Privacy Policy

Effective Date: September 2025

Teds Path LLC (“Teds Path,” “we,” “us,” or “our”) operates an online library where independent professionals (“Professionals”) publish training presentations and related materials for purchase or free access by users (“Users”). This Privacy Policy explains how we collect, use, share, and protect personal information in connection with www.teds-path.com and any related sites, applications, and services (collectively, the “Services”).

By using the Services, you agree to this Privacy Policy. If you do not agree, do not use the Services.

1) Scope & Roles — Who Does What With Your Information

  • When you use Teds Path (browse, create an account, make a purchase): Teds Path decides what data we collect and how we use it to run the service (accounts, payments, support, security, analytics, emails). You control what data you provide. (EEA/UK: Teds Path is the “controller.”)
  • When a Professional uses Teds Path to deliver training and uploads info about their customers/attendees: The Professional decides what is collected and why. Teds Path only processes it for them and on their instructions (to host, deliver, and support their content). We don’t use it for our own marketing. A Data Processing Addendum (DPA) is available upon request and applies where required by law. (EEA/UK: the Professional is the “controller”; Teds Path is their “processor.”)
  • When content or features come from somewhere else (links, embeds, or third-party tools): If you click through to or interact with third-party content (e.g., an embedded video, article, or a social/login button), that third party’s privacy policy applies to that interaction. We use well-known providers (for example, LearnDash for LMS, Stripe for payments, Google for analytics, Mailchimp for email, Meta/Facebook/Instagram, and LinkedIn for social/ads), and we limit what we share to what’s needed to operate the service.
  • Health information: The Services are not designed to store patient or health-record information (PHI). Please do not upload PHI or other patient-identifiable data.

2) Information We Collect

You provide:

  • Account & profile data (name, email, password, organization, job title, professional credentials).
  • Purchase & payment data (contact details, billing address; limited payment details handled by our payment processor—we do not store full card numbers).
  • Content & support (submissions, comments, survey responses, support requests, dispute/chargeback information).
  • Marketing preferences & consents (e.g., newsletter/event invitations and promotional email/SMS where permitted). We record your choice (opt-in/opt-out), the channels you selected, and the date/time of consent or withdrawal. You can change your mind at any time via unsubscribe links, account settings, replying STOP to SMS, or by contacting us. We may track basic campaign engagement (e.g., opens/clicks) to measure effectiveness, where allowed and subject to your consent where required. Service/transactional emails (receipts, account/security notices) may still be sent even if you opt out of marketing. EEA/UK: We obtain opt-in before sending marketing; U.S. SMS: marketing always requires opt-in and is not a condition of purchase.
  • Professional onboarding data (tax IDs, payout details via our payment processor, course listings, license confirmations, compliance attestations).

Collected automatically:

  • Usage & device data (IP address, approximate location, device/browser type, pages viewed, links clicked, session timestamps, referring/exit pages).
  • Cookies/SDKs & similar (for login, preferences, analytics, advertising/retargeting where enabled, and fraud prevention).

From third parties:

  • Social logins & social interactions (Google, Facebook/Instagram, LinkedIn—limited profile data as permitted by you).
  • Payment processors (Stripe—tokenized payment info, payment status, payouts).
  • Platforms & plugins (e.g., LearnDash LMS, Google services, Mailchimp).
  • Marketing & analytics (e.g., Google Analytics, LinkedIn Insight, Meta tools) subject to your settings and applicable law.

We do not seek or knowingly collect Protected Health Information (PHI), and the Services are not designed to store PHI. Do not upload PHI or other patient-identifiable information.

3) How We Use Information (Purposes & Legal Bases)

We use personal information for the purposes below. For individuals in the EEA/UK, we also list the applicable legal bases required by GDPR/UK GDPR.

What the legal bases mean:

  • Performance of a contract — we need the data to provide what you asked for (e.g., create your account, take payment, give you access).
  • Legitimate interests — we have a reasonable business need (e.g., security, reliability, improving the service) that doesn’t unfairly impact your rights. You can object where applicable.
  • Legal obligation — we must process data to comply with the law (e.g., tax, fraud, recordkeeping).
  • Consent — we only do it if you say yes; you can withdraw consent at any time (this won’t affect what we did before you withdrew).

When we act for a Professional: If a Professional uploads information about their customers/attendees, the Professional is the controller and chooses the legal basis. We process that data only on their instructions under our contract (we are their processor/service provider).

Purposes

  • Service delivery & account administration
    We operate the website/LMS, create and secure accounts, deliver purchases, personalize content, provide support, process payments/payouts, and send necessary service communications (e.g., receipts, security alerts).
    Legal basis (EEA/UK): Performance of a contract; Legitimate interests (service reliability, security, fraud prevention, customer support).
  • Payments & fraud prevention
    We process transactions and payouts; detect and prevent fraud, abuse, and security incidents.
    Legal basis (EEA/UK): Performance of a contract; Legitimate interests (fraud prevention, platform integrity); Legal obligation (e.g., tax/recordkeeping, AML where applicable).
  • Improvement & analytics
    We analyze aggregated usage to fix bugs, improve features, and maintain quality. For analytics that rely on cookies/SDKs, we follow regional rules.
    Legal basis (EEA/UK): Legitimate interests (improving the Services); Consent where required for analytics cookies/SDKs.
  • Marketing & communications
    We send service notices and (if you opt in or law allows) newsletters, offers, event information, and SMS (if enabled). You can change preferences any time (unsubscribe/STOP/account settings).
    Legal basis (EEA/UK): Consent where required (you can withdraw at any time); Legitimate interests for certain B2B communications as permitted.
  • Compliance & safety
    We enforce our terms and policies; handle claims; protect rights, Users, and the public; and respond to lawful requests.
    Legal basis (EEA/UK): Legal obligation; Legitimate interests (protecting the Services and Users).
  • De-identification & aggregation
    We create aggregated or de-identified data for lawful business purposes (e.g., stats, reporting).
    Legal basis (EEA/UK): Legitimate interests.

Consent controls: Where we rely on consent, you can withdraw at any time via Cookie Settings, unsubscribe links, account settings, or by contacting us (or replying STOP to SMS). Withdrawal is not retroactive (it will not affect prior processing).

Canada (PIPEDA). We follow PIPEDA’s fair information principles, including identifying purposes, obtaining meaningful consent, limiting collection/use/disclosure, safeguarding information, and providing access/correction rights.

4) Cookies, Pixel Tags & Consent Management

We use cookies, pixels, and SDKs for authentication, preferences, analytics, and—where enabled—advertising/retargeting. We provide a consent management tool for EEA/UK visitors (and other regions where required) to obtain opt-in before placing non-essential cookies. Your choices include our consent banner, browser/device settings, and opt-out links in the Services.

Do Not Track: Some browsers transmit “Do Not Track” signals. We do not respond to such signals at this time; please use the controls above. We honor Global Privacy Control (GPC) signals where required by law.

5) How We Share Information

  • Service providers/Processors: hosting, LMS functionality (e.g., LearnDash), analytics (e.g., Google), email/SMS (e.g., Mailchimp), payment processing (e.g., Stripe), social integrations (e.g., Facebook/Instagram, LinkedIn), fraud prevention, support, and operations—under our instructions.
  • Professionals: if you purchase or enroll in a Professional’s presentation, we may share your name, email, and relevant engagement metrics with that Professional to support delivery, compliance, and revenue sharing. Professionals must use such data only for permitted purposes and must comply with applicable laws.
  • Business transfers: in a merger, acquisition, financing, or sale of assets, data may be transferred as permitted by law.
  • Legal & safety: to comply with law, respond to legal requests, or protect our rights, Users, or the public.
  • With consent. We share in other ways with your consent or at your direction.
  • De‑identified data. We may share aggregated/de‑identified information for lawful purposes.

We do not sell personal information. Where “share” for cross-context behavioral advertising is regulated, we do not share for that purpose unless you opt in via our consent tools, and you may opt out at any time.

6) International Data Transfers & Representatives

We are U.S.-based and may process data in the U.S. and other countries. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses and, where applicable, the UK Addendum/IDTA) and recognized transfer mechanisms.

Canada (including Quebec). Your information may be transferred outside Canada (and, for Quebec residents, outside Quebec). We provide notice at collection that such transfers may occur and implement appropriate safeguards. For Quebec residents, we conduct a transfer assessment and proceed only where the information would receive adequate protection under the circumstances, consistent with Quebec’s private-sector privacy law (Law 25).

Quebec — Privacy Officer & governance. The person exercising the highest authority is responsible for personal information; we designate a Privacy Officer and publish their title and contact information. We also maintain governance policies and conduct privacy impact assessments for certain projects.

EEA/UK representatives: If we offer goods/services to individuals in the EEA/UK or monitor their behavior, we will appoint an EU/EEA representative and a UK representative under GDPR/UK GDPR Art. 27. Contact details (once appointed) will be posted here.

7) Data Retention

We retain personal information for as long as necessary for the purposes described, to comply with legal obligations, resolve disputes, and enforce agreements. We may retain de-identified data indefinitely.

8) Your Choices & Rights

  • Marketing: opt out via emails or in-product controls (and reply STOP to SMS).
  • Cookies/Analytics: use the consent banner and browser/device controls.
  • Access / Deletion / Correction / Portability / Restriction / Objection: submit a request to admin@teds-path.com. We may verify your identity and respond as required by law. Authorized agent requests are honored where applicable.
  • California minors (B&P § 22580): if you are a California resident under 18 and have posted content, you may request removal as described in the Services; note that complete removal may not be possible in all circumstances.

California (CPRA) & U.S. State Privacy Addendum (CO, CT, UT, VA, TX, OR and any other applicable U.S. state laws). We describe categories collected, purposes, sources, and disclosures; honor rights to know, delete, correct, and limit sensitive PI; and provide opt-out/opt-in where applicable. We do not sell personal information. We do not share for cross-context behavioral advertising unless you opt in. Residents of the listed states may exercise their rights via admin@teds-path.com; appeals of denial will be honored as required.

EEA/UK (GDPR). You have GDPR rights; you may contact your local authority. Where we act as a processor for a Professional, please direct requests to that Professional; we will assist as required.

Canada (PIPEDA & provincial laws). You have the right to access personal information we hold about you and to challenge its accuracy and completeness and request corrections; you may also withdraw consent (subject to legal/contractual limits and reasonable notice). If we act as a service provider/processor for a Professional, please direct your request to that Professional; we will assist them as required. You may complain to the Office of the Privacy Commissioner of Canada (OPC) or your provincial privacy regulator.

9) Children

The Services are not directed to children under 13 (or under 16 in the EEA/UK where consent rules apply). If you believe a child provided personal information, contact us for deletion.
Quebec (Law 25). Collecting personal information from a minor under 14 generally requires consent from a parent or guardian.

10) Security

  • We use administrative, technical, and physical safeguards appropriate to the risk (e.g., encryption in transit, access controls, monitoring). No system is 100% secure. We maintain a written information security program designed to meet the New York SHIELD Act standard of “reasonable safeguards” and vendor oversight.

  • Security incidents & breaches. We investigate potential incidents and, where required, will provide notifications consistent with applicable law, including New York Gen. Bus. Law § 899-aa (breach notification).

  • Quebec (Law 25). If a confidentiality incident presents a risk of serious injury, we notify Quebec’s Commission d’accès à l’information (CAI) and affected individuals, as required.

11) Notices at Collection (U.S.)

At or before the point of collection (e.g., account creation, checkout, newsletter sign-up), we provide links to this Policy and the U.S. State Privacy Addendum. For California, we also provide a “Your Privacy Choices” link where required.

12) Contact & Complaints

  • Contact:
    Teds Path LLC
    418 Broadway STE R
    Albany, NY 12207
    USA
    Email: admin@teds-path.com
    Tel: 914-288-5402

  • Complaints: We encourage you to contact us first so we can try to resolve your concern.
  • Canadians may also contact the Office of the Privacy Commissioner of Canada or their provincial privacy regulator.
  • Language — Quebec. A French-language version of this Policy is available. La version française de la présente Politique est disponible.
  • We may update this Policy from time to time.