Privacy Policy

Last updated: June 30, 2026 — KelbyOne, LLC

This Privacy Policy explains how KelbyOne, LLC and its affiliated brands collect, use, disclose, and protect personal information, and the choices and rights you have. It applies to KelbyOne.com, members.KelbyOne.com, and the other websites, apps, online services, communities, newsletters, and events we operate that link to this Policy (together, the “Services”).

Plain-language summary

We are an online photography and creative-education membership company based in Florida. We collect the information you give us (such as account, billing, and profile details), information we collect automatically (such as device, usage, and the courses you watch), and information from partners (such as payment processors and analytics providers). We use it to deliver and improve our Services, process payments, communicate with you, and market responsibly. We do not sell your personal information for money. We may “share” certain online identifiers for digital advertising as those terms are defined under some state laws and you can opt out at any time, including through a browser-based Global Privacy Control signal. Depending on where you live, you may have rights to access, correct, delete, and port your information, and to opt out of certain processing.

Contents
  1. Scope & who we are
  2. Information we collect
  3. Sensitive information
  4. Cookies & tracking technologies
  5. How we use information
  6. How we disclose information
  7. Advertising, “sale,” & “sharing”
  8. Video viewing information
  9. Your privacy choices & rights
  10. California privacy notice
  11. International users (GDPR & UK GDPR)
  12. Data retention
  13. Data security
  14. Breach notification
  15. Children’s privacy
  16. Third-party links & services
  17. Email communications
  18. Changes to this Policy
  19. How to contact us

1. Scope & who we are

This Policy is provided on behalf of KelbyOne, LLC and its family of brands and properties (collectively, “KelbyOne,” “we,” “us,” or “our”), including Photoshop World, the WorldWide Photo Walk®, KelbyOneLive and The Grid. For purposes of applicable data protection laws, KelbyOne is the controller of the personal information described here. KelbyOne is a limited liability company organized under the laws of the State of Florida.

Separate entity — events. Conferences and live events (such as Photoshop World, Conference, Workshops, Seminars and Summits) are produced and sold by a separate legal entity, KelbyOne Events LLC, under separate event-specific purchase terms and, where applicable, a separate privacy notice provided at the point of registration. To the extent KelbyOne Events LLC processes personal information that is shared with KelbyOne, LLC for membership servicing or marketing consistent with your choices, that processing is governed by this Policy.

“Personal information” (also called “personal data”) means information that identifies, relates to, describes, or could reasonably be linked with a particular individual or household. It does not include de-identified, aggregated, or publicly available information as defined under applicable law.

By using the Services, you acknowledge the practices described in this Policy. Where required by law, we rely on your consent or another lawful basis as described in Section 11. If you do not agree with this Policy, please do not use the Services.

2. Information we collect

We collect personal information in three ways: information you provide to us, information we collect automatically, and information we receive from other sources.

a. Information you provide

  • Account & profile information — name, email address, username and password, profile photo, biography, and preferences.
  • Membership & transaction information — billing name and address, subscription plan, order history, and the payment-card or account information you submit to purchase a membership, product, or event. Payment-card numbers are collected and processed by our third-party payment processors; we do not store full card numbers on our systems.
  • Community & content — comments, forum and webcast participation, photos and other content you submit, reviews, contest and giveaway entries, and survey responses.
  • Events & conferences — registration details and any information you provide for in-person or virtual events, workshops, and photo walks. (See Section 1 regarding KelbyOne Events LLC.)
  • Communications — the contents of messages you send us (support requests, emails, calls), and information about other people you choose to give us, such as a gift-membership recipient or a referral.
  • Marketing preferences — newsletter and email-list subscriptions and your communication choices.

b. Information we collect automatically

When you visit or use the Services, we and our service providers automatically collect:

  • Device & connection data — IP address, device and browser type, operating system, language settings, and mobile or device identifiers.
  • Usage data — pages and screens viewed, links clicked, search terms, referring/exit pages, dates and times of access, and other interactions with the Services.
  • Course & video activity — the courses and videos you access, viewing progress, and completion (see Section 8).
  • Cookies & similar technologies — data collected through cookies, pixels, web beacons, tags, and similar technologies, including for analytics and advertising (see Section 4).
  • Approximate location — general location inferred from your IP address. We do not collect precise geolocation without your consent.

c. Information from other sources

We may receive personal information about you from: payment processors and billing partners; analytics and advertising providers; social-media platforms when you interact with us or log in through them; marketing and email-service partners; event and sponsorship partners; review platforms; and publicly available sources. We combine this with information we already hold to operate, secure, and improve the Services.

3. Sensitive information

We do not seek to collect “sensitive” personal information (such as government identifiers, precise geolocation, racial or ethnic origin, religious beliefs, health information, sexual orientation, or biometric or genetic data) in the ordinary course of providing the Services. Where any element of the limited account or payment information we collect is treated as sensitive under a particular law, we use it only for the purposes permitted by that law — generally, to provide the membership, product, or service you requested — and, where the law requires consent before processing or selling sensitive data, we will obtain it. We do not sell sensitive personal information or biometric information.

Where applicable law (including the California Privacy Rights Act, Cal. Civ. Code § 1798.121) gives you a right to limit the use and disclosure of sensitive personal information, you may exercise that right as described in Section 9. We use sensitive personal information only for the limited purposes permitted without that right (such as providing the Services you requested, security, and fraud prevention).

4. Cookies & tracking technologies

We use cookies and similar technologies to keep you signed in, remember preferences, measure and analyze how the Services are used, and support marketing. Categories include:

  • Strictly necessary — required to operate the Services, sign you in, and secure your account.
  • Functional — remember settings and personalize your experience.
  • Analytics & performance — help us understand traffic and improve the Services (for example, through Google Analytics).
  • Advertising — help us and our partners deliver and measure relevant advertising, including across other sites and services.

You can manage non-essential cookies through our cookie-preferences tool (where available) and through your browser settings. You can also use browser- or device-based opt-out signals, including the Global Privacy Control (GPC); see Section 9. If you disable certain cookies, some features may not function properly. We do not place personal information directly in cookies, and our email web beacons measure engagement (such as opens) only and are not used to track your activity on unrelated sites.

Do Not Track. Some browsers transmit a “Do Not Track” (DNT) signal. Because there is no industry-wide standard for interpreting DNT signals, our Services do not currently respond to DNT signals. However, we honor the Global Privacy Control (GPC) signal as a valid opt-out preference signal for “sale” and “sharing” of personal information and targeted advertising, as described in Sections 7 and 9.

5. How we use information

We use personal information to:

  • Provide, operate, maintain, and secure the Services and your account;
  • Process memberships, payments, renewals, and your orders, and provide customer support;
  • Deliver course content and track your learning progress;
  • Communicate with you about your account, transactions, and changes to our terms or policies;
  • Send marketing and promotional communications consistent with your choices, and personalize offers and content;
  • Operate communities, events, contests, giveaways, and referral and sponsorship programs;
  • Measure, analyze, and improve the Services and develop new features;
  • Detect, prevent, and respond to fraud, abuse, security incidents, and other harmful or unlawful activity;
  • Comply with legal obligations and enforce our terms and agreements.

We process personal information only as adequate, relevant, and reasonably necessary for the purposes described in this Policy. If we intend to use it for a materially different purpose, we will update this Policy and, where required, obtain your consent.

6. How we disclose information

We disclose personal information in the following ways. We do not disclose your personal information except as described here.

  • Service providers / processors — vendors that perform services on our behalf and are contractually limited to using the information only for those services, including payment processing and billing, website and application hosting, email and marketing platforms, analytics, customer support, security, and content delivery.
  • Advertising partners — for the advertising activities described in Section 7, subject to your choices.
  • Affiliates & brands — within the KelbyOne family of brands (including KelbyOne Events LLC) for the purposes described in this Policy.
  • Event & sponsorship partners — where you register for or interact with a co-branded event, sponsorship, or promotion, with notice at the point of collection.
  • Legal, safety & compliance — to comply with law, a subpoena, court order, or government request; to enforce our agreements; or to protect the rights, property, or safety of KelbyOne, our users, or others. In such cases we disclose only the information reasonably required.
  • Business transfers — in connection with a merger, acquisition, financing, reorganization, or sale of assets, the information may be transferred as a business asset, subject to this Policy or a successor policy.
  • With your direction or consent — when you ask us to share information or otherwise consent.

7. Advertising, “sale,” & “sharing”

We use digital advertising to promote our Services. To do this, we and our advertising partners may use cookies, pixels, and similar technologies to deliver and measure ads and, in some cases, to show you relevant ads on other websites and platforms (often called “targeted” or “cross-context behavioral” advertising).

We do not sell your personal information for money. However, some state privacy laws define a “sale” or “sharing” of personal information broadly to include the use of online identifiers and activity for targeted advertising. Under those definitions, our use of advertising technologies may be considered a “sale” or “sharing” of personal information (such as device and cookie identifiers and browsing activity).

Minors. We do not knowingly sell or share for targeted advertising the personal information of anyone under 16 years of age, and we do not engage in targeted advertising directed to known minors under 16, consistent with the Florida Digital Bill of Rights (Fla. Stat. § 501.71 et seq.) and other applicable state laws.

You can opt out of this activity at any time by enabling a Global Privacy Control (GPC) signal in your browser or device. See Section 9.

8. Video viewing information

Because we provide on-demand video courses, we may collect information about the videos and courses you request or watch. We use this information to deliver content, track your progress, recommend courses, and improve the Services. We treat information that connects your identity to your specific video viewing as protected under the federal Video Privacy Protection Act (VPPA) and comparable laws. We do not disclose your individual video-viewing information to third parties for their own marketing except with your consent or as otherwise permitted by law, and where we seek such consent we will present a clear, separate request. You may withdraw consent at any time by contacting us.

9. Your privacy choices & rights

Choices available to everyone

  • Account information — you can review and update much of your information by signing in to your account, or by contacting us for assistance.
  • Marketing email — you can opt out of marketing email at any time using the unsubscribe link in any message or by contacting us. We will still send service and transactional messages about your account.
  • Cookies & advertising — you can manage cookies through our preferences tool (where available) and your browser, and opt out of certain interest-based advertising through industry tools such as the Digital Advertising Alliance (optout.aboutads.info) and Network Advertising Initiative (optout.networkadvertising.org).

“Your Privacy Choices” and Global Privacy Control

To opt out of the “sale” or “sharing” of your personal information and of targeted advertising, contact us. We also recognize the Global Privacy Control (GPC) as a valid opt-out preference signal. When you visit our website with GPC enabled, we treat it as a request to opt out of sale/sharing and targeted advertising for that browser or device, and we will display a visible confirmation where required.

State privacy rights (United States)

Depending on your state of residence, you may have some or all of the following rights, subject to the exceptions and limits in the applicable law:

  • Know / access — to confirm whether we process your personal information and to access it, including the categories collected, sources, purposes, and categories of recipients;
  • Correct — to correct inaccurate personal information;
  • Delete — to request deletion of personal information we collected from you;
  • Portability — to obtain a portable copy of personal information you provided;
  • Opt out — of the sale or sharing of personal information, targeted advertising, and certain profiling that produces legal or similarly significant effects;
  • Limit sensitive information — to limit the use and disclosure of sensitive personal information to those purposes specified in Cal. Civ. Code § 1798.121(a) and comparable laws (generally, to perform services you requested, ensure security and integrity, prevent fraud, and certain short-term, non-personalized uses);
  • Non-discrimination — we will not discriminate or retaliate against you for exercising your rights;
  • Appeal — to appeal a decision we make about your request, where the law provides an appeal right.

How to submit a request

You (or an authorized agent acting on your behalf) may submit a request by emailing us at the address in Section 19; calling us at the telephone number in Section 19; or using our online contact form where available.

To protect your information, we will take reasonable steps to verify your identity before acting on access, correction, deletion, or portability requests, typically by matching information you provide against information we hold. We will respond within the time required by applicable law — generally within 45 days, with one extension where reasonably necessary and permitted. There is no fee for most requests, though we may charge a reasonable fee or decline a request that is excessive, repetitive, or manifestly unfounded, as permitted by law. If we deny your request, we will explain why and, where available, how to appeal.

10. California privacy notice

This section provides additional detail for California residents under the California Consumer Privacy Act, as amended (CCPA/CPRA), and applies to the extent the CCPA applies to KelbyOne.

Categories of personal information. In the past 12 months, we have collected the following CCPA categories of personal information, and we may disclose each to service providers and (for advertising identifiers and internet activity) to advertising partners:

Category (Cal. Civ. Code § 1798.140) Examples Collected
Identifiers Name, email, username, IP address, account and device identifiers Yes
Customer records Billing name/address, payment information, phone number Yes
Commercial information Memberships, purchases, and engagement history Yes
Internet / network activity Site and course usage, video activity, clicks, referring pages Yes
Geolocation (approximate) General location inferred from IP address Yes
Audio / visual Photos, content, and recordings you submit; support recordings Yes
Inferences Preferences and interests derived from the above Yes
Sensitive personal information Account log-in credentials (used only to provide the Services) Limited

We collect this information from the sources, and use it for the purposes, described in Sections 2 and 5. We do not sell personal information for money; we may “share” or “sell” identifiers and internet activity for targeted advertising as described in Section 7, and you may opt out as described in Section 9. We retain personal information as described in Section 12. We do not use or disclose sensitive personal information for purposes that would require us to offer a “limit” right beyond the choices already described.

Notice at collection. We collect the categories above for the business and commercial purposes described in this Policy.

Shine the Light. California residents may request information about disclosures of personal information to third parties for their direct-marketing purposes; we do not make such disclosures.

Authorized agents may submit requests with proof of authorization, and we may require you to verify your identity directly.

11. International users (GDPR & UK GDPR)

The Services are operated from the United States, and your information will be processed in the United States and other countries that may have different data-protection laws than your own. Where we transfer personal information internationally, we use appropriate safeguards required by law, such as the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Addendum.

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal information under one or more of these legal bases under Article 6 of the GDPR (and UK GDPR): contract (Art. 6(1)(b) — to provide the Services you request); legitimate interests (Art. 6(1)(f) — to operate, secure, analyze, and market our Services in a way that is not overridden by your rights); consent (Art. 6(1)(a) — for example, certain marketing and cookies, which you may withdraw at any time); and legal obligation (Art. 6(1)(c)). To the limited extent we process special-category data within the meaning of GDPR Article 9, we do so only where a lawful condition under Article 9(2) applies — typically explicit consent.

You have the rights to access, rectify, erase, restrict, and object to processing, to data portability, and to withdraw consent and lodge a complaint with your supervisory authority. To exercise these rights, contact us as described in Section 19.

EU representative. KelbyOne does not currently meet the thresholds in GDPR Article 27 that require appointment of an EU representative; if that changes, we will update this Policy and publish the representative’s contact details.

12. Data retention

We keep personal information only for as long as necessary to fulfill the purposes described in this Policy, including to provide the Services, maintain your account, comply with our legal and tax obligations, resolve disputes, and enforce our agreements. Retention periods depend on the type of information and the context. When information is no longer needed, we delete, de-identify, or anonymize it.

13. Data security

We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information against loss, misuse, and unauthorized access, disclosure, alteration, and destruction, consistent with the Florida Information Protection Act and other applicable laws. These include encryption of information in transit using industry-standard protocols (TLS), encryption at rest for sensitive data fields where appropriate, access controls, and use of reputable third-party providers for payment processing. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. Please protect your password, do not share it, and sign out after using shared devices.

14. Breach notification

If a breach of security affecting your personal information occurs, we will notify affected individuals and, where applicable, the appropriate authorities, in accordance with the Florida Information Protection Act and other applicable breach-notification laws and within the timeframes they require.

15. Children’s privacy

The Services are intended for adults and are not directed to children. We do not knowingly collect personal information from children under 13 in violation of the Children’s Online Privacy Protection Act (COPPA). Consistent with the Florida Digital Bill of Rights and other applicable state laws protecting minors, we do not knowingly sell or share for targeted advertising the personal information of anyone under 16, and we do not knowingly engage in profiling of, or targeted advertising directed to, known minors under 18 in furtherance of decisions that produce legal or similarly significant effects.

If you believe a child has provided us personal information, please contact us at privacy@kelbyone.com and we will take appropriate steps to delete it. A parent or guardian who manages a membership on behalf of a minor is responsible for that account and the activities conducted through it.

16. Third-party links & services

The Services may link to or integrate third-party websites, platforms, and services (for example, social media, payment processors, and review sites). We are not responsible for the privacy practices of those third parties, and their handling of your information is governed by their own policies. We encourage you to review them.

17. Email communications

We comply with the federal CAN-SPAM Act and applicable email and marketing laws. You can opt out of marketing email at any time through the unsubscribe link in our messages or by contacting us. We do not sell, rent, or trade your email address to unaffiliated third parties for their own marketing without your permission.

18. Changes to this Policy

We may update this Policy to reflect changes in our practices or applicable law. We will post the updated Policy with a new “Last updated” date and, for material changes, provide additional notice as required (such as a notice on our website or by email). We review this Policy at least annually. Your continued use of the Services after an update means you acknowledge the revised Policy.

19. How to contact us

If you have questions about this Policy or wish to exercise your privacy rights, contact us:

KelbyOne, LLC — Attn: Privacy Administrator
138 Douglas Road East
Oldsmar, FL 34677, USA
Phone: 813.433.5000
Email: privacy@kelbyone.com

Data Protection Inquiries (EU / UK / Switzerland): privacy@kelbyone.com (Subject line: “GDPR Inquiry”)

To submit a privacy-rights request, please use the email above, call the number listed, or use the “Your Privacy Choices” link in our website footer.

Download Privacy Policy (PDF)