Privacy Policy | Current Version

Your privacy matters.

Effective Date June 01, 2024

Fair and secure practices that protect your information are important, so this Privacy Policy is updated from time-to-time, for transparency and to reflect changes in data privacy laws such as the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA). My understanding running a super small business is that the work I do does not fall within the scope of the CCPA, but I share its vision for a transparent internet that champions people’s privacy and protection, which is why over the years I've done my best to honor it and legislation like it – and by extension, you! Because building genuine, trusting relationships with people matters.

This latest Privacy Policy update – along with a routine review of all internal data processes and systems I use – is the latest manifestation of that conviction.


This Privacy Policy concerns information collected by me (referred to in this Privacy Policy as "Michael Koehler", “I”, “me”, “my”, or with references to "Lights Film School") through your use of the products, features, and services I provide, as well as through information available through my websites, which are: (1) my primary Leadpages-powered website,; (2) my archival, Leadpages-powered landing pages; and (3) a help desk website for Lights Film School ( run through Help Scout. I also maintain a Substack (, which is governed by Substack's Privacy Policy.

“You” or “your” refers to the individual who uses my websites, products, features, and services, or accesses available information, or engages with me directly via email or other media outlets.

In context of this Privacy Policy, the terms “using” and “processing” information include using cookies on a computer, subjecting it to statistical or other analysis and using or handling information in any way, including, but not limited to collecting, storing, evaluating, modifying, deleting, using, combining, disclosing and transferring information within the work that I'm doing.

Whose information is collected?

I collect information from these types of individuals:

"Visitors" are individuals who visit one of my websites or contact me directly about my products, features, and services or about obtaining other information. "Former students" are individuals who enrolled in Lights Film School before it closed. My "customers" include Lights Film School's former students, but also include people who have purchased other products and/or services from me without enrolling in Lights Film School. Finally, visitors, former students, and customers are all considered a "consumer".

An overview of the sources of personal data

I obtain information about people in these main ways:

  1. When you visit one of my websites or contact me directly;
  2. When you purchase or use a product, feature, or service; and
  3. When you’re a service provider to me.

This Privacy Policy governs how I collect, process, and share information in context of (1) and (2).

What information is collected?

Depending on how you use my websites, products, features, and services – and depending on your direct interactions with me – I collect two types of information: personal information and non-personal information. 

Let's break down what this means:

Personal information

Personal information is information that identifies you or may be used in conjunction with other pieces of information to identify you. So for example, your name, email address, or billing and credit card information collected via an industry-standard payment gateway.

Personal information that does not identify you, but potentially could be combined with other information in a way that enables you to be identified, can include things like an Internet Protocol (IP) address and general current location.

Non-personal information

Non-personal information is information that cannot be used or combined with other information to identify or contact you. For example, some statistical website data.

When is information from third parties used?

I collect only the information necessary to run my websites and provide my products, features, and services successfully. Some of this information comes from or otherwise involves a careful selection of third parties, all of which are GDPR compliant.

Your personal information is not sold.

Instead, I sell bespoke, individualized storytelling and screenwriting services. Years ago, I used to sell enrollment in Lights Film School's online educational programs, but as first announced back in May 2021, Lights Film School has closed. Former students were supported for more than two years beyond that, but support has officially ended.

What third parties are involved, why, and how?

Since Lights Film School has closed, the list of third parties I involve in my work has simplified considerably. Most every third party relating to Lights Film School is now functioning in an administrative and archival capacity. Below is a list in alphabetical order of the third parties who process your information, depending on how you use(d) my websites, products, features, and services, and depending on your direct interactions with me.

AirTable | Privacy Policy

AirTable stores and maintains internal documents; for example, a database with relevant former student information. Such a centralized reference helps to keep organized and deliver individualized customer service more quickly and effectively.

Airtable uses industry-leading Amazon Web Services (AWS) hosting infrastructure. Servers are located in data centers that are SOC 1, SOC 2, and ISO 27001 certified. Data is encrypted both when it is sent to and from their servers and at rest. Airtable uses 256-bit SSL/TLS encryption.

Dropbox | Privacy Policy

Dropbox hosts some of my writing samples as well as some content for former students; for example, a rudimentary archive of Lights Film School's curriculum and custom videos. Dropbox tracks each file’s viewing history. The data associated with each view is anonymous, so former students appear in the viewing history as “Guests”.

Files are protected in transit between Dropbox’s apps and servers, and at rest. Each file is split into discrete blocks, which are encrypted using a strong cipher.

Help Scout | Privacy Policy

Help Scout serves as help desk software. It enables me to create, host, and manage the "Support Center" - a self-service knowledge base (located at - as well as manage some contacts and correspondence. Everything is centralized, making it easier to deliver individualized customer service more quickly and effectively. Various reports help gauge the effectiveness of these efforts. Help Scout also enables me to receive messages, live chat with website visitors, and make onsite announcements all through the Help Scout beacon, where and when active.

All of Help Scout’s application and data infrastructure is hosted in Amazon Web Services (AWS), which provides extensive security control and privacy features. TLS encryption is supported on all inbound and outbound correspondence. Help Scout is PCI Level I compliant.

HEY for Domains | Privacy Policy

HEY for Domains is used to manage direct emails associated with my domains as well as emails initiated through a contact form. In the case of the latter, messages are logged and delivered through Typeform.

HEY for Domains requires two-factor authentication. It uses the industry standard TOTP protocol and also supports WebAuthn. Data is encrypted at-rest, at-work, and in-transit, using the industry standard TLS encryption when sending emails to recipients. HEY for Domains performs external security audits on a regular basis.

Leadpages | Privacy Policy

Leadpages is used to create and host websites and landing pages located at and Built-in analytics help to track page views anonymously.

All pages on Leadpages’ servers are secured by default, and fully support SSL and HTTPS protocols.

Mailchimp | Privacy Policy

Mailchimp is the marketing automation platform and email marketing service I use, meant to help maintain and grow an email list and thus stay in touch with my wider community. A visitor can opt into email marketing directly through Mailchimp as well as via signup forms hosted by Leadpages, when available. At present, Mailchimp is not actively in use.

The entire Mailchimp application is encrypted with TLS. Mailchimp performs annual SOC II audits.

Slack | Privacy Policy

Slack, a messaging platform for teams, was used for internal communications and also to power optional community features included with Lights Film School’s Premium Membership. In the case of the latter, Slack facilitated interactions similar to those on a traditional social media website. Slack is no longer in use, but an archive remains for administrative purposes.

Slack is hosted in Amazon Web Services (AWS), which provides extensive security control and privacy features. Data in Slack is encrypted in transit and at rest. Slack Technologies, Inc. has earned various compliance certifications and regulations, including the Federal Risk and Authorization Management Program, NIST 800-171, SOC 2, SOC 3, ISO 27001, ISO 27017, and ISO 27018.

Stripe | Privacy Policy

I use Stripe to process and manage customer payments. Stripe is an industry-standard payment gateway; consequently, I do not touch, store, or transmit your payment method details.

Stripe is delivered on Amazon Web Services, which provides extensive security control and privacy features. Stripe forces HTTPS for all services using TLS, and all card numbers are encrypted at rest with AES-256. Stripe, Inc. is certified to PCI Service Provider Level I.

Teachable | Privacy Policy

Teachable, a leading online course development platform and service, was used to host and power Lights Film School's students-only membership website. Now it acts as an archive for administrative purposes.

Typeform | Privacy Policy

Typeform is used to collect and store data provided directly by a consumer. For example, Typeform powers the contact form experience on The information provided delivers to Typeform, which triggers an email to HEY for Domains. In addition to powering contact forms, Typeform can be used to collect a customer's name and/or business name as well as address in advance of rendering a service, so that an accurate invoice can be created and issued as appropriate.

Typeform is hosted in Amazon Web Services (AWS), which provides extensive security control and privacy features. Information is encrypted in-transit, end-to-end, using secure TLS cryptographic protocols. The Advanced Encryption Standard (AES) is used with a 256-bit key to encrypt data at rest.

Where and when is information collected?

The personal information that you submit is collected. I also may receive information about you from third parties, as described in detail above.

Cookies and web beacons

As with many websites, “cookies” are used on my websites, so as to collect information that helps to run, monitor, and improve my work and offerings. To the best of my understanding, the only cookies I use are those built into my website platforms by default. To be clear, I do not use cookies like those leveraged by Google Analytics or the Meta Pixel. Basically, I want to leave as "light" of a digital footprint as possible, since it's my belief that the internet is a better place when privacy is more respected.

For reference, a cookie is a small data file that can be placed on your computer or mobile device in order to identify your browser and website activity. Know that you do not have to accept cookies in order to interact with my websites, products, features, and services, although this may lead to a degraded experience. While many browsers are configured to accept cookies out of the box, it is possible to change your browser settings to notify you when you receive a cookie or even to reject cookies generally. To learn more about how you can control privacy settings and cookie management, click the link below pertaining to your web browser:

Some of my tools also use “web beacons”, a web technology used to help track website or email usage information, that can be embedded on web pages and in emails. For example, web beacons in my Help Scout-powered customer service correspondence enable open tracking, which helps in managing conversations with former students. Such beacons can be blocked if you or your email client chooses not to display images.

Log files and other usage statistics

I track some usage statistics, as described in the list of third parties above. I've done my best to describe where, when, why, and how information is collected, so that you’re not in the dark.

Is information from children collected?

My websites, products, features, and services are not designed for or directed to anyone under the age of 18, including Lights Film School's online educational programs. If a parent or guardian becomes aware that their child has provided information without their consent, then he or she should contact me via the Support Center.

What is done with the information that's collected from you?

In general, I use the information collected (1) to provide you with the best possible experience when interacting and when using my websites, products, features, and services; (2) to help understand who engages with me; (3) to enable my advertising in some cases, including using your email to send information like marketing emails you've opted into; (4) to contact customers for customer service, billing, and essential account operation purposes; and (5) for internal administration and operations.

If you identify yourself by sending a communication, I may use your information to respond accordingly, and I may file your questions or comments (with your information) for future reference. I also may use customers’ information to send announcements and updates regarding changes to the Privacy Policy, Lights Film School's Terms of Use, and my websites, products, features, and services. While customers will not be able to unsubscribe from these announcements and updates since they contain important information relevant to their purchase(s), everyone who’s subscribed to my email marketing list always has the option to unsubscribe, clearly marked in every email.

Again, for more details about what I do with information, please take a look at the discussion of third parties above. I've done my very best to paint a clear and complete picture.

Laws and legal rights

Of course, I cooperate with government and law enforcement officials. I may disclose your information if it is believed in good faith that I am required to do so in order to facilitate valid legal processes, protect my property and rights, protect the safety of the public or any person, or to prevent or stop activity I may consider to be illegal or unethical or at risk of becoming so.

Business transfers

I reserve the right to transfer information to a third party in the event of a sale, merger, or other transfer of all or mostly all of my business assets, or in the event that I discontinue doing business because of bankruptcy, reorganization, or a similar proceeding, provided that the third party agrees to adhere to the terms of this Privacy Policy.

Does this Privacy Policy apply to other linked websites or services?

It's possible I may provide you with access to or otherwise reference and/or recommend other websites, products, features, and services. Please be aware that I am not responsible for the privacy of any websites, products, features, or services other than my own, so I encourage you to read the privacy policies of each and every other website, product, feature, and service. In other words, this Privacy Policy applies solely to information that's collected by me, as described.

Is information disclosed to other third parties?

Except as explained in this Privacy Policy or as specifically authorized by a consumer, no, absolutely not! I will not disclose any information to other third parties.

Could my information be sent to other countries?

Information collected via my websites, products, features, and services, or through direct interactions with you, may be transferred from time to time to authorized individuals, or to third parties, located throughout the world, and may be viewed anywhere in the world, including countries that may not have laws of general applicability regulating the use and transfer of such data. To the fullest extent allowed by applicable law, by using any of my websites, products, features, and services, you voluntarily consent to the trans-border transfer of such information. For more information about transfers in relation to third party services used, please see their Privacy Policies, linked above.

Is the information that's collected secure?

Great lengths are gone to in order to ensure that your information is safe and secure. For example, SSL is included on all of my websites. Strong passwords are in place with third party accounts, as is two-step verification in many cases. These third parties go to great lengths to ensure security themselves, as suggested in the discussion of them above. To top it all off, I conduct routine manual reviews of all of my user management systems to ensure no unauthorized access. Moreover, I do not touch, store, or transmit your payment method details.

However, neither people nor security systems are foolproof, including encryption systems – this is the internet, after all. While I'm zealous about security and use reasonable efforts to protect your information, I cannot guarantee its absolute security. I will make any legally-required disclosures of any breach of the security, confidentiality, or integrity of your sensitive information via email and/or conspicuous posting on my website(s), as expediently as possible and without unreasonable delay.

What choices are there with regards to the use of personal information?

Except as otherwise set forth in this Privacy Policy, as applicable, your information is used only for the reasons and purposes described above or as otherwise detailed at the time I request such information from you. You must “opt in” and give me permission to use your personal information for any other purpose. Of course, you may always change your preferences and “opt out” of any marketing communications you receive from me; for example, by selecting the unsubscribe link included in every one of my marketing emails.

You’re welcome to contact me in order to (1) update, correct, or obtain your personal information; (2) change your communication preferences; or (3) delete your personally identifiable information from my systems. Except where otherwise described, personal information in the systems does not expire so as to ensure a stellar customer service experience.

Of course, you have the right to be forgotten, as well as the right to access and data portability. Actions (1), (2), and (3) described in the preceding paragraph will have no effect on other information I maintain, or information that I have provided to third parties in accordance with this Privacy Policy prior to those actions. Please note that to protect your privacy and security, I may take reasonable steps to verify your identity before (in the case of a former student) discussing your enrollment, or otherwise making corrections. Where relevant, you are responsible for maintaining the secrecy of your account information at all times.

Should you contact me to update, correct, obtain, change, or delete your personal information, I will make commercially reasonable efforts to honor your request. Of course, promptly after receiving your request, all personal information stored in databases I actively use, and other readily searchable media will be updated, corrected, exported and delivered to you, changed, or deleted as appropriate, as soon as and to the extent reasonably and technically practicable.

How will I know if there are changes to the Privacy Policy?

I may revise this Privacy Policy from time-to-time without notice. However, I will not make changes that result in significant additional uses or disclosures of your personal information without notifying you of such changes via email and/or conspicuous posting on my website(s). For example, you'll find a date at the top of this page indicating when any latest revision(s) were made, and I encourage you to check back periodically for any changes. Your continued use of my websites, products, features, and services constitutes your acceptance of this Privacy Policy and any changes.

Who can I contact with privacy questions and requests?

I have done my very best to explain my commitment and approach to privacy here, but should you have any comments, questions, concerns, or requests, I'm here for you. Please go ahead and contact me via the Support Center – the best and fastest way to get in touch – or by post: Michael Koehler | 502 Kerwin Road | Silver Spring, MD 20901 | United States

Zooming out, my goal is to maintain a Privacy Policy that’s as helpful, transparent, and clear as possible. Your trust is of the utmost importance, one of many reasons I'm excited about the example that legislations like the GDPR and CCPA have set for interactions on the internet.


Still need help? I'd love to hear from you! I'd love to hear from you!