SHIELDWALL TACTICAL PROTECTION ACADEMY
Your Success Is Our Mission.
STPA Privacy Policy | Training, Consulting & Services

Shieldwall Tactical Protection Academy (STPA) — Privacy Policy

Effective date: January 18, 2025

Who we are: Shieldwall Tactical Protection Academy (“STPA,” “we,” “us,” “our”) provides professional training, consulting, and related services for individuals and organizations.

  • We do not sell personal information.
  • We do not share personal information for cross-context behavioral advertising.
  • Payments are processed primarily by Wave; STPA does not store full card numbers.
  • For firearms training, range/qualification scorecards are the official records; student certificates do not show scores.

1) Overview & Scope

1.1 Purpose of this Policy

This Policy explains what we collect, why we collect it, how we use and share it, how long we keep it, and the choices and rights you may have.

1.2 Services Covered

  • Training (unarmed/armed security, defensive/specialty, NRA programs)
  • Consulting and agency/contract services
  • Licensing assistance (e.g., support for regulatory filings)
  • Scheduling/booking, support, and communications

1.3 Out of Scope

Third-party websites, apps, or platforms we link to or embed are governed by their own policies.

1.4 Acceptance

By using the Site (shieldwalltpa.com) or our services (in-person or live online), you acknowledge this Policy and any updates posted here.

2) Information We Collect

We collect information (a) directly from you, (b) from your employer/agency when applicable, and (c) automatically via the Site.

2.1 You Provide Directly

  • Identifiers & contact: name, email, phone, city/state, employer/agency, role/title.
  • Enrollment & training: course selections, attendance, completion status, certificates issued, and—for firearms modules—range/qualification scorecards (official records).
  • Licensing support: information needed to prepare or support filings (e.g., Alabama Security Regulatory Board), such as copies of government-issued IDs, DD-214 (for prior military), passport-style photos, fingerprint cards (FD-258 or similar), county pistol permit (for armed officers), and mailing information you provide.
  • Communications: messages via forms or email; scheduling requests; feedback/surveys.
  • Payments & billing: transaction metadata (invoice number/amount, method used), refund requests, reconciliation notes (we do not store full card data).

2.2 From Your Employer/Agency (if sponsored)

Name, contact details, required courses/modules, billing instructions, attendance confirmation, and completion reporting needs.

2.3 Collected Automatically (Site/Online)

  • Usage data: pages viewed, time on page, referring URLs, approximate location (from IP), browser/device details.
  • Cookies/analytics: via GA4 or similar (see Section 8).
  • Online meeting metadata (remote classes): meeting attendance/duration; recordings are not routine and, if used (e.g., quality assurance), are announced in advance and restricted to staff.

2.4 Sensitive or Special Categories We May Process

  • Government ID numbers (as present on images you provide for licensing packets).
  • Firearms qualification scores (internal official records; certificates exclude score).
  • Signatures on rosters/required forms.

We do not collect biometric templates or full medical records.

2.5 Children

Our Site/services are not directed to children under 16. We do not knowingly enroll minors.

3) How We Use Information

3.1 Service Delivery

Enrollment and roster management; training delivery (in-person and live online); issuing certificates; documenting required qualifications; providing licensing packet support at your request.

3.2 Compliance & Recordkeeping

Maintaining records necessary to demonstrate training and qualification history (e.g., firearms qualification scorecards as official records) and to support regulatory filings or audits.

3.3 Payments & Billing

Invoicing, accepting payments via approved methods, handling chargebacks or refunds (per published policy), and financial reconciliation.

3.4 Communications

Confirmation emails, reminders, itinerary updates, last-minute changes, support responses, and essential service notices. Limited marketing communications where permitted; you can opt out (Section 9).

3.5 Safety, Security & Integrity

Fraud prevention, abuse detection, access controls, and auditing.

3.6 Improvement & Analytics

Understanding which pages and services are most helpful and improving functionality, accessibility, and content.

3.7 Legal Obligations & Rights

Responding to lawful requests and enforcing agreements.

5) How We Share Information

We do not sell personal information and we do not share it for cross-context behavioral advertising. We disclose only as needed.

5.1 Service Providers (Processors) & Roles

  • Wave Financial — payment processing, invoicing, refunds (no full card storage by STPA).
  • Microsoft 365 — email (Outlook), document storage/processing (SharePoint), remote delivery (Teams).
  • Google Forms/Workspace — intake forms and secure collection of enrollment/licensing details you submit.
  • Google Calendar (optional embed) — public class calendar and event information.
  • Analytics (GA4) — aggregated site analytics and performance insights.
  • SMS/voice (if used; e.g., Twilio) — time-sensitive notifications and reminders.

5.1.1 Training Records Shared with Sponsors & Regulators

When training is sponsored by an employer/agency, we share attendance and completion information with that sponsor. We will also make training records available to the appropriate regulatory agencies (e.g., Alabama Security Regulatory Board; Tennessee Private Protective Services) upon request or during an audit, consistent with applicable rules and law. :contentReference[oaicite:0]{index=0}

5.2 Regulators/Licensing Bodies

At your request, when supporting filings (e.g., ASRB), we may include documents and data you provided. :contentReference[oaicite:1]{index=1}

5.3 Employers/Agencies

If your training is sponsored, we may provide attendance/completion reports and necessary billing information.

5.4 Legal, Safety & Transfers

We may disclose information to comply with law or protect rights/safety; and during organizational changes consistent with this Policy.

6) Payments

Primary processor: Wave. We receive transaction confirmations and limited metadata. Alternative methods: CashApp, Venmo, Zelle, PayPal, or cash may be accepted; we record only what’s necessary for reconciliation and compliance—never your full credentials. Security: payment pages are served over HTTPS; card data entered into third-party payment forms is handled by the processor.

7) Data Retention

We retain personal information for as long as needed to provide services, satisfy legal/regulatory requirements, resolve disputes, and enforce agreements. Retention varies by category and context.

  • Training & completion records (non-firearms): retained to document training history for you/your employer and to support verification needs.
  • Firearms qualification scorecards: retained as official records consistent with applicable rules and audit requirements.
  • Licensing support packets: retained for a reasonable period to support follow-up, resubmission, or audits.
  • Payment records: retained for accounting, tax, and reconciliation.

We periodically review data and either delete, de-identify, or archive when no longer needed.

7.1 Legally Required Training-Record Retention by State

  • Alabama (ASRB): Certified Trainers must retain training records for three (3) years, permit inspection/photocopying, and deliver records requested in writing within five (5) business days. :contentReference[oaicite:2]{index=2}
  • Tennessee (PPS): Certified Trainers must maintain training records for at least three (3) years after the student’s completion and make them available to the Commissioner upon request. :contentReference[oaicite:3]{index=3}

8) Cookies & Analytics

What we use: Google Analytics 4 (GA4) for aggregated usage analytics (e.g., page views, session duration, referrers). Controls: You can manage cookies via browser settings; certain features may be limited if disabled. Do Not Track: We do not currently respond to DNT signals. Advertising: We do not sell or share data for targeted advertising.

9) Communications Preferences

Operational messages: enrollment confirmations, schedule changes, venue details, safety notices—these are required for service delivery. Marketing/updates: sent only where permitted; you can opt out via provided links or by contacting us.

How to manage: use unsubscribe links (if present) or email legal@shieldwalltpa.com to adjust preferences.

10) Your Privacy Rights

Your rights vary by jurisdiction. Subject to verification and lawful exceptions, you may have the right to access, correct, delete, restrict/object, and receive a copy of certain information (portability).

10.1 How to Submit a Request

Email legal@shieldwalltpa.com or compliance@shieldwalltpa.com with your name, contact info, the right you wish to exercise, and details to help us locate your records.

10.2 Identity Verification

We may request reasonable information (and, where warranted, documentation) to verify your identity and protect your data.

10.3 Authorized Agents

Where permitted (e.g., CA), you may designate an agent. We may require proof of authorization and additional verification.

10.4 Appeals (where required)

If we decline your request (e.g., legal exceptions), you may have the right to appeal. Appeal instructions will be provided in our response (applicable in states like Virginia).

10.5 Non-Discrimination

We will not discriminate against you for exercising privacy rights.

10.6 EEA/UK Notes

If GDPR/UK GDPR applies, you may also complain to your local supervisory authority. Primary processing occurs in the United States; when transferring internationally, we use appropriate safeguards.

11) Security

Safeguards: encryption in transit, role-based access controls, least-privilege policies, MFA on administrative systems, and periodic reviews.

Microsoft enterprise-grade security: For data processed/stored in Microsoft services, we rely on Microsoft 365 enterprise-level security controls including encryption in transit and at rest, Conditional Access, and audit logging, in addition to our own operational safeguards.

Third-party assurance: we assess key vendors and use reputable, industry-standard services.

Limitations: no method is 100% secure; we cannot guarantee absolute security.

Incident response: if legally required, we will notify you and/or regulators of certain incidents.

12) International Transfers

STPA is based in the United States. If we transfer personal information internationally, we use appropriate safeguards as required by applicable law.

13) Third-Party Sites & Integrations

The Site may link to or embed third-party content (e.g., calendar, video, social). Your interactions are governed by those parties’ policies, not this one.

14) Children’s Privacy

Our Site and services are not intended for children under 16. If you believe a child has provided personal information, contact compliance@shieldwalltpa.com so we can take appropriate action.

15) Changes to This Policy

We may update this Policy periodically. Updates will appear here with a new “Effective date.” Material changes will be highlighted for a reasonable period.

16) Contact Us

Questions or requests regarding this Policy or your personal information:

References (State Codes & Rules)

  • Alabama Administrative Code r. 832-X-1-.08 — Training (trainer record retention; inspection & delivery timelines). :contentReference[oaicite:4]{index=4}
  • Tennessee Rules — Private Protective Services: 0780-05-02-.12 — Training Records (3-year retention; availability to Commissioner). :contentReference[oaicite:5]{index=5}
  • Tennessee PPS program page & statutory authority (Title 62, Chapter 35). :contentReference[oaicite:6]{index=6}
  • ASRB Rules, Regulations & Law (Board source). :contentReference[oaicite:7]{index=7}