Privacy Policy
Effective date: January 5, 2026
Tostep BloomLab (“we,” “us,” or “our”) provides e-learning services for floristry professionals. This Privacy Policy describes how we collect, use, and share information when you use our website and services.
1. Information we collect
- Account data: name, email, password (hashed), and communication preferences.
- Transaction data: purchased courses, billing address, and limited payment metadata handled via secure processors.
- Usage data: pages visited, device information, approximate location, and cookies or similar technologies.
- User content: assignments, feedback, and messages you submit via forms.
2. How we use information
- Provide and improve courses, grading, and certifications.
- Process payments and deliver receipts.
- Communicate about assignments, updates, and support.
- Prevent fraud, secure accounts, and comply with legal obligations.
3. Legal bases for processing
- Contract: to deliver purchased services and maintain your account.
- Legitimate interests: analytics, product improvement, and security.
- Consent: marketing communications and certain cookies.
- Legal obligations: tax, accounting, and compliance requirements.
4. Cookies and similar technologies
We use essential cookies for authentication and preference storage, and non-essential cookies for analytics. You can manage preferences via our cookie banner or browser settings.
5. Sharing of information
- Service providers: hosting, analytics, email, and payment processors bound by contractual safeguards.
- Legal: to comply with a lawful request or protect rights, safety, or property.
- Business transfers: in connection with a merger, acquisition, or asset sale.
6. Data retention
We retain personal data for as long as necessary to provide services, meet legal obligations, resolve disputes, and enforce agreements. Course artifacts and certificates may be retained for verification.
7. Your rights
Depending on your location, you may request access, correction, deletion, or portability of your personal data, and object to or restrict certain processing. To exercise rights, contact [email protected].
8. International transfers
Your data may be stored and processed in countries other than your own. Where required, we implement appropriate safeguards such as standard contractual clauses.
9. Security
We use administrative, technical, and physical safeguards to protect personal data. No method of transmission or storage is fully secure; we cannot guarantee absolute security.
10. Children’s privacy
Our services are not directed to children under 16. We do not knowingly collect data from children under 16. If you believe a child has provided data, contact us to delete it.
11. Changes to this policy
We may update this Policy to reflect changes in practices or legal requirements. We will post the updated version with a new effective date.
12. Contact
Questions? Email [email protected] or call +1 (415) 555-0137.