Legal

Privacy Policy

Last updated: March 1, 2026

This Privacy Policy explains how Sapienta Digital LLC, doing business as "Craftilla" ("Company," "we," "us," or "our"), located in the United States, collects, uses, shares, and protects personal data when you visit our website (craftilla.com), purchase our digital products, or interact with our services hosted on Systeme.io.

We respect your privacy and are committed to protecting your personal data in compliance with applicable global privacy laws, including the General Data Protection Regulation (GDPR) and United States data protection regulations.

1. Information We Collect

To provide our educational products and run our business effectively, we collect several categories of personal data, either directly from you or automatically through your use of our platform:

  • Identity & Contact Data: First name, last name, email address, phone number, and account login credentials.
  • Financial & Billing Data: Billing address, country of residence (for EU VAT/tax calculation purposes). Note: All payment card details are collected and processed directly by our payment processor, Stripe. We do not collect or store your full credit card number.
  • Transaction Data: Details about payments to and from you, and other details of the digital products or courses you have purchased from us.
  • Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system, device information, and platform data.
  • Usage & Profile Data: Information about how you use our website, products, and Systeme.io portals, including course progress, video completion rates, preferences, feedback, and survey responses.
  • Marketing & Communications Data: Your preferences in receiving marketing from us and your communication preferences.

2. Legal Basis for Processing

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we process your personal data under the following lawful bases:

  • Contractual Necessity: Processing is necessary to fulfill our contract with you (e.g., granting access to purchased digital courses on Systeme.io, processing your payment).
  • Legitimate Interest: Processing is necessary for our legitimate business interests (e.g., studying how customers use our products to develop them, securing our network, preventing fraud, and conducting direct marketing), provided these interests do not override your fundamental rights.
  • User Consent: Where we rely on your explicit consent to process your data, such as for dropping non-essential cookies or sending third-party marketing communications. You have the right to withdraw consent at any time.
  • Legal Obligations: Processing is necessary to comply with a legal or regulatory obligation (e.g., retaining transaction records to comply with US IRS and EU VAT taxation laws using our EU VAT number: EU348034273).

3. How We Use Data

We use your personal data to:

  • Create and manage your user account on our platform (hosted via Systeme.io).
  • Deliver the digital products, courses, and resources you purchased.
  • Process payments, calculate applicable taxes (including EU VAT), and handle refunds or chargeback disputes.
  • Provide customer support and respond to inquiries.
  • Send transactional emails (e.g., purchase receipts, login links, password resets).
  • Send marketing communications, newsletters, and promotional offers (only if you have consented or where legally permitted; you may opt-out at any time).
  • Improve user experience, website functionality, and content offerings.
  • Maintain platform security, troubleshoot technical issues, and prevent fraudulent transactions.

4. Analytics, Advertising & Profiling

We use advanced analytics and advertising technologies to understand our audience and deliver highly relevant content and advertisements.

  • Meta Pixel & Meta Conversions API (CAPI): We utilize Meta's tracking technologies to measure the effectiveness of our Meta (Facebook/Instagram) ad campaigns. The Meta Pixel tracks browser-side events, while the Meta Conversions API sends server-side purchase and interaction events directly to Meta. This allows us to optimize our ad delivery, build "Lookalike" audiences, and retarget users who have interacted with our site but have not completed a purchase.
  • Other Tracking Technologies: We may also utilize tools such as Google Analytics, Microsoft Clarity, HotJar, or similar technologies to analyze browsing behavior, heatmaps, and session recordings to improve website conversion rates.

These tools may collect information including device data, IP address, and specific browsing behaviors (such as pages visited, buttons clicked, and checkout flow progression). In certain cases, this involves automated processing or profiling to tailor the marketing you see. You can manage your preferences for Meta advertising directly within your Facebook/Instagram account settings.

5. Third-Party Service Providers (Sub-Processors)

We share your data with trusted third parties who assist us in operating our business:

  • Systeme.io: Our primary hosting platform for the website, sales funnels, course delivery, and email marketing.
  • Stripe: Our secure payment gateway.
  • Meta Platforms, Inc.: For advertising and conversion tracking.
  • Accounting and Legal Professionals: For compliance, tax calculation, and legal counsel.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not sell your personal data to data brokers.

6. International Data Transfers

Sapienta Digital LLC is headquartered in the United States. Your data may be processed or transferred to the US or other jurisdictions outside your country of residence, including jurisdictions that may have different data protection standards than the EEA or UK.

By using our services, you acknowledge and consent that such transfers occur. Where required by applicable law, we ensure your data is protected by utilizing approved transfer mechanisms, such as Standard Contractual Clauses (SCCs) or relying on the data processors' adherence to international data privacy frameworks.

7. Email Marketing & Communications

If you subscribe to our mailing list or purchase a product, we may send you marketing communications regarding new hobby courses, big idea releases, and promotions. We comply with the CAN-SPAM Act and applicable international spam laws.

You may unsubscribe from our marketing emails at any time by clicking the "Unsubscribe" link provided at the bottom of every promotional email. Please note that opting out of marketing emails does not opt you out of receiving essential transactional emails (e.g., purchase receipts or password resets).

8. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for. Specifically:

  • Account Data: Retained as long as your account is active.
  • Financial & Transaction Data: Retained for up to 10 years to comply with US corporate tax laws and international/EU VAT accounting requirements.
  • Marketing Data: Retained until you withdraw your consent or unsubscribe.

9. Your Privacy Rights

Depending on your geographical location (e.g., under the GDPR, CCPA/CPRA, or other state/national laws), you may have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Correction: Request correction of incomplete or inaccurate data.
  • Right to Deletion (Right to be Forgotten): Request the deletion of your personal data when there is no good reason for us to continue processing it (subject to legal retention requirements).
  • Right to Restrict Processing: Ask us to suspend the processing of your data in certain scenarios.
  • Right to Data Portability: Request the transfer of your data to you or a third party in a structured, machine-readable format.
  • Right to Object: Object to processing where we are relying on a legitimate interest or for direct marketing purposes.

To exercise any of these rights, please contact us at support [at] craftilla.com. We may need to request specific information from you to help us confirm your identity before fulfilling your request.

10. Data Security

We have implemented reasonable technical and organizational safeguards to prevent your personal data from being accidentally lost, used, accessed in an unauthorized way, altered, or disclosed. This includes utilizing SSL encryption on our website and relying on PCI-DSS compliant payment processors (Stripe) and secure hosting environments (Systeme.io). However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

11. Children's Privacy

Our website and digital products are not intended for children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without verifiable parental consent, we will take steps to remove that information from our servers immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. Updates will be posted on this page, and the "Last updated" date at the top will be revised. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Company: Sapienta Digital LLC (dba Craftilla)
Address: 1000 Brickell Ave, Ste 715 PMB 1742, Miami, FL 33131, United States
Email: support [at] craftilla.com
EIN: 37-2064472
EU VAT: EU348034273