1. Introduction
Red Bag Productions (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy describes how we collect, process, and handle your personal data when you access or use any of our websites, premium membership platforms, eBook store, digital software products, and related services (collectively, the “Services”).
By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our Services immediately.
This policy applies to all visitors, registered users, premium members, customers, and affiliates who interact with our Services in any capacity.
This Privacy Policy should be read alongside our Terms of Service. Together, they form the complete agreement governing your use of Red Bag Productions Services.
2. Information We Collect
We collect different types of information depending on how you interact with our Services. This includes information you provide directly, information collected automatically, and information obtained from third-party sources.
2.1 Information You Provide Directly
When you register for an account, purchase a product, subscribe to a membership, or contact us, you may provide the following:
- Identity Data: Full name, username, date of birth, and profile photograph.
- Contact Data: Email address, postal address, telephone number, and social media handles.
- Account Data: Username, password (stored in encrypted form), account preferences, and security questions.
- Transaction Data: Details of purchases, subscriptions, payment method information, billing address, and transaction history.
- Communication Data: Records of correspondence with our support team, feedback forms, surveys, and reviews.
- Membership Data: Membership tier, subscription dates, renewal preferences, and membership benefit usage.
- Content Data: Any content you upload, post, or share through our Services including comments, forum posts, and user-generated content.
2.2 Information Collected Automatically
When you use our Services, we automatically collect certain technical and usage information:
- Device Data: IP address, browser type and version, operating system, device type, screen resolution, and unique device identifiers.
- Usage Data: Pages visited, time spent on pages, click patterns, navigation paths, download history, search queries, and referring URLs.
- Location Data: Approximate geographic location based on IP address.
- Cookie Data: Information stored through cookies, pixel tags, web beacons, and similar tracking technologies (see Section 8).
- Performance Data: Page load times, error logs, and service interaction data used to improve our platforms.
2.3 Information from Third Parties
We may receive personal information from third-party sources, including:
- Payment Processors: PayPal, Stripe, or other payment providers may share transaction confirmation data, billing details, and fraud prevention information.
- Analytics Providers: Google Analytics, Hotjar, or similar services provide aggregated and individual usage data.
- Social Platforms: If you register or log in using a social media account, we may receive your name, email address, and profile information from that platform.
- Affiliate Networks: Referral data from affiliate partners, including referring URLs and campaign identifiers.
3. How We Use Your Data
We process your personal data for specific, legitimate purposes. The table below outlines each purpose and its corresponding legal basis:
| Purpose | Legal Basis |
|---|---|
| To register and manage your account | Performance of contract |
| To process purchases, subscriptions, and payments | Performance of contract |
| To deliver digital products (eBooks, software, membership content) | Performance of contract |
| To manage and administer membership benefits and access levels | Performance of contract |
| To provide customer support and respond to enquiries | Legitimate interest |
| To send service-related communications (order confirmations, renewal notices) | Performance of contract |
| To send marketing communications (with your consent) | Consent |
| To personalise your experience and recommend content | Legitimate interest |
| To detect, prevent, and investigate fraud or unauthorised access | Legitimate interest |
| To analyse website performance and improve our Services | Legitimate interest |
| To manage software licensing, activation, and updates | Performance of contract |
| To comply with legal and regulatory obligations | Legal obligation |
| To administer our affiliate programme | Performance of contract / Legitimate interest |
4. Premium Membership Websites
When you subscribe to one of our premium membership websites, we collect and process additional data specific to managing your membership:
4.1 Membership Registration and Access
Upon registration, we collect your name, email address, chosen username, and password. This information is necessary to create your account, authenticate your identity, and grant access to members-only content and features according to your subscription tier.
4.2 Subscription and Billing Management
We store records of your membership tier, subscription start date, billing cycle, renewal dates, and payment history. If you pay via PayPal or another payment processor, we receive transaction confirmation details but do not store your full payment credentials on our servers.
4.3 Content Access and Progress Tracking
We track which membership content you access, your progress through courses or training materials, bookmarked items, and content preferences. This data allows us to provide a personalised experience, recommend relevant content, and ensure you can resume where you left off across devices.
4.4 Member Community Features
If our membership sites include community features such as forums, comments, or direct messaging, we collect and store the content you post. Your username and profile image may be visible to other members. You are responsible for the personal information you choose to disclose in community areas.
4.5 Membership Cancellation and Data
If you cancel your membership, we retain your account data and purchase history for the period specified in Section 10 (Data Retention). You may request deletion of your data at any time, subject to our legal obligations to retain certain records.
Auto-renewal billing data is processed through your chosen payment provider. To cancel auto-renewal, update your settings within your account dashboard or payment provider at least 48 hours before your renewal date.
5. eBook Store and Digital Publications
When you browse, purchase, or download eBooks and other digital publications from our store, we process data specific to these transactions:
5.1 Browsing and Purchase Data
We collect information about the eBooks you browse, add to your wishlist, place in your cart, and ultimately purchase. This data helps us recommend relevant titles, manage inventory, and improve our product catalogue.
5.2 Digital Delivery and Download Records
When you purchase an eBook, we record the transaction details, delivery method, download timestamps, and the number of times a file has been downloaded. This information is used to fulfil your order, provide re-download access through your account, and enforce our download limits where applicable.
5.3 Digital Rights Management (DRM)
Some eBooks may include digital rights management technology. In these cases, we may collect device identifiers and activation data to manage licensing and prevent unauthorised redistribution. This data is processed solely for the purpose of protecting intellectual property rights.
5.4 Reading Preferences and Recommendations
If you opt in to personalised recommendations, we analyse your purchase history and browsing behaviour to suggest relevant eBooks and publications. You can disable personalised recommendations at any time through your account settings.
5.5 Reviews and Ratings
If you leave a review or rating for an eBook, your username, rating, and review text will be publicly visible on our store. You may edit or delete your reviews at any time through your account dashboard.
6. Digital Products and Software
When you purchase, download, install, or use our digital software products, the following data practices apply:
6.1 Software Licensing and Activation
To validate your software licence, we collect your licence key, the device or machine identifiers on which the software is activated, activation date, and the number of active installations. This ensures compliance with our licensing terms and prevents unauthorised use.
6.2 Installation and System Data
During installation, our software may collect basic system information including operating system version, hardware specifications, installed software dependencies, and language/locale settings. This data is used to ensure compatibility, optimise performance, and provide appropriate technical support.
6.3 Software Updates and Telemetry
Our software may periodically connect to our servers to check for updates, patches, and security fixes. If you opt in to our product improvement programme, we may also collect anonymised usage telemetry including feature usage frequency, error and crash reports, performance metrics, and user workflow patterns. You may opt out of non-essential telemetry at any time through the software settings.
6.4 Cloud Features and Synchronisation
If our software includes cloud-based features such as file synchronisation, online storage, or collaborative tools, we process the data you choose to store or share through these features. This data is encrypted in transit and at rest and is accessible only to you and any collaborators you designate.
6.5 Deactivation and Uninstallation
When you deactivate or uninstall our software, we update your licence records accordingly. Deactivation frees the licence slot for use on another device. We retain purchase and licence records as outlined in Section 10 (Data Retention).
All telemetry data is anonymised and aggregated before analysis. We never collect personal files, documents, or content you create using our software unless you explicitly use a cloud feature that requires data processing.
7. Payment Processing
We use third-party payment processors to handle all financial transactions. We do not directly collect, store, or have access to your full credit card numbers or bank account details.
7.1 PayPal Transactions
When you pay via PayPal, your transaction is processed by PayPal (Europe) S.à r.l. et Cie, S.C.A. We receive a transaction ID, confirmation of payment, your PayPal email address, and billing name/address. We do not receive your PayPal password, bank details, or full card number. PayPal’s own privacy policy governs how they handle your financial data.
7.2 Other Payment Methods
If we offer alternative payment methods (such as Stripe, credit/debit card processing, or bank transfers), these are handled by the respective payment processor. We receive only the information necessary to confirm the transaction and fulfil your order. All payment processors we use are PCI DSS compliant.
7.3 Invoices and Financial Records
We generate and store invoices for all transactions. These records include your name, billing address, products purchased, amounts paid, and transaction dates. We are required to retain financial records for a minimum period as required by applicable tax and accounting laws.
7.4 Refunds and Chargebacks
In the event of a refund request or chargeback, we process your transaction data alongside any supporting correspondence to resolve the matter. This data may be shared with the relevant payment processor and, if necessary, our legal advisors.
8. Cookies and Tracking Technologies
Our websites and Services use cookies and similar tracking technologies to enhance your experience, analyse usage, and support our marketing efforts.
8.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Essential for website functionality, authentication, security, and shopping cart operation. These cannot be disabled. | Session / up to 1 year |
| Functional | Remember your preferences, language settings, login details, and personalisation choices. | Up to 1 year |
| Analytics | Help us understand how visitors use our websites, which pages are most popular, and how users navigate our Services. | Up to 2 years |
| Marketing | Used to deliver relevant advertisements, track campaign effectiveness, and limit how often you see an ad. | Up to 2 years |
| Affiliate Tracking | Track referrals from affiliate partners to attribute sales and commissions correctly. | Up to 90 days |
8.2 Managing Cookies
When you first visit our websites, you will be presented with a cookie consent banner allowing you to accept or reject non-essential cookies. You can change your cookie preferences at any time through our cookie settings panel or by adjusting your browser settings. Please note that disabling certain cookies may affect the functionality of our Services.
8.3 Do Not Track Signals
Some browsers offer a “Do Not Track” (DNT) setting. There is currently no universal standard for how companies should respond to DNT signals. We do not currently respond to DNT signals but will update this policy if a standard is adopted.
9. Third-Party Data Sharing
We do not sell your personal data to third parties. We may share your information with the following categories of recipients, solely for the purposes described in this policy:
9.1 Service Providers
We engage trusted third-party companies and individuals to perform services on our behalf, including web hosting, email delivery, payment processing, analytics, customer support tools, and cloud storage. These providers have access only to the data necessary to perform their functions and are contractually obligated to protect your information.
9.2 Payment Processors
As detailed in Section 7, payment data is shared with PayPal, Stripe, or other applicable payment processors to complete your transactions securely.
9.3 Analytics and Advertising Partners
We use analytics tools (such as Google Analytics) to understand how our Services are used. We may also work with advertising platforms to deliver targeted advertisements. Where required, this processing is based on your consent.
9.4 Affiliate Partners
If you arrive at our Services through an affiliate link, we share limited transaction data (such as the referring affiliate ID and order amount) with the affiliate network to attribute commissions. We do not share your personal contact details with affiliates.
9.5 Legal and Regulatory Disclosures
We may disclose your personal data if required to do so by law, in response to a valid legal request (such as a court order or subpoena), to protect our rights, property, or safety, or to investigate potential violations of our Terms of Service.
9.6 Business Transfers
In the event of a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have regarding your data.
10. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specific retention periods are as follows:
| Data Type | Retention Period |
|---|---|
| Account registration data | Duration of account plus 2 years after deletion |
| Membership subscription records | Duration of membership plus 3 years |
| Purchase and transaction history | 7 years (tax and accounting requirements) |
| eBook download records | Duration of account plus 2 years |
| Software licence records | Duration of licence plus 3 years |
| Customer support correspondence | 3 years from resolution |
| Cookie and analytics data | Up to 26 months |
| Marketing consent records | Duration of consent plus 3 years |
When data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you.
11. Your Rights
Depending on your location and applicable data protection laws (including the UK GDPR, EU GDPR, and CCPA), you may have the following rights regarding your personal data:
- Right of Access: You have the right to request a copy of the personal data we hold about you.
- Right to Rectification: You may request that we correct inaccurate or incomplete personal data.
- Right to Erasure: You may request deletion of your personal data, subject to our legal obligations to retain certain records.
- Right to Restrict Processing: You may request that we limit how we process your data in certain circumstances.
- Right to Data Portability: You may request a machine-readable copy of the data you provided to us.
- Right to Object: You may object to processing based on legitimate interests, including profiling and direct marketing.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
- Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority (e.g. the Information Commissioner’s Office in the UK).
To exercise any of these rights, please contact us using the details provided in Section 16. We will respond to your request within 30 days, or within the timeframe required by applicable law.
If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, the right to opt out of the sale of personal information (we do not sell your data), and the right to non-discrimination for exercising your privacy rights.
12. Children’s Privacy
Our Services are not directed at individuals under the age of 16 (or 13 in jurisdictions where this is the applicable minimum age). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate parental or guardian consent, we will take steps to delete that data promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately using the details in Section 16.
13. International Data Transfers
Red Bag Productions operates globally, and your personal data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.
When we transfer personal data internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission or UK Information Commissioner’s Office.
- Transfers to countries with an adequacy decision from the European Commission or UK Secretary of State.
- Binding Corporate Rules or other legally recognised transfer mechanisms.
- Your explicit consent where no other mechanism is available.
You may request further details about the safeguards we use for international transfers by contacting us.
14. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
- Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL (HTTPS). Sensitive data at rest is encrypted using industry-standard algorithms.
- Access Controls: Access to personal data is restricted to authorised personnel who require it for their role, using role-based access controls and multi-factor authentication.
- Infrastructure Security: Our servers and hosting environments are protected by firewalls, intrusion detection systems, and regular security audits.
- Password Security: User passwords are stored using strong, one-way cryptographic hashing. We never store passwords in plain text.
- Monitoring: We continuously monitor our systems for vulnerabilities and suspicious activity.
- Incident Response: We maintain an incident response plan and will notify affected users and relevant authorities of any data breach within the timeframes required by applicable law.
While we take every reasonable precaution, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the highest standard.
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, our Services, or applicable laws. When we make material changes, we will:
- Update the “Last Updated” date at the top of this page.
- Post a prominent notice on our websites.
- Notify registered users and members via email where the changes materially affect how we process their personal data.
We encourage you to review this policy periodically. Your continued use of our Services after any changes constitutes acceptance of the updated policy.
16. Contact Us
If you have any questions, concerns, or requests regarding these terms of service please contact us:
Red Bag Productions
General Support: https://www.redbagproductions.com/support/