Effective Date: September 16, 2025
Elevia Academy LLC (“Elevia,” “we,” “us,” “our”), 13340 SW 32nd St, Miami, FL 33175, USA. We determine the purposes and means of processing personal information for Elevia’s website, app, and online classes.
How to contact us about privacy:
General support: [email protected]
Mail: Address above.
California Certain State “Notice at Collection” (summary)
We collect the categories of personal information described in Sections 2–3 for the purposes in Section 4, retain them for the time periods in Section 11, and disclose them to service providers in Section 6. We do not “sell” or “share” children’s personal information and we do not use children’s personal information for targeted advertising. For parents guardians, we do not sell personal information and do not share it for cross context behavioral advertising. If that changes, we will update this Policy and provide an opt out link and honor Global Privacy Control (GPC) signals.
1) Scope
This Policy covers personal information we collect about parents guardians and students when you visit our site app, enroll, attend classes, or communicate with us. It does not cover third party sites or services you access via links (their policies apply).
Elevia operates: GoHighLevel (GHL) for the parent CRM subscriptions, Elevia’s student app (calendar, materials, class links), Zoom for live classes (recordings 10 days), and Firebase only if community features aren’t handled by GHL.
2) What We Collect (categories & examples)
Parent Guardian Data
(i) Identifiers & contact: name, email, phone, billing address. (ii)Billing & payments: payment method details processed by our payment processor (we do not store full card numbers). (iii) Subscription & communications preferences (email SMS opt ins).
Student Data (account & classroom)
(i) Identifiers: student name, age, and email (to send the activation email and create the student login). (ii) Classroom data: class enrollments, attendance, teacher posted materials, and teacher feedback. (iii) No student social features: the app limits students to class calendar, Zoom sessions, and materials; there are no forums or student to student messaging.
Usage & device data
Technical data for security performance: IP address, device browser data, general logs diagnostics, and cookie or similar identifiers (see Section 8).
Media in class
Live session audio video and class content. Class recordings may be available to enrolled families for 10 days (not public), then archived deleted per our retention policy.
Sensitive data
We do not intentionally collect children’s precise geolocation, biometric identifiers, or health records.
3) Sources of Personal Information
(i) Directly from parents or guardians (enrollment, billing, support) and students (use of the app classes). (ii) Teachers (classroom context only).(iii) Service providers (payment processors, communications tools, hosting).
4) Why We Use Data (purpose limitation & minimization)
We collect and use information only as reasonably necessary to:
Deliver classes, calendars, materials, and account management.
Operate Zoom sessions and limited replays ( 10 days), support safety integrity, and prevent fraud abuse.
Communicate with parents guardians (service transactional messages; optional marketing to adults only).
Maintain security, debug repair, produce analytics, and comply with law, accounting, and tax obligations.
COPPA emphasizes data minimization and written retention limits for children’s data; we align our practices accordingly.
5) Children’s Privacy (COPPA)
Applicability & baseline
Our student app is child directed but intentionally limited (no peer messaging). We provide direct notice to parents and obtain verifiable parental consent (VPC) before collecting, using, or disclosing a child’s personal information.Verifiable Parental Consent (VPC)
We use VPC methods reasonably designed to ensure the person providing consent is the parent guardian payment tied consent, knowledge based questions, live video verification, or other FTC recognized methods. We maintain consent logs.Disclosures & advertising limits
We do not use children’s data for targeted advertising and do not sell share children’s personal information. For disclosures not integral to the service (e.g., non operational third party uses), separate opt in VPC is required under the 2025 COPPA amendments.Parental rights
Parents may review, delete, or withdraw consent by emailing [Privacy Request Email]. We will verify the requestor’s identity authority and respond within legally required timeframes.Retention & deletion for children’s data
We delete children’s personal information when no longer reasonably necessary for the disclosed purposes, including removal of classroom recordings following the 10 day availability window.
6) How We Disclose Information (Service Providers; No Sale of Children’s Data)
We disclose personal information to service providers under written contracts restricting use to our instructions for example Zoom (live classes), GoHighLevel (subscriptions CRM for parents), Firebase (community if GHL cannot support it), payment processors, and hosting security vendors. We do not sell children’s personal information and do not use it for targeted advertising. We may also disclose information: (i) to comply with law, legal process, or lawful requests; (ii) to protect users and the integrity of our Services; (iii) in a corporate transaction (e.g., merger), where successor entities must honor this Policy.
7) Marketing; Email & SMS (Parents Guardians Only)
Marketing is directed only to parents guardians who opt in. You can opt out of emails anytime; for SMS, reply STOP. We comply with the TCPA and applicable FCC rules. Note: the FCC’s “one to one” lead generator consent rule was vacated removed in 2025; we still follow seller specific consent as a best practice for clarity.
8) Cookies, Analytics & Global Privacy Control (GPC)
We use cookies or similar technologies for: (i) core functionality (authentication, security), (ii) preferences, and (iii) first party analytics. We do not use children’s data for cross context behavioral advertising. Where state law treats cross context behavioral advertising as a “sale” or “share,” we provide opt out mechanisms and honor GPC signals for covered users.
9) Your U.S. State Privacy Rights
Depending on your state (including CA, VA, CO, CT, UT, TX, OR, DE, IA, IN, TN, MT, NJ, MN, NE, NH, and others as laws take effect), you may have rights to access, correct, delete, data portability, and opt out of sale sharing targeted advertising and certain profiling, plus an appeals
process for denials.
How to submit: Use ____________________ or email ______________________.
Verification: We will verify your identity (and, for children, confirm parental authority).
Timing: We generally respond within 45 days, extendable once by 45 days where permitted with notice of the reason.
Appeals: If we deny your request, you may appeal (instructions will be provided). Under many state laws (e.g., Virginia), we respond to appeals within 60 days and inform you of your right to contact the Attorney General if you remain dissatisfied.
GPC: For covered states, we treat GPC as a valid opt out signal.
Tracking the patchwork: We monitor the evolving state privacy landscape through recognized trackers to keep this notice current.
10) Data Security
We use administrative, technical, and physical safeguards proportionate to the sensitivity of data and risk, including role based access, encryption in transit, least privilege access, credential and key management, vendor security diligence, logging monitoring, and incident response. No system is 100% secure; if you suspect an incident, contact ________________________ promptly.
11) Data Retention (how long we keep information)
We maintain a written retention schedule and delete or de identify data when no longer needed for the purposes in Section 4, subject to legal accounting requirements:
(i) Class recordings (student audio video): available to enrolled families for 10 days, then archived deleted per policy. (ii) Account, billing & tax records (parent): typically 3–7 years(varies by record type and law). (iii) Consent & safety logs: typically 5 years after last interaction (longer if needed for legal defense). (iv) Security & device logs: typically 12–24 months (shorter where feasible). (v) Support tickets & communications: until resolved + a reasonable period for audit training, then
deletion anonymization. Children’s data is retained only as long as reasonably necessary for the stated educational purposes and then deleted, consistent with COPPA’s updated retention limits.
12) International Users
Our Services are intended for U.S. families. If you access them from outside the U.S., you consent to processing in the United States (which may have different privacy protections than your jurisdiction).
13) Children’s Media & Publicity (separate from operations)
Operational class recordings are not public and are used only for educational operational purposes within the 10 day window. For marketing publicity use of a child’s likeness, Elevia requires a separate, optional consent that you can withdraw prospectively at any time by contacting us.
14) Do Not Track (DNT)
Browser DNT signals are not standardized. Where required, we recognize GPC as an opt out preference signal.
15) Third Party Links & Services
Links to third party sites services are provided for convenience. Their privacy practices govern those services.
16) Your Choices & Controls
Account settings: update contact info and preferences.
Cookies: manage through your browser and our _______________________.
Privacy rights: exercise via ________________ or __________________ (see Section 9).
17) FERPA (schools vs. direct to consumer)
Elevia is a direct to consumer education provider. FERPA generally applies to educational agencies institutions receiving U.S. Department of Education funds; if Elevia later provides services on behalf of a school, FERPA obligations may apply to that relationship.
18) Changes to this Policy
18.1 Notice of updates: When we update this Privacy Policy, we will post a revised version with a new Effective Date at the top and display a conspicuous Last Updated line. For changes that are material, we will also provide prominent notice within our product (for example, a banner or interstitial) and send an email to the parent or guardian on file using the contact information associated with the account.
18.2 What we consider “material.”: A change is treated as material when it meaningfully alters what a reasonable user would expect from this Policy or affects user rights or our obligations. By way of illustration, material changes include: (a) expanding the categories of personal information collected (such as beginning to collect precise geolocation or biometrics); (b) adding or modifying purposes of use beyond those disclosed (for example, using children’s data for a purpose not integral to delivering classes); (c) changing sharing or disclosure practices, including introducing cross-context behavioral advertising or adding new classes of third parties beyond service providers; (d) extending retention periodsin ways that increase exposure risk (for example, making class recordings available for longer than the current ~10-day window); (e) altering children’s privacy practices (for example, enabling student-to-student messaging where none existed); (f) beginning activities that constitute a “sale” or “share” under state law and therefore trigger opt-out rights and Global Privacy Control (GPC) processing; (g) modifying security or incident-notification practices in ways that materially affect risk; or (h) changing the controller identity or international transfer mechanisms due to a corporate transaction. These examples reflect our present design, in which students interact only with content and teachers during live sessions, class recordings are limited to ~10 days, and core operations run on Zoom, GoHighLevel, and if needed Firebase.
18.3 Timing of notice and effectiveness: For material changes, we will provide advance notice and make the change effective no sooner than 30 days after posting and notifying parents/guardians, unless a shorter period is required to comply with law or to address security, fraud, or platform integrity. Non-material updates such as clarifications, formatting, or administrative references become effective upon posting with the updated Effective Date.
18.4 Special process for children’s information: Where a change materially affects parental consents or children’s practices, we will provide direct notice to parents/guardians and, where required, obtain new verifiable parental consent (VPC) before applying the change to a child’s data. We will not apply such changes retroactively to previously collected children’s information without obtaining new parental consent, except where a legal requirement permits and necessitates immediate application. If updated consent is not provided, we will continue processing under the prior consent scope (or disable the affected feature for that child) and will offer options to delete the child’s information consistent with our retention policy.
18.5 State-law “notice at collection,” opt-outs, and GPC: If an update affects the categories of information collected, the purposes of collection/use, or whether an activity constitutes a sale or sharing under applicable state privacy laws, we will revise our Notice at Collection, refresh relevant opt out controls (including any “Do Not Sell or Share” links), and continue to honor Global Privacy Control (GPC) signals as required.
18.6 Emergencies and legal requirements: We may implement changes immediately when necessary to comply with law or regulatory guidance, to remediate security vulnerabilities, to mitigate fraud or abuse, or to respond to material platform/vendor changes that affect privacy or safety. Where immediate implementation is necessary, we will provide contemporaneous, or prompt follow up notice.
18.7 Acceptance and limits regarding minors: For adults, continued use of the Services after the Effective Date constitutes acceptance of the revised Policy. This acknowledgement does not replace the requirement for new parental consent where a change materially affects children’s data or privacy settings as described in Section 18.4.