Privacy Policy

PRIVACY POLICY

Effective Date: December 26, 2025

Last Updated: December 26, 2025

1. INTRODUCTION

Women Wired To Win and Susan Norman Online ("Company," "we," "us," or "our") are committed to protecting your privacy and handling your personal information responsibly.

This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you access our website, purchase our products, enroll in programs, or interact with our services. By using our services, you agree to the practices described in this Privacy Policy.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

We collect information that you provide directly to us, including:

  • Personal Identifiers: Name, email address, phone number, billing address, and shipping address
  • Account Information: Username, password, account preferences, and profile information
  • Payment Information: Payment details are collected and processed by third-party payment processors (Stripe, PayPal, etc.). We may receive billing contact information, transaction metadata (last 4 digits of card, transaction ID, timestamps), and payment status, but we do not directly collect or store complete credit card numbers
  • Communications: Emails, messages, support inquiries, form submissions, and survey responses
  • User Content: Comments, testimonials, posts, feedback, community interactions, and other content you submit

2.2 Information Collected Automatically

When you access our services, we automatically collect certain technical information:

  • Device Information: IP address, browser type and version, operating system, device type, and unique device identifiers
  • Usage Data: Pages visited, time spent on pages, links clicked, referring/exit pages, and browsing patterns
  • Location Data: General geographic location based on IP address
  • Cookies and Tracking Technologies: Information collected through cookies, web beacons, pixels, and similar technologies (see Section 7)

2.3 Information from Third Parties

We may receive limited information about you from third-party sources, including payment processors (transaction confirmation data), social media platforms (if you choose to connect your account), and advertising platforms (for campaign attribution).

3. LEGAL BASIS FOR PROCESSING (GDPR)

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal information based on the following legal grounds:

  • Contractual Necessity: Processing necessary to perform our contract with you (e.g., delivering products and services you purchased)
  • Consent: Where you have given explicit consent (e.g., marketing communications, optional cookies)
  • Legitimate Interests: Where necessary for our legitimate business interests (e.g., fraud prevention, service improvement, analytics) that do not override your rights
  • Legal Obligations: Where required to comply with legal or regulatory requirements

4. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

4.1 Service Delivery and Operations

  • Process and fulfill orders, enrollments, and purchases
  • Provide access to digital products, courses, and community platforms
  • Process payments and manage billing
  • Create and maintain your account
  • Provide customer support and respond to inquiries

4.2 Communications

  • Send transactional emails (order confirmations, account updates, password resets)
  • Send service announcements and important updates
  • Send marketing communications, newsletters, and promotional offers (with your consent or where permitted by law)

4.3 Improvement and Analytics

  • Analyze usage patterns and user behavior to improve our services
  • Conduct research and analytics to enhance user experience
  • Test new features and functionality
  • Personalize content and recommendations

4.4 Legal and Security

  • Comply with legal obligations, regulations, and valid legal requests
  • Prevent fraud, unauthorized access, and security threats
  • Enforce our Terms & Conditions and protect our legal rights
  • Investigate and resolve disputes

5. HOW WE SHARE YOUR INFORMATION

We do not sell or rent your personal information to third parties.

We may share your information in the following circumstances:

5.1 Service Providers

We share information with trusted third-party service providers who perform services on our behalf, including:

  • Payment processors (Stripe, PayPal, etc.)
  • Email marketing platforms (Mailchimp, ConvertKit, ActiveCampaign, etc.)
  • Customer relationship management (CRM) systems (GoHighLevel, etc.)
  • Cloud hosting and storage providers (AWS, Google Cloud, etc.)
  • Analytics providers (Google Analytics, Facebook Analytics, etc.)
  • Customer support platforms

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of the business transaction. We will notify you of any such change in ownership or control of your personal information.

5.3 Legal Requirements

We may disclose your information when required by law, legal process, litigation, or government request, or when we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect and defend our rights and property
  • Prevent or investigate possible wrongdoing
  • Protect the safety of our users or the public

5.4 With Your Consent

We may share your information for other purposes with your explicit consent or at your direction.

6. DATA RETENTION

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Specific Retention Periods:

  • Active Accounts: Information retained while your account remains active and for a reasonable period thereafter to provide continued service
  • Inactive Accounts: We may retain or delete accounts inactive for 3 years depending on business and legal requirements
  • Transaction Records: Financial and tax records retained for 7 years in accordance with legal requirements
  • Marketing Communications: Retained until you unsubscribe or withdraw consent
  • Legal Claims: Information retained longer if necessary to establish, exercise, or defend legal claims

When we no longer need your information, we will securely delete or anonymize it in accordance with applicable law.

7. COOKIES AND TRACKING TECHNOLOGIES

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your interactions with our services.

7.1 Types of Cookies We Use

  • Essential Cookies: Necessary for the website to function properly (e.g., authentication, security) and cannot be disabled through our cookie consent tools. Blocking them through your browser may impact site functionality. These do not require consent under applicable law.
  • Performance/Analytics Cookies: Help us understand how visitors use our site (e.g., Google Analytics, Facebook Pixel) to improve performance. For EU/UK users, these require your consent, which we obtain through our cookie consent banner.
  • Functionality Cookies: Remember your preferences and settings to enhance your experience. These may require consent depending on your location.
  • Marketing/Advertising Cookies: Used to deliver relevant advertisements and track campaign effectiveness. These require your consent, which we obtain before setting these cookies.

7.2 Third-Party Tracking

We use third-party analytics and advertising services that may collect information about your online activities across different websites and services:

  • Google Analytics
  • Facebook Pixel and Meta advertising tools
  • Other advertising networks and marketing platforms

7.3 Your Cookie Choices

You can control cookies through your browser settings. Most browsers allow you to:

  • View and delete cookies
  • Block third-party cookies
  • Block all cookies (may limit website functionality)
  • Delete cookies when you close your browser

For more information about cookies and how to manage them, visit www.allaboutcookies.org.

Do Not Track: Some browsers have a Do Not Track feature. Our website does not currently respond to Do Not Track signals.

8. DATA SECURITY

We implement reasonable administrative, technical, and physical security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

  • Encryption: Data encrypted in transit using SSL/TLS and at rest using industry-standard encryption
  • Access Controls: Limited access to personal information restricted to authorized personnel who need it to perform their job functions
  • Secure Servers: Data stored on secure servers with firewall protection and intrusion detection
  • Regular Security Audits: Periodic security assessments and vulnerability testing
  • Employee Training: Staff trained on data protection and security best practices

However, no system is completely secure. While we strive to protect your information, we cannot guarantee absolute security. You use our services at your own risk and are responsible for maintaining the confidentiality of your account credentials.

9. INTERNATIONAL DATA TRANSFERS

We are based in the United States, and your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

If you are located in the European Economic Area (EEA), United Kingdom, Switzerland, or other regions with data protection laws, please note that we transfer personal information to countries that may not provide the same level of data protection as your jurisdiction.

When we transfer information internationally, we implement appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA
  • Data Processing Agreements with all service providers that process personal information
  • Adequacy decisions where available (e.g., transfers to countries deemed adequate by the European Commission)
  • Other legally approved transfer mechanisms as required by applicable law

10. YOUR PRIVACY RIGHTS

Depending on your location, you may have certain rights regarding your personal information:

10.1 General Rights (All Users)

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information, subject to certain exceptions
  • Opt-Out of Marketing: Unsubscribe from marketing emails at any time using the unsubscribe link in our emails or by contacting us

10.2 Additional Rights for EEA/UK Users (GDPR)

  • Data Portability: Receive your personal information in a structured, commonly used format and transmit it to another controller
  • Restriction of Processing: Request restriction of processing under certain circumstances
  • Object to Processing: Object to processing based on legitimate interests or for direct marketing purposes
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Lodge a Complaint: File a complaint with your local data protection authority

10.3 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request information about the categories and specific pieces of personal information we have collected, the sources, purposes, and third parties we share it with
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions
  • Right to Opt-Out of Sale: We do not sell personal information. If our practices change, we will update this policy and provide an opt-out mechanism
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit Use of Sensitive Information: We do not use or disclose sensitive personal information beyond what is necessary to provide our services
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

10.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: [email protected]

Subject Line: "Privacy Rights Request"

We will respond to your request within 30 days for GDPR requests and 45 days for CCPA requests. We may request additional information to verify your identity before processing your request.

You may designate an authorized agent to make requests on your behalf. The authorized agent must provide proof of authorization.

11. CALIFORNIA-SPECIFIC DISCLOSURES

11.1 Categories of Information Collected

In the past 12 months, we have collected the following categories of personal information:

  • Identifiers (name, email, IP address, device ID)
  • Commercial information (purchase history, billing address)
  • Internet/electronic activity (browsing history, usage data)
  • Geolocation data (general location from IP)
  • Inferences (preferences, characteristics)

11.2 Sources of Information

  • Directly from you (account creation, purchases, communications)
  • Automatically through your use of our services
  • Limited information from third-party service providers (e.g., payment processors, advertising platforms)

11.3 Business Purposes for Collection

  • Providing and improving our services
  • Processing transactions and payments
  • Customer support and communications
  • Marketing and analytics
  • Security and fraud prevention

11.4 Third Parties We Share With

  • Payment processors and financial institutions
  • Email and marketing service providers
  • Cloud hosting and technology service providers
  • Analytics and advertising partners
  • Professional advisors (lawyers, accountants)

11.5 Sale and Sharing of Personal Information

Sale: We do not sell personal information and have not sold personal information in the past 12 months.

Sharing for Cross-Context Behavioral Advertising: We share certain personal information (such as identifiers, internet activity, and inferences) with advertising partners and analytics platforms (including Facebook Pixel, Google Analytics, and other advertising networks) for purposes that may constitute 'sharing' under CPRA.

Your Right to Opt-Out: California residents have the right to opt out of the sharing of personal information for cross-context behavioral advertising. To exercise this right, you may: (1) contact us at [email protected] with the subject line 'Do Not Share My Personal Information,' or (2) adjust your browser cookie settings to block third-party advertising cookies. We will process your opt-out request as required by applicable law.

11.6 Shine the Light Law

California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, contact us at [email protected].

12. CHILDREN'S PRIVACY

Our services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13.

If we become aware that we have collected personal information from a child under 13 without verified parental consent, we will take steps to delete that information as quickly as possible.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected] so we can delete the information.

13. DATA BREACH NOTIFICATION

In the event of a data breach that compromises your personal information, we will notify affected users and relevant authorities as required by applicable law.

Notification will be provided without undue delay and in accordance with legal requirements. For users in the European Economic Area, notification to supervisory authorities will be made within 72 hours where feasible as required by GDPR. The notification will include:

  • Description of the breach and types of data affected
  • Likely consequences of the breach
  • Measures taken to address the breach
  • Steps you can take to protect yourself

14. THIRD-PARTY SERVICES AND LINKS

Our services may contain links to third-party websites, applications, or services that are not owned or controlled by us. This Privacy Policy applies only to our services.

We are not responsible for the privacy practices or content of third-party services. When you click on a third-party link or interact with a third-party service, you are subject to that party's privacy policy and terms.

We encourage you to review the privacy policies of any third-party services you visit or use.

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

  • Update the Effective Date and Last Updated date at the top of this policy
  • Notify you via email or prominent notice on our website
  • Where required by law, obtain your consent to the changes

Your continued use of our services after the updated Privacy Policy becomes effective constitutes your acceptance of the changes. If you do not agree to the updated policy, please discontinue use of our services.

16. CONTACT INFORMATION

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Women Wired To Win / Susan Norman Online

Email: [email protected]

Website: https://susannormanonline.com

Response Time: We will respond to all privacy inquiries within 30 days.

17. ADDITIONAL INFORMATION FOR SPECIFIC JURISDICTIONS

17.1 European Economic Area (EEA) Users

If you are located in the EEA, you have the right to lodge a complaint with your local supervisory authority if you believe we have violated your privacy rights.

Data Controller: Women Wired To Win and Susan Norman Online

17.2 Nevada Residents

Nevada residents have the right to opt out of the sale of certain personal information. We do not sell personal information as defined under Nevada law. If you have questions, contact us at [email protected].

17.3 Other U.S. State Privacy Laws

Residents of certain U.S. states (including Virginia, Colorado, Connecticut, and Utah) have specific privacy rights. If these laws apply to you, please contact us to exercise your rights.

---

By using our services, you acknowledge that you have read and understood this Privacy Policy.