Privacy Policy

Last Updated: December 6, 2025

                Our Commitment: Your privacy is important to us. This policy explains what information we collect, how we use it, and how we protect it. We never sell your personal data.
            

1. Introduction

Training Site Manager ("we," "our," or "us") operates the Training Site Manager platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when using our Service:

Category	Examples	Purpose
Account Information	Name, email, phone, organization name, AHA Training Site ID	Account creation and management
Student Data	Names, emails, phone numbers, certification records	Class management and certification tracking
Instructor Data	Names, credentials, certifications, contact information	Instructor management and scheduling
Class Information	Schedules, locations, rosters, completion records	Training operations management
Payment Information	Billing address, payment method (processed by Stripe)	Subscription billing

2.2 Information Collected Automatically

When you access the Service, we automatically collect:

Log Data: IP address, browser type, pages visited, time and date of access
Device Information: Device type, operating system, unique device identifiers
Usage Data: Features used, actions taken, time spent on pages
Cookies: Session cookies for authentication and preferences

2.3 Information from Third Parties

We may receive information from:

Payment Processors: Transaction confirmations from Stripe
Authentication Services: If you use third-party login (if available)

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Operations

Provide, operate, and maintain the Service
Process transactions and send related information
Manage your account and subscription
Enable features like class scheduling, student tracking, and reporting

3.2 Communications

Send administrative emails (account verification, security alerts, service updates)
Respond to your inquiries and support requests
Send promotional communications (only with your consent)

3.3 Improvement and Analytics

Understand how users interact with the Service
Identify and fix technical issues
Develop new features and improvements
Generate aggregated, anonymized analytics

3.4 Security and Legal

Detect, prevent, and address fraud or security issues
Comply with legal obligations
Enforce our Terms of Service

4. Data Sharing and Disclosure

Important: We do not sell, rent, or trade your personal information to third parties for marketing purposes.

We may share your information in the following circumstances:

4.1 Service Providers

We work with trusted third-party service providers who assist us in operating the Service:

Hosting: Hostinger (data storage and server infrastructure)
Payment Processing: Stripe (subscription billing)
Email: Microsoft/Outlook (transactional emails)

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Within Your Organization

Data you enter is accessible to authorized users within your organization based on their assigned roles and permissions.

4.3 Legal Requirements

We may disclose information if required by law, court order, or government request, or if we believe disclosure is necessary to:

Comply with legal obligations
Protect our rights or property
Prevent fraud or security issues
Protect the safety of users or the public

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

5. Data Retention

We retain your information for as long as necessary to:

Provide the Service to you
Comply with legal obligations
Resolve disputes and enforce agreements

Retention Periods:

Active Accounts: Data retained while account is active
Cancelled Accounts: Data retained for 30 days after cancellation, then deleted
Audit Logs: Retained for 2 years for security purposes
Backups: Retained for up to 90 days

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption: All data transmitted via HTTPS/TLS encryption
Password Security: Passwords are hashed using industry-standard algorithms (bcrypt)
Access Controls: Role-based access limits data visibility
CSRF Protection: Protection against cross-site request forgery attacks
Rate Limiting: Protection against brute-force attacks
Audit Logging: Activity logging for security monitoring

                While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
            

7. Your Rights and Choices

7.1 Access and Portability

You can access most of your data directly through the Service. You may request a complete export of your data by contacting us.

7.2 Correction

You can update your account information directly in the Service settings. Contact us for assistance with other data corrections.

7.3 Deletion

You may request deletion of your account and associated data. Some data may be retained as required by law or for legitimate business purposes.

7.4 Communication Preferences

You can opt out of promotional emails by clicking "unsubscribe" in any promotional email. You cannot opt out of essential service communications.

7.5 Cookies

Most web browsers allow you to control cookies through settings. Disabling cookies may affect Service functionality.

8. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

9. International Data Transfers

Our Service is hosted in the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from your country.

10. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: Request information about data collection and sharing
Right to Delete: Request deletion of personal information
Right to Opt-Out: We do not sell personal information
Non-Discrimination: We will not discriminate against you for exercising these rights

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

Posting the updated policy on this page with a new "Last Updated" date
Sending an email notification for material changes

We encourage you to review this policy periodically.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: cninomiya@valleyamb.org

For data access, correction, or deletion requests, please include "Privacy Request" in your subject line.

Thank you for trusting Training Site Manager with your data. We are committed to protecting your privacy and being transparent about our practices.

Back to home | Terms of Service