This Privacy Policy describes the policies and procedures of the Mindful Crafters Institute (“MCI”, “Mindful Crafters”, the “Institute”, “we”, “our” or “us”) on the collection, use, and disclosure of your information on [www.mindfulcrafters.com] (the “Site”) and the services, classes, features, or content we offer (together with the Site, the “Services”).
We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and share information about you, and what rights you have under applicable data protection laws.
This Privacy Policy covers MCI’s processing of personal data that is collected when you access and use the Services.
Personal Data means any information that can be used to identify you.
Processing includes actions such as collection, use, storage, transfer, and disclosure.
This policy also explains how we work with service providers such as Podia Labs, Inc. (our course and website platform provider) and Stripe, Inc. (our payment processor).
This Privacy Policy does not apply to third-party services, websites, or applications that MCI does not own or control. We encourage you to review the privacy policies of any third parties you access.
For purposes of the GDPR and other applicable laws:
Controller: Mindful Crafters Institute (MCI)
Processors: Podia Labs, Inc. (website hosting and platform), Stripe, Inc. (payment processing), and other listed service providers.
If you have any questions about this Privacy Policy or how we handle your data, please contact us at:
📩 Email: [your contact email]
📍 Address: [your business address in Germany]
We collect personal data about you when you provide it directly to us, when it is collected automatically as you use our Services, or when it is provided by third parties.
Information you provide directly:
First and last name
Email address
Billing address or country of residence
Payment information (via Stripe; not stored by MCI)
Information collected automatically:
IP address and device identifiers
Browser type and version
Page view statistics, browsing history, and usage patterns
Transaction information (e.g., amount, date, time)
Cookies and similar technologies (see section on Cookies below)
Information from third parties:
Social media logins (if you use them to register or share content)
Advertising and analytics partners (about how you use our Site and Services)
Our Services use cookies and related technologies to improve your experience, analyze usage, and support marketing.
We use the following types of cookies:
Essential Cookies: required for core site functionality (e.g., login, security, payments).
Functional Cookies: remember your settings and preferences.
Analytics Cookies: help us understand how visitors use our Services (e.g., Google Analytics).
Marketing Cookies: used by us and partners to deliver relevant advertising and measure campaigns.
You can manage your cookie preferences via your browser settings or through our cookie banner. For more on cookies, see our Cookie Policy [link to Cookie Policy page].
We use personal data to:
Provide and improve the Services
Communicate with you about updates, offers, or support
Process payments and manage transactions
Personalize content and recommendations
Protect against fraud and misuse
Comply with legal obligations
Lawful bases for processing (GDPR):
Contractual necessity (e.g., to deliver classes you purchased)
Legitimate interests (e.g., fraud prevention, analytics, marketing)
Consent (e.g., sending newsletters, placing non-essential cookies)
Legal obligations (e.g., tax compliance)
We share personal data with trusted service providers that help us deliver our Services:
Stripe (payment processing)
Podia (website platform and hosting)
Analytics providers (e.g., Google Analytics)
Marketing service providers (e.g., email platforms, ad partners)
We also share data when required by law, to protect against fraud, or if we sell or transfer our business.
We do not sell your personal data.
Because our platform (Podia) and processors (including Stripe) are based in the United States, your personal data may be transferred outside the EU/EEA. These transfers are safeguarded by Standard Contractual Clauses (SCCs) and other GDPR-approved mechanisms.
We retain personal data for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, or enforce agreements. Afterwards, we may retain non-identifiable aggregated data.
We use appropriate technical and organizational measures to protect your personal data. However, no system is 100% secure. We encourage you to use strong passwords and secure your devices.
Our Services are not directed to individuals under the age of 16, and we do not knowingly collect data from children. If we learn we have collected such data, we will delete it promptly.
You have the right to:
Access your personal data
Correct inaccurate data
Request erasure (“right to be forgotten”)
Withdraw consent at any time
Object to processing for marketing
Restrict processing in certain circumstances
Request data portability
Lodge a complaint with your local supervisory authority
To exercise your rights, contact us at [your contact email].
We may update this Privacy Policy from time to time. Updates will be posted on this page and, where appropriate, communicated by email. Continued use of the Services after updates constitutes acceptance of the revised policy