Privacy Policy

Last Updated: January 2025

1. Introduction

WayOfThe.Art ("we," "our," or "us"), operated by Firdaus Aris Digital Solutions (F.A.D.S), is committed to protecting your privacy and the privacy of your students. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our martial arts management platform at wayofthe.art and its related services.

2. Information We Collect

2.1 Account Information

• School Administrator Data: Name, email address, phone number, school name, location
• Instructor Data: Name, email, contact information, qualifications, assigned classes
• Student Data: Name, date of birth, contact information, emergency contacts, medical information (if provided)
• Parent/Guardian Data: Name, email, phone number, relationship to student

2.2 Usage Data

• Class attendance records and schedules
• Belt progression and grading history
• Payment and subscription information
• Platform usage analytics and activity logs
• Technical data: IP address, browser type, device information, access times

2.3 Communications

• Messages sent through our platform
• Support requests and correspondence
• Feedback and survey responses

3. How We Use Your Information

We use the collected information to:

• Provide and maintain the WayOfThe.Art service
• Manage student enrollment, attendance, and progression
• Process payments and manage subscriptions
• Facilitate communication between schools, instructors, students, and parents
• Send service-related notifications and updates
• Generate analytics and reports for school administrators
• Improve our platform and develop new features
• Comply with legal obligations and protect against fraud
• Respond to support requests and customer service inquiries

4. Information Sharing and Disclosure

We do not sell or rent your personal information. We may share information in the following circumstances:

• Within Your School: Data is shared with authorized instructors and administrators within your martial arts school
• Parents/Guardians: Student information is accessible to authorized parents/guardians
• Service Providers: Trusted third-party vendors who assist in operating our platform (payment processors, hosting providers, email services)
• Legal Requirements: When required by law, court order, or government regulation
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you explicitly authorize information sharing

5. Children's Privacy (COPPA Compliance)

We take children's privacy seriously and comply with the Children's Online Privacy Protection Act (COPPA).

• Parental Consent: We require verifiable parental consent before collecting information from children under 13
• Limited Collection: We only collect information necessary for platform functionality
• Parental Rights: Parents can review, modify, or delete their child's information at any time
• No Marketing: We do not use children's information for marketing purposes
• No Third-Party Advertising: We do not share children's information with third parties for advertising

6. Payment Information

Payment transactions are processed through secure third-party payment processors (Stripe, Curlec). We do not store complete credit card information on our servers. Payment data is encrypted and handled in accordance with Payment Card Industry Data Security Standards (PCI DSS).

7. Data Security

We implement industry-standard security measures to protect your information:

• SSL/HTTPS encryption for all data transmission
• Secure cloud infrastructure with regular security audits
• Role-based access controls and authentication
• Regular data backups and disaster recovery procedures
• Employee training on data protection and privacy
• Monitoring for suspicious activity and security threats

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Data Retention

We retain your information for as long as your account is active or as needed to provide services.

• Active Accounts: Data is retained while your account remains active
• After Account Deletion: Most data is deleted within 90 days, except for data we must retain for legal or compliance purposes
• Financial Records: Payment and subscription records are retained for 7 years for tax and accounting purposes
• Backups: Data in backups may persist for up to 90 days after deletion

9. Your Privacy Rights

Depending on your location, you have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (right to be forgotten)
• Data Portability: Request transfer of your data in a machine-readable format
• Objection: Object to our processing of your personal information
• Restriction: Request restriction of processing your data
• Withdrawal of Consent: Withdraw consent for data processing where applicable

To exercise these rights, contact us at firdaus@fads.com.my

10. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), we comply with GDPR requirements:

• We process data based on legitimate interests, consent, or contractual necessity
• You have the right to lodge a complaint with your local data protection authority
• We have appointed a data protection contact for GDPR inquiries
• Data transfers outside the EEA are protected by appropriate safeguards

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance user experience and analyze platform usage:

• Essential Cookies: Required for platform functionality (login sessions, security)
• Analytics Cookies: Help us understand how users interact with our platform
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Note that disabling certain cookies may affect platform functionality.

12. Third-Party Links and Integrations

Our platform may contain links to third-party websites or integrate with external services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

13. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated "Last Updated" date and by sending an email notification. Your continued use of our service after changes constitutes acceptance of the updated policy.

15. Contact Us