Privacy Policy

Who We Are

Website: https://textile.org. Legal entity: Textile.org operated by Arachne Labs LLC. Contact: Topher Anderson, [email protected]. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our site, courses, communities, and related services.

Scope

This policy applies to textile.org and subpages, course portals, newsletters, and customer support channels. By using our services you agree to the practices described here.

Information We Collect

  • Account and profile data: name, display name, email, password, role, organization, job title, country, preferences.
  • Transactions: purchased products or courses, billing address, last four digits of card, payment status. Full payment details are processed by third-party processors such as Stripe or PayPal and are not stored on our servers.
  • Learning activity: course enrollments, progress, quiz results, assignments, certificates, forum posts, messages, uploaded files.
  • Communications: emails, chat messages, support tickets, survey responses, marketing preferences.
  • Device and usage: IP address, device identifiers, browser type, operating system, pages viewed, links clicked, session time, referring URLs, approximate location derived from IP.
  • Cookies and similar technologies: identifiers that remember your session, preferences, authentication, analytics, and marketing choices.
  • User content: designs, comments, media, and other materials you post or submit.
  • From third parties: if you connect accounts or follow referral links, we may receive identifiers or profile data from platforms such as Google, LinkedIn, GitHub, or email providers.
  • Sensitive data: we do not seek to collect sensitive personal information. Do not submit health, government ID, or financial account numbers to our platform.

How We Use Information

  • Provide and improve services: operate the site, deliver courses, track progress, issue certificates, and improve content quality.
  • Account management: authenticate users, prevent fraud, enforce terms, and provide customer support.
  • Payments and fulfillment: process orders, subscriptions, and renewals, and deliver digital or physical goods.
  • Analytics: understand usage, diagnose issues, and guide product decisions using tools such as Google Analytics or privacy-centric alternatives.
  • Marketing: send updates, newsletters, offers, and event invitations in line with your preferences. You can unsubscribe at any time.
  • Legal compliance: comply with tax, accounting, and regulatory obligations, and respond to lawful requests.
  • Security: protect against malicious activity, abuse, and violations of our policies.

Lawful Bases for EEA/UK Users

  • Contract: to provide the services you request, including courses and purchases.
  • Legitimate interests: to secure our services, understand usage, and improve content. We balance these interests against your rights.
  • Consent: for optional cookies, marketing emails, and integrations that are not strictly necessary.
  • Legal obligation: to keep records and respond to lawful authorities.

Payments

We use third-party processors such as Stripe and PayPal. Your payment data is submitted directly to those providers and is handled under their policies: stripe.com/privacy, paypal.com/privacy. We receive limited metadata to confirm payment and fulfill orders.

Cookies

  • Essential: required for login, security, and core features.
  • Preferences: remember settings such as language and display options.
  • Analytics: measure traffic and performance. Examples include Google Analytics 4. See policies.google.com/privacy and tools.google.com/dlpage/gaoptout.
  • Marketing: personalize communications and measure campaign performance. We do not serve interest-based ads to children.

Your browser may allow you to block or delete cookies. Some features may not work without essential cookies.

Embedded Content and Links

Pages may include embedded videos, images, code snippets, or widgets. Embedded content from other websites behaves as if you visited those sites. Those sites may collect data, set cookies, or track your interaction in line with their policies.

Community Features

Forums, comments, and messaging are public or semi-public spaces. Information you post can be read, collected, and used by others. User avatars may be checked against the Gravatar service. See automattic.com/privacy.

AI and Educational Content

We may use AI tools to support learning and moderation. Coursework and designs may be reviewed by instructors or automated systems for grading, plagiarism checks, or safety review.

Sharing of Information

  • Service providers: hosting, learning management, analytics, payment, email, customer support, and security vendors. Examples may include WordPress plugins such as WooCommerce or an LMS, hosting providers, Cloudflare, Stripe, PayPal, Brevo or Mailchimp, and help desk tools. These parties are bound by contracts and process data on our behalf.
  • Business partners: co-branded events, certifications, or internship programs, limited to what is needed for the activity.
  • Legal: to comply with law, enforce terms, or protect rights, safety, and property.
  • Corporate events: in connection with a merger, acquisition, or asset sale. We will notify you if required by law.

We do not sell personal information. We may share limited data for cross-context behavioral advertising only with your consent where required and with opt-out options as set out below.

International Transfers

Your information may be processed outside your country. Where required, we use appropriate safeguards such as Standard Contractual Clauses or other lawful mechanisms.

Data Retention

  • Account data is retained while your account is active and for a reasonable period after closure for recordkeeping and legal compliance.
  • Learning data such as grades and certificates may be retained for accreditation, proof of completion, and audit purposes.
  • Support tickets and communications are kept as needed to resolve issues and maintain service quality.
  • Logs and analytics are retained for security and operations for limited periods, typically up to 12 to 24 months, unless longer retention is required by law.

Your Rights

  • Access, correction, deletion: request a copy of your data, correct inaccuracies, or ask us to delete your personal data, subject to legal exceptions.
  • Restriction and objection: object to processing based on legitimate interests and request we limit processing in certain cases.
  • Portability: receive personal data you provided in a machine-readable format.
  • Marketing choices: unsubscribe using email links or contact us to adjust preferences.
  • Cookies: manage through your browser or device settings. Where required, we provide consent tools to set your choices.

Residents of California and certain other jurisdictions have additional rights described below. To exercise rights, email [email protected]. We may verify your identity before responding.

California Privacy Notice

  • Categories collected: identifiers, commercial information, internet activity, approximate geolocation, employment related information for applicants, and inferences from usage.
  • Sources: you, your devices, and service providers.
  • Business or commercial purposes: as described in “How We Use Information”.
  • Disclosure: we disclose categories listed above to service providers and partners as described in “Sharing of Information”.
  • Sale or sharing: we do not sell personal information. We may share limited data for cross-context advertising with consent where required. You can opt out by contacting us.
  • Rights: know, delete, correct, limit use of sensitive information, and opt out of sale or sharing. You have the right to non-discrimination for exercising these rights.

Children’s Privacy

Our services are not directed to children under 18. If you believe a child provided personal information, contact us to request deletion. For EEA, the age threshold follows local law.

Security

We use administrative, technical, and physical safeguards appropriate to the nature of the data. Measures include access controls, encryption in transit, and encryption at rest where supported. No method is perfectly secure. We monitor for incidents and will notify you of breaches as required by law.

Do Not Track

Some browsers transmit Do Not Track signals. Our services do not respond to these signals at this time. You can manage cookies and marketing preferences using the options described in this policy.

Data Requests and Authorized Agents

You may submit privacy requests by emailing [email protected]. Authorized agents must provide proof of authorization and we may require verification of the requestor’s identity.

Third-Party Services

  • Email and marketing: services such as Brevo or Mailchimp to send transactional and marketing emails. See their privacy policies for details.
  • Learning tools: learning management systems, quiz engines, and certification platforms may process student data to deliver course features.
  • Spam and abuse prevention: automated systems and moderation services help detect spam or misuse.

User Choices and Consent

  • You can update profile information in your account settings.
  • You can opt out of marketing emails by using the unsubscribe link or contacting us.
  • For cookies that are not strictly necessary, we will seek consent where required. You can withdraw consent at any time using your browser settings or our site tools if available.

Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. If changes are material, we will provide reasonable notice, for example by posting a prominent notice on the site or emailing registered users. Your continued use of the services after the effective date means you accept the updated policy.

Contact

For questions or requests, contact: Topher Anderson, [email protected].

Data Controller

For users in the EEA and UK, the data controller is Arachne Labs LLC, acting through Textile.org. We do not currently appoint a Data Protection Officer. You may contact your local data protection authority if you believe your rights have been infringed.

Effective Date

Effective October 4, 2025. Last updated October 4, 2025.

Note: This policy describes our current intended practices for a training website. It is not legal advice. Consider consulting counsel to tailor the policy to your exact stack, plugins, and data flows.