Privacy Policy
This Privacy Policy explains how Sapienta Digital LLC, doing business as "Craftilla" ("Company," "we," "us," or "our") collects, uses, shares, and protects personal data when you visit our website (craftilla.com), purchase our digital products, or interact with our services hosted on Systeme.io.
We are committed to protecting your personal data in compliance with applicable privacy laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR, and applicable United States data-protection laws.
1. Who We Are (Data Controller)
The data controller responsible for your personal data is:
Sapienta Digital LLC (dba Craftilla) — a limited liability company registered in Delaware, USA, operated and administered from Hungary (European Union).
Mailing address: 1000 Brickell Ave, Ste 715 PMB 1742, Miami, FL 33131, United States
Contact: support [at] craftilla.com
2. Information We Collect
We collect the following categories of personal data, either directly from you or automatically through your use of our platform:
- Identity & Contact Data: First name, last name, email address, phone number, and account login credentials.
- Financial & Billing Data: Billing address and country of residence (for tax/VAT purposes). All payment-card details are collected and processed directly by Stripe; we do not collect or store your full card number.
- Transaction Data: Details of payments and of the products or courses you have purchased.
- Technical Data: IP address, browser type and version, time zone and approximate location, device information, operating system, and platform data.
- Usage & Profile Data: How you use our website, products, and portals, including course progress, video completion, preferences, feedback, and survey responses.
- Marketing & Communications Data: Your marketing preferences and communication choices.
3. Legal Bases for Processing
Where the GDPR or UK GDPR applies, we rely on the following lawful bases:
- Contractual Necessity: To fulfil our contract with you — granting access to purchased courses, processing payment, providing support.
- Legitimate Interest: For our legitimate business interests — understanding how customers use our products to improve them, securing our systems, and preventing fraud — provided these interests do not override your fundamental rights. Where we rely on legitimate interest for direct marketing, you may object at any time.
- Consent: Where we rely on your explicit consent — for example, setting non-essential cookies and analytics/advertising trackers, or sending certain marketing communications. You may withdraw consent at any time, without affecting processing already carried out.
- Legal Obligation: To comply with legal and regulatory obligations, such as retaining transaction records for tax and VAT purposes.
4. Cookies, Analytics, Advertising & Profiling
We use cookies and similar technologies. Non-essential cookies and trackers — including analytics and advertising tools — are set only where you have given consent through our cookie-consent banner, in line with applicable law. You can change or withdraw your cookie choices at any time via the cookie settings on our website.
The trackers we may use, subject to your consent, include:
- Meta Pixel & Meta Conversions API (CAPI): To measure the effectiveness of our Meta (Facebook/Instagram) ad campaigns. The Pixel tracks browser-side events; the Conversions API sends server-side purchase and interaction events to Meta. This lets us optimize ad delivery, build "lookalike" audiences, and retarget visitors who have not completed a purchase. You can manage Meta advertising preferences in your Facebook/Instagram account settings.
- Other Analytics Tools (e.g., Google Analytics, Microsoft Clarity, HotJar, or similar): To analyze browsing behavior, heatmaps, and session recordings to improve our website.
Some of this involves automated processing or profiling to tailor the marketing you see. This profiling does not produce legal or similarly significant effects on you. You have the right to object to processing for direct marketing, including profiling related to direct marketing (see Section 9).
5. How We Use Data
We use your personal data to:
- Create and manage your account.
- Deliver the digital products, courses, and resources you purchase.
- Process payments, calculate applicable taxes (including VAT), and handle refunds or chargeback disputes.
- Provide customer support and respond to inquiries.
- Send transactional emails (receipts, login links, password resets).
- Send marketing communications where you have consented or where lawfully permitted (you may opt out at any time).
- Improve user experience, website functionality, and content.
- Maintain security, troubleshoot issues, and prevent fraud.
6. Third-Party Service Providers (Sub-Processors)
We share data with trusted providers who help us operate, each acting under appropriate data-protection terms:
- Systeme.io — hosting of the website, sales funnels, course delivery, and email marketing.
- Stripe — secure payment processing.
- Meta Platforms, Inc. — advertising and conversion tracking (subject to your consent).
- Analytics providers (e.g., Google, Microsoft Clarity, HotJar) — website analytics (subject to your consent).
- Accounting, tax, and legal professionals — for compliance and advice.
We require all such parties to protect your data and process it only as instructed. We do not sell your personal data.
7. International Data Transfers
We operate from the EU, while some of our service providers (for example, Stripe and Meta) are based in, or transfer data to, the United States and other countries. Where personal data is transferred outside the EEA or UK to a country without an adequacy decision, we rely on appropriate safeguards — typically the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and/or providers' certification under recognized frameworks such as the EU–US Data Privacy Framework. You may request more information about these safeguards using the contact details in Section 12.
8. Data Retention
We keep personal data only as long as necessary for the purposes we collected it:
- Account Data: While your account is active, and a reasonable period afterward.
- Financial & Transaction Data: Up to 10 years, to comply with tax and VAT accounting requirements.
- Marketing Data: Until you withdraw consent or unsubscribe.
- Cookie/Analytics Data: For the retention period of the relevant tool, or until you withdraw consent.
When data is no longer needed, we delete or anonymize it.
9. Your Privacy Rights
Depending on where you live (e.g., under the GDPR, UK GDPR, CCPA/CPRA, or other laws), you may have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate or incomplete data.
- Erasure — request deletion of your data where there is no overriding reason to keep it (subject to legal retention requirements).
- Restriction — ask us to limit processing in certain cases.
- Portability — receive your data in a structured, machine-readable format, or have it transferred.
- Object — object to processing based on legitimate interest, and to direct marketing at any time.
- Withdraw consent — at any time, where processing is based on consent.
- Not be subject to solely automated decisions producing legal or similarly significant effects (we do not carry out such decision-making).
To exercise any of these rights, contact us at support [at] craftilla.com. We may ask for information to verify your identity. We respond within the timeframe required by applicable law (under the GDPR, normally within one month).
Right to complain: If you are in the EU or UK and believe we have not handled your data lawfully, you have the right to lodge a complaint with your local data-protection supervisory authority. If your lead supervisory authority is the Hungarian NAIH, its contact details are: Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH), Budapest — https://naih.hu. You may also contact the authority in your own EU country of residence. UK residents may complain to the Information Commissioner's Office (ICO) at https://ico.org.uk.
10. Data Security
We use reasonable technical and organizational safeguards to protect your data, including SSL encryption on our website and reliance on PCI-DSS-compliant payment processing (Stripe) and secure hosting (Systeme.io). However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
11. Children's Privacy
Our products are not intended for children under 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we learn that we have collected such data without appropriate consent, we will delete it promptly.
12. Changes to This Policy & Contact
We may update this Policy to reflect changes in our practices or legal requirements. Updates are posted here with a revised "Last updated" date; for material changes affecting your rights we will take reasonable steps to notify you.
For any questions, concerns, or requests regarding this Policy or our data practices:
Sapienta Digital LLC (dba Craftilla)
Email: support [at] craftilla.com
Mailing address: 1000 Brickell Ave, Ste 715 PMB 1742, Miami, FL 33131, United States
EU VAT: EU348034273