Privacy Policy

1. Introduction

Welcome to the Worldwide Martial Arts Association (WWMAA). We are committed to protecting your privacy and handling your personal information with care and respect. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and services.

By using WWMAA services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide to us:

• Account Information: Name, email address, phone number, password (encrypted), and profile photo
• Membership Applications: Martial arts experience, training history, instructor information, certifications, and references
• Payment Information: Billing address and payment method details (processed securely through Stripe - we do not store complete credit card numbers)
• Event Registration: RSVP information, dietary restrictions, and emergency contact details
• Communications: Messages, feedback, and support inquiries you send to us
• User-Generated Content: Comments, forum posts, and training session feedback

2.2 Information Collected Automatically

When you use our services, we automatically collect:

• Usage Data: Pages visited, features used, time spent on site, and interaction patterns
• Device Information: Browser type, operating system, device type, and screen resolution
• Log Data: IP address, access times, referring URLs, and error logs
• Cookies and Tracking: Session cookies, preference cookies, and analytics cookies (see Section 8)

2.3 Information from Third Parties

• Payment Processors: Transaction confirmations and payment status from Stripe
• Email Service: Email delivery status and engagement metrics from Postmark and BeeHiiv
• Analytics Providers: Aggregated usage statistics from monitoring tools

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Delivery

• Create and manage your user account
• Process membership applications and approvals
• Facilitate event registration and attendance tracking
• Provide access to training sessions and educational content
• Process payments and manage subscriptions
• Deliver customer support and respond to inquiries

3.2 Communications

• Send transactional emails (account verification, password resets, receipts)
• Notify you about upcoming events, training sessions, and important updates
• Send newsletters and promotional content (with your consent - you can opt out)
• Respond to your comments, questions, and support requests

3.3 Platform Improvement

• Analyze usage patterns to improve our services
• Conduct AI-powered semantic search to enhance content discovery
• Monitor system performance and troubleshoot technical issues
• Develop new features and enhance existing functionality

3.4 Legal and Security

• Comply with legal obligations and enforce our Terms of Service
• Detect, prevent, and address fraud, security risks, and technical issues
• Protect the rights, property, and safety of WWMAA, our users, and the public
• Maintain audit logs for security and compliance purposes

4. Data Storage and Security

4.1 Storage Infrastructure

Your data is stored using ZeroDB, a secure cloud database service hosted in United States data centers. ZeroDB provides:

• Encryption at rest using AES-256
• Encrypted data transmission using TLS 1.3
• Regular automated backups
• ISO 27001 certified infrastructure

4.2 Security Measures

We implement multiple layers of security:

• Password Security: Passwords are hashed using bcrypt with salt
• Authentication: JWT token-based authentication with automatic refresh and blacklisting
• Network Security: Cloudflare WAF (Web Application Firewall) for DDoS protection and threat mitigation
• Access Control: Role-based access control (RBAC) limiting data access to authorized personnel
• Monitoring: Real-time security monitoring using OpenTelemetry, Sentry, and Prometheus
• Audit Logging: Comprehensive audit trails for all sensitive operations

4.3 Data Breach Response

In the event of a data breach, we will:

• Notify affected users within 72 hours
• Report to relevant authorities as required by law
• Take immediate steps to contain and remediate the breach
• Provide guidance on protective measures you can take

5. Third-Party Services

We use trusted third-party services to provide and enhance our platform. These services have their own privacy policies and data handling practices:

6. Data Retention

We retain your information for different periods based on data type:

After retention periods expire, data is permanently deleted or anonymized. Some data may be retained longer if required by law or for legitimate business purposes (e.g., dispute resolution).

7. Your Rights and Choices

7.1 GDPR Rights (EU/UK Residents)

If you are in the European Union or United Kingdom, you have the following rights:

• Right to Access: Request a copy of all personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure (Right to be Forgotten): Request deletion of your personal data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Restrict Processing: Limit how we use your data
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for marketing communications

7.2 CCPA Rights (California Residents)

If you are a California resident, you have the following rights:

• Right to Know: Request disclosure of personal information collected, used, and shared
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of the sale of personal information (Note: We do not sell your personal information)
• Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your rights

7.3 How to Exercise Your Rights

To exercise any of these rights:

1. Email us at privacy@wwmaa.org with your request
2. Include your full name, email address, and specific request
3. We will verify your identity before processing your request
4. We will respond within 30 days (45 days for complex requests)

7.4 Marketing Communications

You can opt out of marketing communications:

• Click the unsubscribe link in any marketing email
• Update your email preferences in your account settings
• Contact us at privacy@wwmaa.org

Note: You cannot opt out of transactional emails (account verification, receipts, etc.) as these are required for service delivery.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience. For detailed information, please see our separate Cookie Policy.

8.1 Types of Cookies We Use

• Essential Cookies: Required for login, session management, and core functionality
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how you use our site
• Marketing Cookies: Used for targeted communications (with your consent)

8.2 Cookie Management

You can control cookies through:

• Our cookie consent banner (shown on first visit)
• Your browser settings (most browsers allow you to block or delete cookies)
• Your account preferences page

9. Children's Privacy (COPPA Compliance)

WWMAA services are intended for users aged 13 and older. We do not knowingly collect personal information from children under 13 without verifiable parental consent.

9.1 Parental Consent

For users aged 13-17, we require parental or guardian consent for membership applications. Parents/guardians can:

• Review their child's information
• Request deletion of their child's data
• Refuse further collection or use of their child's information

9.2 If You Believe We Have Data from a Child Under 13

If you believe we have collected information from a child under 13 without proper consent, please contact us immediately at privacy@wwmaa.org. We will investigate and delete the information promptly.

10. International Data Transfers

WWMAA is based in the United States. Your information is stored on servers located in the United States. If you access our services from outside the United States, your information will be transferred to, stored in, and processed in the United States.

10.1 Data Protection Standards

The United States may not have the same data protection laws as your country. We take measures to ensure your data receives adequate protection:

• We comply with applicable data protection regulations (GDPR, CCPA)
• We use Standard Contractual Clauses for EU data transfers
• We implement technical and organizational security measures
• Third-party services we use are vetted for data protection compliance

10.2 EU-U.S. Data Privacy Framework

We comply with applicable data transfer frameworks and mechanisms approved by regulatory authorities.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons.

11.1 Notification of Changes

When we make changes, we will:

• Update the Last Updated date at the top of this policy
• Increment the version number
• Notify you via email if changes are material (affect how we use your personal information)
• Display a prominent notice on our website
• Require you to accept updated terms on your next login (for material changes)

11.2 Your Responsibility

Please review this Privacy Policy periodically. Your continued use of WWMAA services after changes are posted constitutes your acceptance of the updated policy.

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: