Privacy Policy (v2-1/26)

Who we are:

What we collect:

Information you provide: name, email, phone (optional), booking details, messages, and any information you submit when booking or contacting us.
Transaction info: we receive payment confirmations and transaction IDs from our payment processor. We do not store full credit card numbers.
Technical data: IP address, device/browser, and basic usage data via our website platform and analytics tools.

How we use your information:

Legal bases (if you are in the EU/UK):

Consent (e.g., when you opt in to updates).
Contract (to provide services you request).
Legitimate interests, (including operating and administering our business, responding to inquiries, maintaining records, improving our website and services, and preventing fraud or misuse).
Legal obligation (e.g., tax records).

Cookies and tracking:

Our site and third‑party tools (e.g., scheduler, payment, analytics) may use cookies. You can manage cookies in your browser settings and, where available, through our cookie banner or website controls.

Service Providers:

We use third‑party providers, including website hosting and site platform providers, domain, DNS, and security providers, scheduling providers, payment processors and banking providers, analytics tools, and email and communications providers. They process data on our behalf and may store data outside your jurisdiction. We choose reputable providers and require appropriate safeguards.

Sharing and disclosure:

We do not sell your personal information.
We share data with service providers to operate our services, and disclose information if required by law or to protect rights, safety, and security.

Data retention:

Session notes (including internal prep): retained up to 5 years after the last delivered session of your most recent paid engagement (for intensives, after the follow‑up if completed), then deleted.
Deliverables and astrology data: any meditations we provide to you and core birth data (date, time, place) may be retained for continuity unless you request deletion.
Administrative records and routine business communications (e.g., proposals, agreements, invoices, scheduling/email): retained as needed for business, tax, or audit (at least 6 years and often up to 7). Some records may also be retained by our processors in accordance with their own retention practices..
Deletion requests: you may request deletion of session notes, deliverables, or birth data at any time by emailing privacy@inquiries.balraj.yoga. We honor deletion where legally permissible and retain only records required by law.

Security:

We use commercially reasonable measures (encryption in transit, access controls, reputable providers). No method is 100% secure.

Your rights:

Canada (PIPEDA): Request access/correction to your personal information; withdraw consent where applicable.
EU/UK (GDPR): You may have rights to access, correct, delete, restrict, port, or object to processing, and to lodge a complaint with a supervisory authority.
California (CPRA): If applicable under California law, you may have rights to request access, correction, or deletion of personal information, subject to legal exceptions. We do not sell personal information.

Children:

Our services are not directed to children under 16. We do not knowingly collect personal information from children.

International transfers:

Your information may be processed outside your province/state/country. Where personal information is processed outside your province, state, or country, we use contractual, organizational, and technical measures intended to provide an appropriate level of protection.

Changes:

Contact:

Questions: privacy@inquiries.balraj.yoga. If you are not satisfied with our response to a privacy concern, you may also have the right to contact the Office of the Privacy Commissioner of Canada or another applicable privacy regulator.