Dynamic Arts Makerspace — Privacy Policy

1. Who We Are

Dynamic Arts LLC (“Dynamic Arts,” “we,” “us,” or “our”) operates a professional makerspace and custom fabrication business at 4401 Eastern Ave, Unit 46-1B, Baltimore, MD 21224. This privacy policy describes how we collect, use, store, and protect your personal information when you visit our website at dynamicartsmakerspace.com, use our services, take classes, or interact with us.

We collect only the personal information necessary to provide the services you have requested.

Contact for privacy inquiries: admin@dynamic-arts.net

2. Information We Collect

2a. Information you provide directly

• Account registration: Name, email address, phone number, company name (optional). Your password is hashed and never stored in plaintext.
• Quote requests: Name, email, phone, company, project description, budget, timeline, and service type.
• Contact form submissions: Name, email, phone number, and message content.
• Class enrollment: Name, email, payment information (processed by Stripe — we never see or store full card numbers), class preferences, and equipment certification records.
• Membership registration: Name, email, and membership tier selection.
• Digital waiver signatures: Full legal name, IP address, user agent string, signature timestamp, and the signed waiver PDF stored in Supabase Storage.
• Newsletter signup: Email address and first name (optional).
• Media consent: Your opt-in or opt-out preference for photography and video recording while using the facility.
• Staff and instructor profiles: Name, email, phone, bio, display title, work schedule, time-off dates, and avatar photo.

2b. Information collected automatically

• Usage data: Pages visited, time spent, referral source, browser type, device type, and operating system.
• IP address: Collected with form submissions and waiver signatures for legal verification, and via standard server logs.
• Cookies: See Section 7 below.

2c. Information from third-party services

• Stripe: Payment confirmation, transaction IDs, and refund status. We do not receive or store credit card numbers.
• Google Calendar: Calendar events synced between our system and Google Calendar for scheduling purposes.
• Mailchimp: Email delivery status, open rates, and click rates for newsletter subscribers.
• hCaptcha: Bot detection verification data during login and registration.

If you sign in through a third-party authentication provider, we receive your name and email address from that provider. We do not receive or store your third-party account password.

3. How We Use Your Information

• Provide services: Process quote requests, manage jobs, schedule classes, handle payments and refunds.
• Manage your account: Authenticate logins, maintain your profile, track enrollments, and issue equipment certification records.
• Communicate with you: Send order confirmations, class reminders, enrollment receipts, waiver confirmations, and respond to inquiries via email (Resend) and, where you have provided your phone number and opted in, via SMS or MMS (Dialpad). Message frequency varies. Message and data rates may apply.
• Send marketing (with consent): Newsletter updates about workshops, open houses, and new offerings via Mailchimp — only if you explicitly subscribe through our newsletter signup form.
• Improve our platform: Analyze usage patterns to improve website functionality and class offerings.
• Ensure safety: Maintain waiver records, track equipment certifications, and manage safety prerequisites for classes.
• Comply with legal obligations: Tax records, business records retention, and responding to legal requests.

We do not sell, rent, share, or trade your personal information — including your mobile phone number — with third parties or affiliates for marketing or promotional purposes. Text messaging originator opt-in data and consent will not be shared with any third parties or affiliates, except with vendors or service providers that support message delivery and business operations (such as our SMS platform, Dialpad).

4. SMS/Text Messaging

You will only receive SMS or MMS messages from Dynamic Arts Makerspace if you have provided your phone number and given prior express consent — either by submitting a form on our website with an SMS opt-in checkbox, by texting us first, or by pressing a phone menu option that triggers an automated text reply containing the information you requested. We do not send unsolicited marketing texts.

When you provide your phone number and consent to receive text messages from Dynamic Arts Makerspace, you may receive SMS and MMS messages related to class registration confirmations, appointment reminders, schedule changes, membership notifications, and customer service communications.

Message frequency varies based on your interactions with our services. Message and data rates may apply depending on your mobile carrier and plan.

You can opt out of receiving text messages at any time by replying STOP to any message we send. After opting out, you will receive a confirmation message and will no longer receive SMS from us unless you re-subscribe. Reply HELP to any message for assistance.

Mobile phone contact information will not be shared with or sold to third parties for marketing or promotional purposes. This applies to all phone numbers collected through our website, in-person interactions, and any other channel.

Opting out of SMS messages will not affect your ability to use our services, access your account, or receive communications through other channels such as email.

For SMS-related questions or support, contact us at (443) 293-5656 or visit dynamicartsmakerspace.com/contact.

Mobile Information and SMS Consent — Data Sharing

Mobile information, including phone numbers and SMS opt-in data and consent, will not be shared with third parties or affiliates for marketing or promotional purposes. The only exception is sharing with vendors or service providers that directly support message delivery and business operations (such as Dialpad, our SMS platform). These vendors are contractually prohibited from using your information for their own marketing purposes.

5. Third-Party Services We Use

We share data with the following service providers, each bound by their own privacy policies:

Each provider operates under its own privacy policy. We encourage you to review them.

Some of our service providers use artificial intelligence features as part of their standard service (for example, call transcription and summarization). When this occurs, your data is processed according to that provider's privacy policy. We select providers whose AI data practices meet our standards for data protection.

6. Data Retention

• Account data: Retained as long as your account is active. You may request deletion at any time.
• Waiver signatures: Retained indefinitely as legal records. Waivers are binding agreements and may be needed to resolve future claims.
• Quote and job records: Retained for 7 years for tax and business purposes.
• Class enrollment records: Retained for 7 years for certification verification and tax purposes.
• Payment records: Transaction records retained for 7 years per IRS requirements. Full payment details are stored by Stripe, not by us.
• Equipment certifications: Retained while your membership or account is active, plus 1 year after expiration.
• Newsletter subscriptions: Retained until you unsubscribe. You can unsubscribe at any time via the link in every email or by contacting us.
• Contact form submissions: Retained for 2 years, then deleted.
• Server logs: Retained according to our hosting provider's standard retention policies and automatically purged thereafter.
• Website analytics data: Aggregated and anonymized; retained indefinitely.

7. Your Rights

You have the right to:

• Access your data: Request a copy of all personal data we hold about you. You can also view your information, enrollment history, certifications, and waiver status through your member portal.
• Correct inaccurate data: Update your profile through the portal, or contact us for corrections we need to make on your behalf.
• Delete your data: Request account deletion and removal of personal information by contacting us at admin@dynamic-arts.net, subject to legal retention requirements described in Section 5.
• Opt out of marketing: Unsubscribe from newsletters at any time via the link in any email. Transactional emails (receipts, safety notices) are not affected.
• Opt out of SMS/MMS: Reply STOP to any text message to immediately stop receiving SMS/MMS communications. Reply HELP for assistance. You may also contact us at admin@dynamic-arts.net or call (443) 293-5656 to opt out.
• Data portability: Request a copy of your data by contacting us.
• Withdraw consent: For any processing based on consent (e.g., newsletter subscription, media consent).
• Opt out of media: Opt out of photography and video recording at any time by notifying staff or updating your media consent preferences.

To exercise any of these rights, email admin@dynamic-arts.net with your request. We will respond within 30 days.

Maryland residents may have additional rights under Maryland law. Contact us for details.

8. Cookies

Our website uses the following cookies:

We do not use third-party advertising cookies or tracking pixels. We do not use Google Analytics. hCaptcha may set its own cookies during verification — see their privacy policy.

You can control cookies through your browser settings. Disabling essential cookies may prevent you from logging in or using account features.

We honor Do Not Track (DNT) browser signals. Because we do not use third-party advertising cookies or cross-site tracking, our website behaves identically regardless of your DNT setting.

9. Data Security

All data transmitted between your browser and our servers is encrypted via HTTPS/TLS. Data stored in our database is encrypted at rest. Passwords are cryptographically hashed and never stored in readable form.

Access to personal data is restricted by role. Our application enforces row-level security policies on all database tables, meaning each user — whether admin, staff, member, or client — can only access data necessary for their function. Staff modifications to member records are logged.

Guest, member, and operational systems are isolated from each other through network segmentation.

Strict Content Security Policy headers limit what external resources our website can load. All user input is validated before processing. API endpoints require authentication and validate input before processing.

We never see or store your full payment card number. All payment processing is handled by Stripe, a PCI-DSS Level 1 certified processor — the highest level of payment security certification.

Authentication sessions use secure, httpOnly cookie flags that prevent JavaScript-based session theft. Sessions have defined expiration periods.

No system is 100% secure. If you discover a security vulnerability affecting our website or systems, please report it to admin@dynamic-arts.net. We will acknowledge your report within 48 hours and work to address confirmed vulnerabilities promptly. We will not pursue legal action against individuals who report vulnerabilities in good faith and do not access or modify other users' data.

9a. Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected individuals within 45 days of discovering the breach, as required by the Maryland Personal Information Protection Act (PIPA). Notification will be sent to the email address associated with your account and will include:

• A description of the breach and the types of personal information affected
• The date or estimated date of the breach
• Steps we are taking to address the breach and prevent future occurrences
• Steps you can take to protect yourself
• Contact information for questions about the breach

If a breach affects more than 1,000 Maryland residents, we will also notify the Maryland Attorney General's Office as required by law.

10. Intellectual Property & Member Works

You retain full ownership of works you individually create at our facility. We maintain a limited license to photograph and showcase works for promotional purposes, subject to your media consent preference. Collaborative projects require written agreements defining ownership. Full details are in our Terms of Service.

11. Children's Privacy

Our classes may be available to minors (age 16 and older with parental consent for most classes, as specified per class). We do not knowingly collect personal information from children under 13. Classes with age restrictions require appropriate waivers signed by a parent or guardian. If a parent or guardian believes their child under 13 has provided us with personal information, please contact us and we will delete it.

12. Governing Law

This policy is governed by the laws of the State of Maryland. Any disputes arising from this policy are subject to the jurisdiction of the courts of Baltimore, Maryland. If you are located outside the United States, please be aware that your data is processed and stored in the United States.

13. Changes to This Policy

We may update this policy from time to time. Material changes will be posted on this page with an updated “Last updated” date. If changes significantly affect how we handle your data, we will notify registered users by email.

14. Contact Us

For questions, concerns, or requests regarding this privacy policy or your personal data:

• Email: admin@dynamic-arts.net
• Phone: (443) 293-5656
• Mail: Dynamic Arts Makerspace, 4401 Eastern Ave, Unit 46-1B, Baltimore, MD 21224
• Hours: Tuesday–Thursday, 10 AM – 6 PM ET