Privacy Policy

1. Introduction

The Open Window Academy LLC ("Company," "we," "us," or "our") operates the The Open Window Academy platform ("Platform"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit our Platform, create an account, purchase a membership, participate in the Affiliate Program, or interact with our services.

By using the Platform, you consent to the data practices described in this Privacy Policy. If you do not agree with these practices, please do not use the Platform.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, username, and password when you create an account.
• Payment Information: Billing address, payment method details (processed securely through Stripe — we do not store full credit card numbers, CVV, or card expiration dates).
• Affiliate Information: Tax identification information (SSN/EIN for U.S. Affiliates via W-9), payout preferences, bank account details for commission payments.
• Contact Form Submissions: Name, email, subject, and message content when you submit a contact form.
• Profile Information: Any additional information you voluntarily provide in your profile or communications with us.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent on the Platform, click patterns, and navigation paths.
• Device Information: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
• Cookies & Tracking: Session cookies for authentication, preference cookies for language and currency settings, and analytics cookies for Platform improvement.
• Referral Data: Referral codes, referral source URLs, and conversion tracking data related to the Affiliate Program.

2.3 Information from Third Parties

• OAuth Providers: When you log in via our authentication provider, we receive your name, email, and unique identifier.
• Payment Processors: Stripe provides us with transaction confirmation, subscription status, and payment method type (not full card details).

3. How We Use Your Information

• Service Delivery: To create and manage your account, process payments, deliver Products, and provide customer support.
• Affiliate Program: To track referrals, calculate commissions, process payouts, and manage tier qualifications.
• Tax Compliance: To prepare and file IRS Form 1099-NEC for U.S.-based Affiliates earning $600 or more annually, and to comply with other applicable tax reporting requirements.
• Communications: To send transactional emails (payment confirmations, account updates), promotional communications (with opt-out), and important notices about changes to our Terms or services.
• Platform Improvement: To analyze usage patterns, diagnose technical issues, and improve the Platform's features and performance.
• Security: To detect, prevent, and respond to fraud, unauthorized access, and other security threats.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.

4. Affiliate-Specific Data Handling

If you participate in the Affiliate Program, the following additional data practices apply:

• Commission Records: We maintain records of all commissions earned, paid, and pending for a minimum of seven (7) years for tax and audit purposes.
• Team Data: Your referral network structure (who referred whom) is visible to you and to the Company for program administration. Your personal contact information is NOT shared with your upline or downline.
• W-9/Tax Information: Taxpayer identification information is stored securely and used exclusively for 1099 reporting. This information is never shared with other Affiliates or third parties except as required by law.
• Performance Data: Your tier status, team size, and aggregate team revenue may be used in anonymized, aggregate form for Platform statistics and recognition programs.

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: With trusted third-party service providers who assist us in operating the Platform (payment processing, email delivery, hosting, analytics). These providers are contractually obligated to protect your information.
• Legal Requirements: When required by law, subpoena, court order, or governmental regulation.
• Tax Authorities: 1099 reporting information is shared with the IRS and applicable state tax authorities as required by law.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction.
• With Your Consent: When you explicitly authorize us to share your information for a specific purpose.

6. Data Security

We implement industry-standard security measures to protect your personal information, including:

• SSL/TLS encryption for all data transmission.
• Encrypted storage for sensitive data (passwords, tax information).
• Regular security audits and vulnerability assessments.
• Access controls limiting employee access to personal information on a need-to-know basis.
• PCI DSS compliance through our payment processor (Stripe).

Despite these measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security and are not responsible for unauthorized access resulting from circumstances beyond our reasonable control.

7. Data Retention

We retain your information for the following periods:

• Account Data: Retained for the duration of your active account plus 3 years after account closure.
• Payment & Commission Records: Retained for 7 years for tax compliance and audit purposes.
• Tax Information (W-9): Retained for 7 years from the last 1099 filing.
• Contact Form Submissions: Retained for 2 years.
• Usage Analytics: Retained in anonymized form indefinitely for Platform improvement.

When data is no longer needed and the retention period has expired, we will securely delete or anonymize it.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

8.1 General Rights

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements (e.g., tax records cannot be deleted during the 7-year retention period).
• Portability: Request your data in a structured, commonly used, machine-readable format.
• Opt-Out: Opt out of promotional communications at any time via the unsubscribe link in emails or by contacting us.

8.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information collected about you.
• Right to Delete: Request deletion of your personal information, subject to legal exceptions.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
• Do Not Sell: We do not sell personal information. No opt-out is necessary.

8.3 European Residents (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• Legal Basis: We process your data based on consent, contractual necessity, legitimate interests, or legal obligations.
• Right to Restrict Processing: Request restriction of processing in certain circumstances.
• Right to Object: Object to processing based on legitimate interests.
• Right to Lodge a Complaint: File a complaint with your local data protection authority.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or 45 days for complex requests, with notice).

9. International Data Transfers

The Platform is operated from the United States. If you access the Platform from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Platform, you consent to this transfer. We take reasonable steps to ensure your information is treated securely and in accordance with this Privacy Policy.

10. Children's Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us at [email protected].

11. Cookies & Tracking Technologies

• Essential Cookies: Required for authentication, session management, and security. Cannot be disabled.
• Preference Cookies: Store your language selection, currency preference, and theme settings.
• Analytics Cookies: Help us understand how visitors use the Platform to improve our services.
• Referral Tracking: Used to attribute referrals to the correct Affiliate for commission purposes.

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features of the Platform.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered Members and/or posted prominently on the Platform at least 30 days before taking effect. Your continued use of the Platform after changes are posted constitutes acceptance of the updated Privacy Policy.

13. Contact Information

For privacy-related questions, data requests, or concerns, please contact us at: