Want a more detailed explanation? Read below.
Company: TheraCupping, LLC
Phone: (828) 232-1622
Address: ACE Massage Cupping™ & MediCupping™
PO Box 1266
Asheville, NC 28802
Office Email: [email protected]
Contact Form: Support
Name: Peter Downey
DPO Email: [email protected]
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Users that submit a form through our website have a number of data points tracked. Each form includes the users ID number and email address (if logged in). We also record the IP address (IPv4 and/or IPv6) of the user when the form was submitted. This information is shared only within our office email system and is not stored in our site database.
The contents of the submitted forms are not saved in the site database for any period of time. However, this data is saved in our email system.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
If you attempt to find a local cupping therapy practitioner using our interactive mapping system, the map software will automatically attempt to locate your computer based on the IP address of your device. A temporary cookie will be placed on your system for your user session. This cookie expires within a day.
When shopping at our online store, a session cookie will be placed on your system if you add an item to your cart. This cookie will remain on your computer for a number of days and allows you to return to your shopping cart later on if you did not complete your purchase.
When visiting our websites in any way, our site will attempt to create temporary cookies that instruct your device to store our site’s resources in a temporary cache. This practice is near universally employed by all websites, and is done to increase the loading speed of our site on your device. These cookies and temporary cache resources are generally set to expire within 1-30 days.
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Order information includes the user’s IP address (IPv4 and/or IPv6), name, billing / shipping address, phone number, and email. This information is used to process and fulfill online orders at our store. This data is linked to the user’s account created during or prior to checkout. Records of past orders by that user account are tracked and searchable by ACE, and may be used to create geographic databases of customers for marketing purposes.
TheraCupping, LLC shares your data with our team of Certified Educators that teach our classes. This is a small group of around a dozen people that work with us directly. You can learn more about our educators and view their contact information at https://massagecupping.com/ace-educators-and-staff/. We use this data to contact past or potential students to alert them about upcoming classes in their area.
Information including orders, user accounts, comments, etc is stored in an encrypted MySQL database located on our hosting server.
Hourly backups of our site database is stored in a Dropbox account protected by 2-Factor Authentication (2-FA).
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Information about online orders is stores in our encrypted database. This data includes a full history of purchases made by a user, that user’s full billing and contact information, as well as the IP address (IPv4 and/or IPv6) used when making each purchase. This data is cleared every 3 years. Data that is older than 3 years is exported and saved in a secured backup database in the event that we need to reference an order older than 3 years.
We store student’s class information indefinitely. This includes quiz grades, course progress, certificates, and access to the online courses.
We store your email data in 3 locations:
TheraCupping, LLC maintains our own Linux-powered hosting servers, powered by our partners at VisiStruct. These servers use open source software that is vetted for security and safety by the contributing public. Our team performs weekly security assessments on our hosting environment and performs any regular security updates as needed. In addition, our team receives daily and emergency alerts for any advisories related to the software packages that we use to run our sites. Our full time and on-call staff are available 24/7 in the event that our servers need an emergency security update.
Any accounts that contain sensitive user information are protected using complex passwords and secured using 2-FA.
Database backups are encrypted and stored locally and remotely using a Dropbox account secured with 2-FA.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Visitor comments may be checked through an automated spam detection service.
Order information including name, email address, and city is exported to a private database located at SendinBlue. This data is used in-house only for marketing purposes.
Orders information for users that purchase massage cupping equipment is send securely to our shipping fulfillment partners at Lhasa OMS.
All incoming and outgoing internet traffic is sent through Cloudflare, our Content Delivery Service. This data is fully encrypted from the server to cloudflare, and then from cloudflare to your device. We maintain an A+ encryption rating for the SSL protocols used on this site. View current score. Cloudflare does not store any user data, nor does it analyze the traffic flowing through the network.
In the event of a data breach, affected users will be notified within 72 hours after the breach has been identified. Should a breach be detected, online order processing and user registration would be halted immediately to prevent any further data from leaking out. Users will be notified by email for low to moderate risk breaches. In the unlike event of a high risk data breach, we may additionally contact users via phone if warranted.
Yes, absolutely. To update, export, or delete any of your personal information, click the corresponding link below.
For other questions related to privacy or GDPR, please contact our Data Protection Officer at [email protected]
We currently utilize SendinBlue to compile lists of potential students for upcoming classes in their area. This data is automatically filtered from a main database by scanning the user’s city.
Data that we no longer have a business-related use for is destroyed safely and securely. Wipes of this data is done using a multi-pass system that ensures the data is deleted and then written over multiple times to prevent recovery.
Since we require that a user must have an account before making a purchase at our online store, it is not possible to make a purchase without our website storing some data on that user. However, a user may request that we delete their user data at any time after they’ve completed their purchase.
Furthermore, users may use script-blocking software to blacklist our site from setting any tracking cookies whatsoever. Using such software may limit some features on our site from working properly.