Privacy Policy
Official Page
Information We Collect
We collect personal information (name, email, phone, payment details) provided during registration, coaching sessions, or contact forms. Additionally, session metadata: timestamps, duration, biometric data (HRV via optional wearable integration) with your explicit consent. We do not collect sensitive data such as genetic or political opinions.
- Cookies: session cookies for login; analytics cookies (opt-out via browser settings)
- Log data: IP address, browser type, OS, referring URLs (anonymized after 30 days)
- Third-party: payment processed via Stripe (PCI-DSS compliant), no storage of full card numbers
Use of Data
Data is used to provide personalized coaching, improve services, and send relevant communications (newsletters, retreat updates) only with opt-in consent. We may use aggregated anonymized data for research (e.g., efficacy studies). We do not sell or rent data to third parties.
- Legal basis: GDPR – legitimate interest (service improvement) and consent (marketing)
- Processing: encrypted storage (AES-256) on servers in US; backups in Canada
Data Subject Rights
Under GDPR and CCPA, you have rights: access, rectification, erasure, portability, and objection. Requests must be sent to [email protected]; we respond within 30 days. For biometric data, you may revoke consent at any time.
- Right to deletion: we retain records for 3 years post-last session for tax purposes
- Opt-out: unsubscribe link in every email; disable analytics cookies
Security Measures
We implement TLS 1.3, regular penetration testing, and employee training. Breach notification: within 72 hours of discovery. Third-party processors: reviewed annually (SOC 2 reports available).
- Data Protection Officer: [email protected]
- International transfers: standard contractual clauses
Updates to this policy: posted here with effective date.