2nd Breath CPR

Legal

Privacy Policy

Last updated: May 21, 2026

Who we are

2nd Breath CPR LLC (a Florida limited liability company) is a CPR, AED, and First Aid training provider operating in the Tampa Bay area of Florida. We collect personal information only to deliver our training services, schedule classes, respond to inquiries, and meet legal and financial record-keeping requirements.

This policy explains what we collect, how we use it, who we share it with, and how to reach us with questions.

What we collect

We collect only what we need to do our job:

  • Information you provide directly: name, email address, phone number, organization (if applicable), preferred class language, preferred dates and times, and any notes you choose to include
  • Payment information: handled directly by our payment processor (Stripe). We never see or store your credit card number on our servers
  • Class records: registration history, attendance, certification status, and the certification card you receive
  • Communications: emails, voicemails, and any documents you choose to send us
  • Basic technical information: aggregate web traffic measurements via privacy-friendly analytics (no advertising trackers, no personal identifiers)

How we use your information

We use the information we collect to:

  • Schedule, confirm, and deliver your class
  • Send transactional emails (confirmations, receipts, certification card links, cancellation notices)
  • Process your payments via Stripe
  • Comply with Florida and federal record-keeping requirements (tax, training-provider documentation)
  • Respond to questions, complaints, or feedback you send us
  • Improve our scheduling, class operations, and curriculum

We do not sell, rent, or trade your personal information. We do not use your data for advertising, profiling, or any purpose unrelated to delivering our training services.

Who we share information with

We share information only with the third-party service providers who help us run our operations:

  • Stripe: payment processing (PCI-compliant)
  • Resend: transactional email delivery
  • Supabase: secure database hosting
  • Cloudflare: website security, spam protection, and content delivery
  • Netlify: website hosting and form handling
  • Plausible: privacy-friendly website analytics (no cookies, no personal identifiers)

Each of these providers is bound by their own privacy commitments. We share only the minimum information required for each provider's specific function.

We may also disclose information if required by law, court order, or to protect the rights or safety of our students, instructors, or business.

How long we keep your information

  • Student registration records: 18 months (longer if a class was completed, for tax and regulatory record-keeping)
  • Payment records: 7 years (IRS standard for financial records)
  • Email logs: 90 days (deliverability debugging)
  • Failed or expired inquiries with no payment: 90 days
  • Internal audit logs: 2 years

When retention periods end, we delete or anonymize records.

Cookies and analytics

We use Plausible analytics, which does not use cookies or collect personal identifiers. We do not run advertising trackers and we do not share data with ad networks.

Forms on this site may use Cloudflare Turnstile to prevent automated abuse. Turnstile collects a small amount of session data solely for that purpose and does not track you across sites.

Your rights

You may request, at any time:

  • Access: a copy of the information we hold about you
  • Correction: updates to any inaccurate information
  • Deletion: removal of your records (except where we're required to retain them for legal or tax purposes)
  • Portability: your data in a common, portable format
  • Opt-out: removal from any marketing or non-transactional emails

Email info@2ndBreathCPR.com with your request. We'll reply within 30 days.

How we protect your information

We protect your information with industry-standard security measures:

  • Encrypted connections (HTTPS) on all of our web pages and forms
  • Encrypted storage at rest in our database
  • Multi-factor authentication on administrative access
  • Daily automated backups
  • Documented breach response process aligned with Florida's Information Protection Act of 2014 (Florida Statute §501.171)

If a security incident occurs that affects your data, we will notify you within the timeframes required by Florida law.

Children's privacy

Our services are intended for participants aged 12 and older. For students under 18, we require a parent or guardian to sign our liability waiver before participation.

We do not knowingly collect personal information from children under 13 outside of a guardian-signed class registration. If you believe we have collected information from a child under 13 inadvertently, please contact us and we will delete it promptly.

Changes to this policy

We may update this policy from time to time. The "last updated" date at the top reflects the most recent revision. Material changes affecting current students will be communicated by email before the change takes effect.

Contact us

Questions about this policy or your data: