Privacy Policy

Last updated: May 12, 2026

1. Who We Are

"Bold and Centered" ("B&C," "we," "our," "us") provides online programs, community, coaching, and events through boldandcentered.ca, a mobile-friendly web app, and private member spaces powered by GoHighLevel. GoHighLevel is certified under the EU Data Privacy Framework and acts as a data processor.

2. What Information We Collect

Account Data

Name, email, phone number, profile photo, tiered-membership level. Legal basis: Contractual necessity.

Billing Data

Last-4 card digits, Stripe customer ID, VAT/HST numbers. Stripe processes payments as PCI-DSS Level 1 — raw card data is never stored by us.

Usage & Device Data

IP address, browser type, pages visited, in-app actions. Legal basis: Legitimate interest.

Marketing & Cookie Data

Google Analytics 4 first-party cookies, Meta Pixel events. Legal basis: Consent (cookie banner).

3. How We Use Your Information

Deliver services — authenticate logins, display content, maintain community forums.
Process payments & subscriptions with Stripe Checkout (tokenized card data).
Email or SMS for service messages, notifications, or newsletters/promotions when opted-in.
Improve the platform through aggregated analytics reports (no PII sent to Google).

4. Cookies, Analytics & Tracking

A cookie consent banner is displayed on the site. Google Analytics 4 operates as a data processor — IPs are truncated and no PII is sent. Meta Pixel fires only after user consent.

5. Sharing & International Transfers

We never sell data. We share only with Stripe, GoHighLevel/LeadConnector, and Google LLC (Analytics) for the purpose of operating our services. Both GoHighLevel and Stripe participate in the EU-U.S. Data Privacy Framework.

SMS Consent & Mobile Data Sharing

When you opt-in to receive SMS communications from us (such as through our website forms powered by GoHighLevel), we collect your phone number to send service updates, event reminders, or promotional messages.

Message frequency may vary.
Message & data rates may apply.
Reply STOP at any time to opt-out of further messaging.
Reply HELP for more information or assistance.

No mobile information will be shared with third parties/affiliates for marketing or promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

6. Security

All traffic is forced over HTTPS/TLS 1.2+. Stripe encrypts data in transit and at rest and undergoes annual SOC 2 & PCI audits.

7. Your Rights

Canada (PIPEDA)

Access, correction, deletion, challenge compliance. Email [email protected]

EU/EEA (GDPR)

Access, erasure, data portability, restriction, objection. Same email; complaints to your local DPA.

California & US States

Right to know, delete, opt-out of sale. We do not sell personal data.

8. Retention

Billing records are kept for 7 years (tax law). Inactive community accounts are deleted after 24 months.

9. Contact

Email: [email protected]

10. Changes to This Policy

Updates will be posted here and members emailed for material changes. Continued use after notification equals acceptance of the revised policy.