Privacy Policy

Last updated: April 8, 2026

Your Privacy at a Glance

  • We collect only what we need: your name, email, and learning progress.
  • We never see your full card number. Payments are tokenized by PCI-certified processors.
  • We never sell, rent, or trade your personal data. Period.
  • You can access, export, correct, or delete your data at any time.
  • We respond to all data requests within 30 days.

Contents

WeissGuitar ("we," "us," or "our") is committed to protecting your personal data. This Privacy Policy explains what information we collect, why we collect it, how we safeguard it, and what rights you have. It applies to all visitors and users of weissguitar.com, learn.weissguitar.com, and any related services we operate.

1. Who We Are

WeissGuitar is an online guitar education platform operated by Daniel Weiss as a sole proprietorship based in Israel. For the purposes of applicable data protection laws, including the EU General Data Protection Regulation (GDPR), Daniel Weiss is the data controller.

Data Controller: Daniel Weiss

Email: [email protected]

Website: weissguitar.com

2. Information We Collect

We collect only the data necessary to deliver our courses, process payments, and improve your experience. Here is exactly what we collect and why.

2.1 Account Data

When you create an account or make a purchase, we collect your name and email address. This is required to give you access to courses, send receipts, and provide support.

2.2 Payment Data

We never collect, see, or store your full credit card number. All card payments are processed by PayPlus (PCI DSS SAQ-A compliant). PayPlus stores card tokens for recurring subscription billing on our behalf. We receive only a tokenized reference and the last four digits of your card for record-keeping. If you pay via PayPal, we receive your PayPal email address and transaction ID.

2.3 Subscription Data

If you subscribe to the Improvisers Academy or other subscription products, we store your plan type, billing dates, payment history, and cancellation reason (if provided) to manage your account and billing.

2.4 Learning Data

To track your progress and provide a personalized experience, we store lesson completions, practice streaks, bookmarks, your last visited lesson, and video playback positions. Some of this data is stored locally in your browser using browser-based storage and may also be synced to our servers when you are logged in. This data is tied to your account and is exportable on request.

2.5 Session and Authentication Data

When you log in to our learning platform, we use secure, short-lived session tokens to keep you authenticated. These are strictly functional and contain no personal data beyond your account identifier.

2.6 Analytics Data

We use Google Analytics 4 with IP anonymization enabled to understand how visitors use our site (pages viewed, session duration, device type). We also use the Meta (Facebook) Pixel to measure the effectiveness of our advertising. Both tools use cookies described in Section 5.

2.7 Feedback and Communications

If you submit feedback through our platform widget or contact us by email, we store your message and email address to respond and improve our service. Feedback submissions are stored in our feedback management tools.

3. Legal Bases for Processing (GDPR)

Under the GDPR, we process personal data on the following legal bases:

Processing Activity Legal Basis
Account creation and course delivery Performance of a contract (Art. 6(1)(b))
Payment processing and invoicing Performance of a contract (Art. 6(1)(b))
Subscription management and recurring billing Performance of a contract (Art. 6(1)(b))
Transactional emails (receipts, billing alerts) Performance of a contract (Art. 6(1)(b))
Marketing emails (tips, offers, newsletters) Consent (Art. 6(1)(a))
Analytics and site improvement Legitimate interest (Art. 6(1)(f))
Advertising measurement (Meta Pixel) Consent (Art. 6(1)(a))
Fraud prevention and security Legitimate interest (Art. 6(1)(f))
Tax and accounting records Legal obligation (Art. 6(1)(c))

Where we rely on legitimate interest, we have assessed that our processing does not override your fundamental rights or freedoms. You may object to processing based on legitimate interest at any time (see Section 10).

4. How We Use Your Information

We use your data for the following purposes and no others:

  • Deliver our service: create your account, grant course access, track your progress, and manage subscriptions.
  • Process payments: charge your chosen payment method, issue invoices, handle refunds, and manage recurring billing cycles.
  • Communicate with you: send transactional emails (receipts, billing alerts, password resets, course updates). These are not marketing and cannot be opted out of while your account is active.
  • Marketing (with your consent): send educational content, practice tips, and promotional offers via Mailchimp. You can unsubscribe at any time using the link in every email.
  • Improve our platform: analyze anonymized usage patterns to make the learning experience better.
  • Measure advertising: understand which ads lead to sign-ups so we can invest in content that reaches the right students.
  • Comply with the law: maintain financial records as required by Israeli tax law and respond to lawful requests from authorities.

We never sell, rent, or trade your personal data. We never share it with unrelated third parties for their own marketing.

5. Cookies and Local Storage

We use cookies and browser local storage to operate and improve our service. Here is the complete list:

We use three types of cookies:

  • Essential cookies: Required for login and authentication. Without these, you cannot access your courses.
  • Analytics cookies: Google Analytics helps us understand how visitors use our site (anonymized, no personal data).
  • Advertising cookies: Meta (Facebook) Pixel measures the effectiveness of our ads so we can reach the right students.

Local Storage

Our learning platform saves your lesson progress, bookmarks, and preferences in your browser. This data is also synced to our servers when you are logged in, so your progress is preserved across devices.

Managing Cookies

You can control or delete cookies through your browser settings. Disabling essential cookies may prevent you from logging in. Disabling analytics or advertising cookies will not affect your ability to use our courses.

6. Third-Party Processors

We work with a small number of trusted service providers to deliver our courses, process payments, and improve your experience. We only share the minimum data each provider needs to do its job.

  • Payment processing: PayPlus (Israel) and PayPal handle all card and payment transactions. We never see your full card number.
  • Email: Mailchimp sends our newsletters and educational emails (only if you opt in).
  • Analytics: Google Analytics (anonymized) and Meta Pixel help us understand site usage and measure ad performance.
  • Video: A third-party video hosting provider delivers our course videos.
  • Invoicing: Our invoicing service generates purchase receipts.
  • Hosting and infrastructure: Our website and learning platform are hosted on secure, encrypted servers in Israel, the US, and the EU.

Each provider operates under its own privacy policy and applicable data protection agreements. None of these providers use your data for their own marketing purposes.

We may also disclose data if required by law, court order, or to protect the rights, property, or safety of WeissGuitar, our users, or others.

7. International Data Transfers

WeissGuitar is based in Israel, and some of our service providers are located in the United States and other countries. Your data may be transferred to, and processed in, countries other than the one in which you reside.

Israel: The European Commission has recognized Israel as providing an adequate level of data protection (Commission Decision 2011/61/EU). Transfers from the EU/EEA to Israel are therefore permitted without additional safeguards.

United States: Where our US-based processors are certified under the EU-US Data Privacy Framework, transfers rely on that framework. For all other US transfers, we rely on Standard Contractual Clauses (SCCs) or the processor's binding corporate rules, as applicable.

We ensure that any international transfer of personal data is subject to appropriate safeguards in accordance with applicable data protection law.

8. Data Security

We take the security of your data seriously and implement appropriate technical and organizational measures, including:

  • Encrypted connections: all data transmitted between your browser and our servers is encrypted (HTTPS).
  • Payment isolation: we never receive or store full card numbers. PCI-certified payment processors handle all card data.
  • Secure authentication: we use industry-standard secure session management with short-lived tokens.
  • Access control: our servers use industry-standard access controls.
  • Regular backups: automated daily backups ensure your data is protected against loss.

No system is perfectly secure. While we take all reasonable precautions, we cannot guarantee absolute security. If we become aware of a data breach that may affect your rights, we will notify affected users as soon as reasonably possible and inform the relevant authorities as required by law.

9. Data Retention

We retain data only as long as necessary for its stated purpose. Specific retention periods:

Data TypeRetention Period
Account data (name, email) While your account is active, plus 90 days after a deletion request
Payment tokens Deleted when subscription is cancelled and any grace period expires
Learning progress While your account is active. Exportable on request before deletion.
Subscription data While your subscription is active. Summary records retained for billing history.
Analytics data Per Google and Meta retention policies (14 months by default)
Audit and security logs 90 days
Session data Auto-expired. Sessions expire after a period of inactivity.
Invoices and tax records 7 years, as required by Israeli tax law
Marketing consent records For as long as you remain subscribed, plus 3 years after unsubscribe

When data reaches the end of its retention period, it is securely deleted or anonymized.

10. Your Rights

Depending on where you live, you may have the following rights under applicable data protection laws (including the GDPR, UK GDPR, CCPA/CPRA, and Israeli Privacy Protection Law):

  • Right of access: request a copy of all personal data we hold about you.
  • Right to rectification: correct any inaccurate or incomplete data. You can update your account information at any time through the platform, or contact us for assistance.
  • Right to erasure ("right to be forgotten"): request deletion of your account and associated data. We will comply within 30 days, subject to any legal obligations to retain certain records (e.g., tax invoices).
  • Right to data portability: receive your personal data (including learning progress) in a structured, machine-readable format.
  • Right to restrict processing: request that we limit how we use your data in certain circumstances.
  • Right to object: object to processing based on legitimate interest, including profiling. We will cease processing unless we demonstrate compelling legitimate grounds.
  • Right to withdraw consent: where processing is based on consent (marketing emails, advertising cookies), you may withdraw that consent at any time. For emails, use the unsubscribe link. For cookies, adjust your browser settings.
  • Right to lodge a complaint: you have the right to file a complaint with a supervisory authority. For EU residents, this is your local Data Protection Authority. For Israeli residents, this is the Israeli Privacy Protection Authority (PPA).

For California Residents (CCPA/CPRA)

If you are a California resident, you additionally have the right to:

  • Know what personal information is collected, used, and shared.
  • Request deletion of your personal information.
  • Opt out of the "sale" or "sharing" of personal information. We do not sell personal information. Our use of analytics and advertising pixels may constitute "sharing" under the CPRA. You can opt out by disabling third-party cookies in your browser.
  • Not be discriminated against for exercising your rights.

How to Exercise Your Rights

Email [email protected] with the subject line "Data Request" and describe what you need. We will verify your identity and respond within 30 days. There is no fee for exercising these rights. If a request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse the request, and we will explain why.

11. Children and Minors

Our service is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16 without parental consent.

Users between the ages of 16 and 18 may use our platform with the involvement and consent of a parent or legal guardian. Any account or purchase for a minor must be registered and managed by a parent or guardian.

If we become aware that we have collected personal data from a child under 16 without valid parental consent, we will delete that data promptly. If you believe a child has provided us with personal data without consent, please contact us at [email protected].

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page.

For significant changes that affect how we process your data, we will notify you by email or through a prominent notice on our website before the changes take effect. Your continued use of our service after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, want to exercise your data rights, or have concerns about how we handle your information, please contact us:

Daniel Weiss, Data Controller

[email protected]

weissguitar.com

We aim to respond to all data-related inquiries within 30 days.