Privacy Policy

Last Updated: October 28, 2025

Please read this Privacy Policy carefully before using this Website.

The website and its content are owned by Hope for Dystonia Inc., doing business as ShmuelBY (“Company”, “we”, “us”). The term “you” refers to the user or viewer of www.shmuelby.com (the “Website”).

This Privacy Policy explains how we collect, use, process, and share information, including Personal Data (defined below), when you visit the Website, purchase or access our courses, coaching, community areas, or attend live sessions and events delivered by us (collectively, the “Services”). Use of our Services is also governed by our Terms & Conditions.

By using the Website or Services, you consent to this Privacy Policy.

1) What We Collect

We collect the minimum data necessary to deliver the Services:

Identification & Contact

Name, email address, phone number (optional), location (city/country you provide)
Account credentials (username/password) for member areas

Transaction & Support

Billing details (name, address), limited payment metadata (handled by processors), purchase history, refund/chargeback info
Customer support communications, survey responses

Program Participation

Session registration info, attendance, chat messages, Q&A inputs, community posts
Recordings of live sessions (audio/video/screenshare) and derived metadata (time stamps, clips, transcripts if enabled)

Technical & Analytics

IP address, device/type, browser, operating system, pages viewed, timestamps, referral URLs, approximate location, cookies, pixels, and similar technologies

Marketing Preferences

Newsletter opt-ins/opt-outs, email engagement (opens/clicks), ad audiences/lookalikes (if permitted)

Sensitive data: We do not intentionally collect health, medical, or other special category data. Please do not submit such data. Our Services are not medical or mental health services.

2) Sources of Data

Directly from you (forms, checkout, session participation, emails, community)
Automatically via cookies/pixels/SDKs and standard web logs
From third-party processors used to deliver the Services (e.g., payment, course hosting, video, email)

3) How We Use Data (Purposes + Legal Bases)

We process Personal Data for:

Service Delivery & Account Management

Provide access to courses, replays, and member areas; authenticate users; process payments; provide customer support.

Legal bases: Contract; Legitimate Interests.

Session Recording & Educational Access

Record live individual and group sessions for quality and to make replays available to enrolled participants within the relevant course/program area.

Legal bases: Legitimate Interests; Contract; Consent where required.

Marketing & Communications

Send program notices, service updates, newsletters (if opted in), and information about offerings. You can unsubscribe from marketing anytime (transactional emails may still be necessary).

Legal bases: Consent; Legitimate Interests.

Marketing Clips with Anonymization

We may create short clips from recorded sessions for marketing or educational promotion. By default, we blur faces and/or distort voices or otherwise anonymize identifying information unless you give express written permission to use your likeness unedited. You may opt out of marketing use at any time (see §9).

Legal bases: Legitimate Interests; Consent where required.

Community, Safety, and Enforcement

Moderate forums, prevent abuse, detect fraud, enforce Terms, protect rights and safety.

Legal bases: Legitimate Interests; Legal Obligations.

Analytics & Site Improvement

Understand usage, improve features, debug, and develop new offerings.

Legal bases: Legitimate Interests; Consent where required.

No AI Training: We do not use your content or recordings to train AI models, and we prohibit scraping or using our content for AI training without our prior written permission.

4) Cookies, Pixels, and Similar Technologies

We use cookies and similar tools to operate the site, remember preferences, secure accounts, perform analytics, and (if enabled) support advertising/retargeting. You can control cookies via your browser settings. Disabling some cookies may impact functionality.

We currently do not respond to browser Do Not Track (DNT) signals.

5) When We Share Data

We do not sell, rent, or trade your Personal Data.

We share limited data with trusted processors solely to deliver the Services, including (examples, subject to change):

Course & video: Kajabi (or similar), Zoom/meeting platforms, video hosting/editing tools
Payments: Stripe/PayPal (we do not store full card numbers)
Email & CRM: Mailchimp/ConvertKit/HubSpot (or similar)
Analytics/ads: Google Analytics, Meta/Google ads and lookalikes (where permitted)
Security/ops: Cloud hosting, backup, logging, content moderation

We may also disclose data:

To comply with law, subpoenas, or lawful process
To protect rights, safety, and security of users and the Service
In a business transaction (e.g., merger or asset transfer), subject to continuity of protections

Community visibility: Anything you post in public or member forums (including your name/profile) may be seen by others. Do not share content you consider private.

6) International Transfers

We operate with providers that may store/process data in the United States, Israel, and other jurisdictions. By using the Services, you consent to cross-border transfers that may have different data protection laws than your home jurisdiction. Where required, we implement appropriate safeguards.

7) Data Retention

We retain Personal Data only as long as necessary for the purposes stated here or as required by law.

Typical periods (subject to operational needs):

Payment and account records: as required by tax/accounting laws
Raw session recordings: generally 24–36 months
Edited course replays: while the program/course remains active and reasonably available to participants
Published marketing clips: remain published; opt-out applies prospectively (see §9)

When data is no longer needed, we delete or anonymize it.

8) Security

We implement reasonable technical and organizational measures appropriate to the risk (encryption in transit, access controls, least-privilege practices). No system is 100% secure. If we become aware of a data breach affecting you, we will notify you consistent with applicable law.

9) Your Choices: Opt-Outs & Permissions

Emails: Unsubscribe from marketing anytime via footer link. Transactional emails may still be sent to deliver Services.

Marketing Clips: You may opt out of marketing use of your session content at any time by emailing hello@shmuelby.com. Opt-out is prospective and does not require removal of materials already published or distributed prior to reasonable processing of your request.

Recording Presence: You may keep your camera off, modify your display name, or avoid sharing sensitive details during recorded sessions. (Note: group sessions are recorded for enrolled educational access.)

10) Your Rights

Depending on your location (e.g., EU/UK GDPR, California CCPA/CPRA, and similar laws), you may have rights to:

Access and receive a copy of Personal Data we hold about you
Correct inaccurate data
Delete data (subject to legal/contractual limits)
Restrict or object to certain processing
Data portability
Withdraw consent where processing is based on consent
Not receive discriminatory treatment for exercising rights
Lodge a complaint with a supervisory authority

Submit requests to hello@shmuelby.com. We may verify your identity and, where permitted, charge a reasonable fee for repetitive/excessive requests.

11) Children

Our Services are for adults 18+. We do not knowingly collect Personal Data from children under 18. If you believe a child has provided Personal Data, contact hello@shmuelby.com and we will delete it.

12) Third-Party Websites

We may link to third-party sites. We are not responsible for their content or privacy practices. Review their privacy policies before providing data.

13) Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and/or a prominent notice on the Website. Your continued use of the Services after changes means you accept the updated Policy.

14) GDPR / UK GDPR Supplement (for EU & UK Residents)

Definitions. “Personal Data,” “processing,” “controller,” “processor,” and “data subject” have the meanings given in Regulation (EU) 2016/679 (the “GDPR”) and the UK GDPR.

Controller. Hope for Dystonia Inc. (d/b/a ShmuelBY) is the controller of your Personal Data processed through our Services.

Representative. For EU data subjects, you may contact our data controller at hello@shmuelby.com (or designate a trusted contact; we can list a DPO service if you want).

Lawful Bases.

We rely on one or more of the following lawful bases:

Contract: to provide purchased Services and process payments.
Consent: for marketing emails and optional participation in recorded programs.
Legitimate Interests: to operate, improve, and secure the Services (balanced against your rights).
Legal Obligation: to comply with applicable law.

Transfers. Your Personal Data may be transferred outside the EEA/UK, including to the U.S. and Israel, where data protection standards may differ. We use appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent under Art. 46 GDPR.

Your Rights. In addition to the rights described above, EU/UK data subjects have rights under Articles 12–23 GDPR, including to lodge a complaint with their local supervisory authority. Our primary EU authority is likely the Irish Data Protection Commission.

Automated Decisions. We do not engage in automated decision-making that produces legal or similarly significant effects.

15) Data Controller & Contact

Hope for Dystonia Inc. (d/b/a ShmuelBY) is the data controller for processing described in this Policy.

Contact: hello@shmuelby.com