Privacy Policy
Effective date: 15 October 2025
Who we are
Reflections by Dave (“we”, “us”, “our”) provides photography courses, photo tours, prints, and photography services.
Website: https://reflectionsbydave.com
Contact: dave.hibbins@outlook.com
What data we collect and why
We collect only what we need to run our business and serve you.
You provide this to us:
- Account & checkout: name, email, billing/shipping details, phone (optional) — to create your account, process orders, deliver prints, and support your purchases.
- Courses: enrollment details, lesson progress, quiz results — to deliver the course and track your learning.
- Tours & services: preferred dates, group size, location, brief — to plan and confirm your booking.
- Contact forms/comments: the info you submit and your message — to reply and prevent spam.
We collect automatically:
- Technical data: IP address, device/browser info, pages viewed, approximate location — for security, performance, and analytics.
- Cookies: to keep you logged in, remember preferences, and help the site work. See “Cookies” below.
Payments: We use third-party processors (e.g., Stripe/PayPal). We don’t store full card numbers; processors handle them securely.
Comments & Gravatar
When you leave a comment, we collect the data shown in the form, plus IP and user-agent to fight spam. An anonymized string (hash) of your email may be sent to Gravatar to see if you use it. After approval, your profile image may be visible next to your comment. See Gravatar’s policy: https://automattic.com/privacy/
Media uploads
If you upload images, avoid including embedded location data (EXIF GPS). Visitors could download and extract that data.
Cookies
We use essential cookies for login, cart, and preferences; and (with consent where required) analytics/marketing cookies.
WordPress/WooCommerce/Tutor basics (typical durations):
- Commenter convenience cookies: 1 year
- Login cookies: 2 days (or 2 weeks if “Remember Me”); screen options: 1 year
- Post-editor cookie (when you edit/publish): 1 day
- Cart/session cookies: as needed to keep your cart and checkout working
You can control cookies in your browser settings. Blocking some cookies may break site features.
Embedded content
Articles may include embedded content (e.g., videos, posts). Embedded content from other sites behaves just as if you visited those sites and may collect data per their policies.
Analytics & service providers
We work with trusted vendors to operate our site and business. These may include:
- Hosting & security
- Payment processors
- Email service provider / newsletter
- Learning management & ecommerce tools
- Analytics and performance tools
They process data on our behalf under contracts that protect your information.
Who we share your data with
We share data only with:
- Our service providers listed above (to operate the site)
- Spam/abuse prevention services for comments/forms
- Law enforcement or regulators if required by law
- Successors in the event of a business transfer (with equivalent protections)
If you request a password reset, your IP may be included in the reset email.
How long we keep data
- Comments: indefinitely (to recognize follow-ups automatically)
- Accounts & course records: while your account is active or until you request deletion
- Orders: at least 7 years for tax/accounting/legal requirements
- Contact form messages: typically 12 months for support history
- Server logs: typically 90 days for security and troubleshooting
Your rights
Depending on your location, you may have the right to:
- Access a copy of your personal data
- Request correction or deletion
- Object to or restrict certain processing
- Request data portability
- Withdraw consent (where processing is based on consent)
To exercise rights, email hello@reflectionsbydave.com. We may need to verify your identity.
International transfers
Our servers and some providers may be located in other countries. When we transfer data, we use appropriate safeguards (such as data-processing agreements and standard contractual clauses) to protect your information.
Children’s privacy
Our services aren’t directed to children under 13 (or under 16 in some regions). We don’t knowingly collect data from children. If you believe a child has provided data, contact us to delete it.
Changes to this policy
We’ll update this page if our practices change. If changes are significant, we’ll notify you by email or site notice.
How to contact us
Questions about privacy? Email dave.hibbins@outlook.com