Privacy Policy

Overview

This Privacy Policy explains how Illustration Academy (“we,” “us,” or “our”) collects, uses, shares, and protects information when you visit commonroute.click and related pages and features (the “Service”). It also describes your privacy choices and rights.

Information We Collect

We collect information to operate the Service, deliver course access, and improve learning experiences. The types of information depend on how you use the Service.

Information you provide

• Account details: email address, display name (if provided), and a password hash used for authentication.
• Course and support communications: messages you send to support, feedback, and preferences you share.
• Transactional details: purchase confirmations and subscription status. We do not store payment card numbers or CVV on our servers.

Information collected automatically

• Device and usage data: approximate location (derived from IP), browser type, pages viewed, referring/exit pages, and timestamps.
• Log and security signals: diagnostics used to prevent fraud, troubleshoot issues, and protect accounts.

Cookies

Cookies and similar storage technologies help us deliver core functionality and remember your choices.

• Essential preferences: theme selection and cookie consent are stored locally (for example, in your browser local storage).
• Session continuity: cookies may be used to keep you signed in and prevent unauthorized use.
• Control: you can manage cookies through your browser settings. Blocking some cookies may impact site functionality.

How We Use Data

• Provide course access, account management, and customer support.
• Process purchases and validate eligibility for paid content.
• Improve the Service using aggregated or de-identified insights (for example, which lessons are most helpful).
• Send operational messages (such as password resets, receipts, and important updates).
• Send marketing messages only if you opt in; you can unsubscribe at any time.
• Protect users and the Service by detecting abuse, enforcing policies, and maintaining security.

Legal Bases (GDPR)

Where GDPR applies, we process personal data under one or more legal bases, including: performance of a contract (providing your account and course access), legitimate interests (security and service improvement), consent (optional communications and certain cookies), and compliance with legal obligations (recordkeeping and tax requirements).

How We Share Information

We do not sell personal information. We may share information in the following limited circumstances:

• Service providers: trusted vendors that help us host, deliver email, provide customer support tools, and process payments (payment processors handle card data directly).
• Compliance and protection: to respond to lawful requests, enforce our terms, or protect rights, safety, and security.
• Business changes: if we are involved in a merger, acquisition, or asset sale, data may be transferred subject to appropriate safeguards.

Data Retention

We retain personal data only as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary depending on the type of data and the purpose for which it is collected.

Security

We implement administrative, technical, and organizational safeguards designed to protect personal data, including encryption in transit, access controls based on least privilege, and routine security reviews. No method of transmission or storage is 100% secure, but we work to continuously improve protections.

Your Rights and Choices

Depending on your location, you may have rights regarding your personal data, such as access, correction, deletion, portability, restriction, and objection to processing. You may also withdraw consent where processing is based on consent.

• Access or update: request a copy of your data or correct inaccuracies.
• Deletion: request deletion of your account data, subject to legal and operational exceptions.
• Opt out: unsubscribe from optional communications using the link in emails.
• Cookie control: manage cookie settings in your browser and use the cookie consent options offered on the Service.

CCPA/CPRA Notice (California)

If you are a California resident, you may have the right to know what personal information is collected, used, and disclosed; request deletion; and correct inaccurate information. We do not sell or share personal information as those terms are defined under the CPRA for cross-context behavioral advertising.

Children’s Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child has provided personal data, contact us so we can take appropriate action.

International Transfers

Your information may be processed in countries other than your own. Where required, we use appropriate safeguards for cross-border transfers, such as contractual protections.

Changes to This Policy

We may update this Privacy Policy to reflect changes in practices or for legal, operational, or regulatory reasons. The “Effective date” at the top indicates when this policy was last updated.

Contact

If you have questions or want to exercise your privacy rights, contact us at [email protected].