Privacy Policy

The Basics

  1. We store your data if you’ve created an account, made a purchase, or left a blog comment. We keep this data indefinitely.
  2. Customer data is encrypted and stored in remote and local backups. Remote backups are protected by 2-Factor Authentication.
  3. Our site places a number of temporary cookies on your computer. These help your browser track short-term user sessions such as online orders, and can also be used by your browser to increase the performance of our website by utilizing temporary caching.
  4. We are happy to remove any identifying data we have stored on you at any point across all of our resources.

Want a more detailed explanation? Read below.

Who we are

Company: TheraCupping, LLC

Phone: (828) 232-1622

Address: ACE Massage Cupping™ & MediCupping™
PO Box 1266
Asheville, NC 28802


Office Email: [email protected]

Contact Form: Support

Data Protection Officer

Name: Peter Downey

DPO Email: [email protected]

What personal data we collect and why we collect it


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Users that submit a form through our website have a number of data points tracked. Each form includes the users ID number and email address (if logged in). We also record the IP address (IPv4 and/or IPv6) of the user when the form was submitted. This information is shared only within our office email system and is not stored in our site database.

The contents of the submitted forms are not saved in the site database for any period of time. However, this data is saved in our email system.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

If you attempt to find a local cupping therapy practitioner using our interactive mapping system, the map software will automatically attempt to locate your computer based on the IP address of your device. A temporary cookie will be placed on your system for your user session. This cookie expires within a day.

When shopping at our online store, a session cookie will be placed on your system if you add an item to your cart. This cookie will remain on your computer for a number of days and allows you to return to your shopping cart later on if you did not complete your purchase.

When visiting our websites in any way, our site will attempt to create temporary cookies that instruct your device to store our site’s resources in a temporary cache. This practice is near universally employed by all websites, and is done to increase the loading speed of our site on your device. These cookies and temporary cache resources are generally set to expire within 1-30 days.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.


We utilize at least one type of analytics tracking method our our site: Google Analytics. The privacy policy for Google Analytics can be found at

Order information

Order information includes the user’s IP address (IPv4 and/or IPv6), name, billing / shipping address, phone number, and email. This information is used to process and fulfill online orders at our store. This data is linked to the user’s account created during or prior to checkout. Records of past orders by that user account are tracked and searchable by ACE, and may be used to create geographic databases of customers for marketing purposes.

Who we share your data with

Student information

TheraCupping, LLC shares your data with our team of Certified Educators that teach our classes. This is a small group of around a dozen people that work with us directly. You can learn more about our educators and view their contact information at We use this data to contact past or potential students to alert them about upcoming classes in their area.

Email addresses

Users that complete a purchase at our online store have their email address, city, and name stored in our email marketing database hosted through SendInBlue. This data is automatically sent via a secure https connection to SendinBlue’s servers.  SendinBlue’s privacy policy can be found at

Where do we keep your data?

Site data

Information including orders, user accounts, comments, etc is stored in an encrypted MySQL database located on our hosting server.


Hourly backups of our site database is stored in a Dropbox account protected by 2-Factor Authentication (2-FA).


  • Zoho: Main email hosting service. This data is kept indefinitely and secured via 2-FA.
  • Mailgun: Transactional email provider. Mailgun retains full logs of our outgoing transactional emails for a period of 30 days. This data includes the plain text contents for only our outgoing transactional emails sent by our online store.
  • SendinBlue: Marketing email provider. We store the email address, city, and name of customers after they’ve placed an order at our online store. This data is kept indefinitely and secured via 2-FA.

How long we retain your data

Blog comments

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

Registered users

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Online orders

Information about online orders is stores in our encrypted database. This data includes a full history of purchases made by a user, that user’s full billing and contact information, as well as the IP address (IPv4 and/or IPv6) used when making each purchase. This data is cleared every 3 years. Data that is older than 3 years is exported and saved in a secured backup database in the event that we need to reference an order older than 3 years.

Class information

We store student’s class information indefinitely. This includes quiz grades, course progress, certificates, and access to the online courses.

Email addresses

We store your email data in 3 locations:

  • Zoho: Main email hosting service. This data is kept indefinitely.
  • Mailgun: Transactional email provider. Mailgun retains full logs of our outgoing transactional emails for a period of 30 days.
  • SendinBlue: Marketing email provider. This data is kept indefinitely.

How we protect your data

TheraCupping, LLC maintains our own Linux-powered hosting servers, powered by our partners at VisiStruct. These servers use open source software that is vetted for security and safety by the contributing public. Our team performs weekly security assessments on our hosting environment and performs any regular security updates as needed. In addition, our team receives daily and emergency alerts for any advisories related to the software packages that we use to run our sites. Our full time and on-call staff are available 24/7 in the event that our servers need an emergency security update.

Any accounts that contain sensitive user information are protected using complex passwords and secured using 2-FA.

Database backups are encrypted and stored locally and remotely using a Dropbox account secured with 2-FA.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Order information including name, email address, and city is exported to a private database located at SendinBlue. This data is used in-house only for marketing purposes.

Orders information for users that purchase massage cupping equipment is send securely to our shipping fulfillment partners at Lhasa OMS.

All incoming and outgoing internet traffic is sent through Cloudflare, our Content Delivery Service. This data is fully encrypted from the server to cloudflare, and then from cloudflare to your device. We maintain an A+ encryption rating for the SSL protocols used on this site. View current score. Cloudflare does not store any user data, nor does it analyze the traffic flowing through the network.

Additional information

What data breach procedures we have in place

In the event of a data breach, affected users will be notified within 72 hours after the breach has been identified. Should a breach be detected, online order processing and user registration would be halted immediately to prevent any further data from leaking out. Users will be notified by email for low to moderate risk breaches. In the unlike event of a high risk data breach, we may additionally contact users via phone if warranted.

Can I view, delete or update my information from your databases?

Yes, absolutely. To update, export, or delete any of your personal information, click the corresponding link below.

For other questions related to privacy or GDPR, please contact our Data Protection Officer at [email protected].

What automated decision making and/or profiling we do with user data

We currently utilize SendinBlue to compile lists of potential students for upcoming classes in their area. This data is automatically filtered from a main database by scanning the user’s city.

Obsolete data policy

Data that we no longer have a business-related use for is destroyed safely and securely. Wipes of this data is done using a multi-pass system that ensures the data is deleted and then written over multiple times to prevent recovery.

Can you stop storing my data for future visits or purchases?

Since we require that a user must have an account before making a purchase at our online store, it is not possible to make a purchase without our website storing some data on that user. However, a user may request that we delete their user data at any time after they’ve completed their purchase.

Furthermore, users may use script-blocking software to blacklist our site from setting any tracking cookies whatsoever. Using such software may limit some features on our site from working properly.

Privacy Policy policy

We are committed to maintaining and updating our privacy policy in the future should the need arise.

Users will be notified of any updates to the privacy policy within 72 hours of a change.

Privacy policy last updated: 05/25/2018.