Email Marketing and Communications

12.1 Types of Emails

Transactional Emails (Cannot Opt-Out):

• Order confirmations
• Course access credentials
• Account notifications
• Password resets
• Important service updates

Marketing Emails (Can Opt-Out):

• Promotional offers
• New course announcements
• Newsletters
• Special events

12.2 Opting Out

To Unsubscribe:

• Click the “Unsubscribe” link in any marketing email
• Email us at privacy@australianteamasters.com.au
• Log into your account and update email preferences

Processing Time: Up to 10 business days

Note: You will still receive transactional emails necessary for your account and purchases.

13. Data Breach Notification

If there’s a data breach that affects your info:

What we’ll do:

• Investigate immediately
• Lock down systems to prevent further damage
• Figure out who’s affected and how bad it is
• Notify you as required by applicable law, and as promptly as reasonably possible
• Report to authorities as needed

What we’ll tell you:

• What happened
• What data was affected
• What we’re doing about it
• What you should do to protect yourself
• How to reach us with questions

How We Will Notify You:

• Email to the address on file
• Prominent notice on our Site
• Other methods as required by applicable law

14. International Users and Data Transfers

Australian Tea Masters who run World Tea Academy is a Wyoming-registered limited liability company (LLC) in the United States. While our operational team is based in Australia, the company’s data governance framework is designed to comply with applicable United States privacy laws.

Server Location: Our core application servers are located primarily in the United States. Some third-party providers (such as CDNs and security services) may process limited technical data globally to deliver and protect the Site.

International Orders:
If you’re accessing our Site from outside the United States:

• Your information will be transferred to and processed in the U.S.
• U.S. data protection laws may differ from those in your country
• By using our Site, you understand your information may be transferred to and processed in the U.S.

What We Do:

• We use industry-standard security measures
• We work with service providers who maintain appropriate data protection standards
• Where required by law, we rely on appropriate safeguards for international transfers (such as contractual protections).

15. Changes to This Privacy Policy

We might update this policy when things change—new features, legal requirements, whatever.

When we update:

• We’ll post the new version here
• We’ll update the date at the top
• For big changes, we’ll put up a notice on the Site or email you

Continuing to use the Site after changes = you’re cool with the updates.

16. Contact Us

Questions? Concerns? Want to request something? Email us:

General Contact:

• Website: https://www.worldteaacademy.com
• Contact Page: https://www.worldteaacademy.com/contact

Mailing Address:
World Tea Academy
107 Ryrie Street
Geelong, VIC 3220
Australia

Note: We’re a US-registered LLC (Wyoming) operating from Australia.

For California Residents:
If you are not satisfied with our response to your privacy request, you may contact the California Attorney General at: https://oag.ca.gov/contact

For EEA Residents:
If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

17. Additional Information

17.1 Automated Decision Making

We don’t use AI or algorithms to make decisions that legally affect you. The automated stuff we do use:

• Spam filters on forms
• Fraud detection on payments
• Course suggestions based on what you’ve looked at

Nothing major—and humans review flagged stuff anyway.

17.2 Account Deletion

To delete your account and associated data:

1. Email privacy@australianteamasters.com.au from your account email with subject “Account Deletion Request”
2. We may request additional information to verify your identity (for example, an order number or billing postcode) before processing deletion
3. We will process your request within 30 days

What Happens:

• Your account will be permanently deleted
• You will lose lifetime access to all purchased courses – this cannot be undone
• Course progress, certifications, and completion records will be deleted
• Personal information will be removed from active databases
• Some information may be retained in encrypted backup systems for up to 90 days before permanent deletion
• Purchase records may be retained for legal/tax purposes (anonymized where possible)

What Is Not Deleted:

• Legally required financial records
• Information necessary for fraud prevention
• Anonymized analytics data that cannot identify you

17.3 Lifetime Course Access

We honor our lifetime access promise:

• All courses purchased include lifetime access
• Your account remains active indefinitely, even if inactive
• We will never delete accounts with purchased courses due to inactivity
• Course progress, certifications, and completion records are maintained permanently

Note: If you request account deletion, you will permanently lose access to all purchased courses and cannot recover them.

18. Summary of Your Rights

Quick Reference:

• ✓ Access – Request a copy of your data
• ✓ Correct – Fix inaccurate information
• ✓ Delete – Request deletion (subject to legal requirements)
• ✓ Opt-Out – Unsubscribe from marketing
• ✓ Port – Receive your data in a portable format
• ✓ Object – Object to certain processing activities
• ✓ Restrict – Request limited processing
• ✓ Complain – File a complaint with supervisory authorities

California Residents Also Have:

• ✓ Right to know what data is collected and shared
• ✓ Right to opt-out of data sharing (we don’t sell data)
• ✓ Right to non-discrimination for exercising rights

By using our Site, you acknowledge this privacy policy. If something doesn’t make sense or you have concerns, reach out – we’re here to help.