Privacy Policy
1. Who We Are
SwimSteps ("we," "us," or "our") is an online educational platform for swimming lessons operated by an individual based in the State of Florida, United States. This Policy applies to the website at swim-steps.com and all related services.
For privacy-related questions or requests, contact us at: groppereran@gmail.com
2. Information We Collect
We collect only the information necessary to provide and improve the SwimSteps service.
| Category | Data Collected | How Collected |
|---|---|---|
| Account Information | Email address, encrypted password hash | Provided by you at registration |
| Payment Information | Transaction ID, payment confirmation, purchase history | Received from PayPal after checkout. We never see or store your card or bank details. |
| Usage Data | Pages visited, lesson progress, session timestamps | Collected automatically when you use the service |
| Device & Technical Data | IP address, browser type, operating system, device type | Collected automatically via server logs |
| Cookie Data | Session tokens, cookie consent preference | Stored in your browser via cookies and localStorage |
Information We Do Not Collect
We do not collect your full name, physical address, phone number, or information about your children beyond incidental account use. We do not knowingly collect personal data from children under 13 directly.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Account creation and authentication — to create and manage your SwimSteps account and verify your identity on each login.
- Delivering purchased content — to grant access to lesson content you have paid for and maintain your purchase records.
- Customer support — to respond to your questions, resolve technical issues, and communicate important updates.
- Service improvement — to understand how users navigate SwimSteps, identify technical problems, and improve content and user experience.
- Legal compliance — to comply with applicable laws, regulations, or enforceable governmental requests, and to enforce our Terms of Service.
- Security — to detect, prevent, and respond to fraud, abuse, or security incidents.
We do not sell your personal information. We do not use your data for advertising or marketing without your explicit consent.
4. How We Share Your Information
We share data only in the following limited circumstances:
Service Providers
- Supabase — provides our authentication infrastructure. Your email and encrypted password are stored in Supabase's managed, SOC 2-compliant database. Supabase Privacy Policy →
- PayPal — processes all payments. Your payment information is handled directly by PayPal; we receive only a transaction confirmation. PayPal Privacy Policy →
- Cloudflare — serves the SwimSteps website and may process technical data (IP addresses, request logs) for delivery and security. Cloudflare Privacy Policy →
Legal Requirements
We may disclose your information if required by law, to comply with a legal obligation, or to protect the rights or safety of SwimSteps or others.
Business Transfer
If SwimSteps is acquired or its assets transferred, your personal information may be part of that transaction. We will notify you of any such change and any choices you may have.
5. Cookie Policy
SwimSteps uses cookies and browser localStorage to operate the service.
| Cookie / Key | Purpose | Type | Duration |
|---|---|---|---|
sb-* (Supabase) |
Stores your login session so you stay authenticated | Strictly necessary | Session / up to 1 week |
cookieAccepted |
Records your cookie consent preference | Strictly necessary | Persistent (localStorage) |
We do not use advertising cookies, tracking pixels, or third-party analytics cookies. All cookies we set are strictly necessary to operate the service.
You can clear cookies and localStorage through your browser settings at any time. Doing so will log you out and reset your consent preference.
6. Data Retention
- Account data (email, password hash): retained until you request account deletion.
- Purchase records: retained for at least 7 years to comply with applicable tax and accounting requirements.
- Server/access logs: typically retained for up to 90 days by our infrastructure providers.
To request deletion of your account and data, email groppereran@gmail.com. We will process deletion requests within 30 days, subject to legal retention obligations.
7. Data Security
We take reasonable technical and organizational measures to protect your personal information, including:
- HTTPS encryption for all data in transit;
- Passwords stored as secure cryptographic hashes — never in plaintext;
- Access to user data restricted to authorized personnel only;
- Use of SOC 2-compliant infrastructure providers.
No method of transmission or storage is 100% secure. In the event of a data breach that affects your rights, we will notify you as required by applicable law.
8. Children's Privacy
SwimSteps accounts must be created and managed by adults (18+). We do not knowingly collect personal information directly from children under 13. All lesson content is used by adults on behalf of their children, but children's personal data is not collected by SwimSteps.
If you believe we have inadvertently collected personal information from a child under 13, contact us immediately at groppereran@gmail.com and we will promptly delete it.
9. California Privacy Rights (CCPA / CPRA)
Notice to California Residents
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you the following rights regarding your personal information:
- Right to Know — Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, purposes, and third parties with whom we share it.
- Right to Delete — Request deletion of personal information we hold about you, subject to certain exceptions (e.g., legal obligations).
- Right to Correct — Request correction of inaccurate personal information.
- Right to Opt Out of Sale or Sharing — We do not sell or share your personal information for cross-context behavioral advertising. No opt-out action is required.
- Right to Limit Use of Sensitive Personal Information — We do not process sensitive personal information beyond what is necessary for the service.
- Right to Non-Discrimination — We will not discriminate against you for exercising any of your CCPA rights.
Categories of personal information collected in the past 12 months:
- Identifiers (email address, IP address)
- Commercial information (purchase records)
- Internet or other electronic network activity (usage data, session data)
To exercise your CCPA rights, submit a verifiable consumer request to: groppereran@gmail.com. We will respond within 45 days. We may need to verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf.
10. Your Privacy Rights (All Users)
Regardless of location, you have the right to:
- Access your personal information by contacting us;
- Correct inaccurate data through your account settings or by contacting us;
- Delete your account and associated data by contacting us;
- Withdraw consent where processing is based on consent;
- Lodge a complaint with a supervisory authority in your jurisdiction.
11. Third-Party Links
SwimSteps may contain links to third-party websites (such as PayPal). This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party service you access through SwimSteps.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. Your continued use of SwimSteps after changes are posted constitutes acceptance of the revised Policy. For significant changes, we may notify you by email.
13. Contact Us
For privacy-related questions, data access or deletion requests, or CCPA requests, contact us at:
Email: groppereran@gmail.com
We aim to respond within 5 business days, and no later than 30 days as required by law.