Information You Provide Directly

How We Use Your Information

• Deliver and manage wellness programs, coaching sessions, and digital courses

• Process transactions and send related confirmations

• Send promotional communications (with your explicit consent)

• Respond to inquiries and provide customer support

• Improve our website, services, and user experience

• Conduct research and analytics (using aggregated, anonymized data)

• Comply with legal obligations and protect against fraud

• Enforce our terms and conditions

Information Sharing and Disclosure

Third-Party Processors

We use the following third-party services that may process your data:

• Stripe: Payment processing (PCI-DSS compliant)

• Google Analytics: Website analytics and performance

• Meta (Facebook) Pixel: Advertising and conversion tracking

• Systeme.io: Funnel hosting and email marketing automation.

• Calendly: Appointment scheduling

• Email Service Providers: Newsletter and communication delivery

Each processor is contractually bound to protect your data and only process it according to our instructions.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the UK and EEA, including the United States and Canada. When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the UK ICO and European Commission

• UK International Data Transfer Agreement (IDTA)

• Adequacy decisions where applicable

• Binding Corporate Rules for corporate transfers

Data Retention

We retain personal data only as long as necessary for the purposes collected:

• Account Data: Duration of account plus 3 years after closure

• Transaction Records: 7 years for tax and legal purposes

• Program Progress Data: Duration of program plus 2 years

• Marketing Preferences: Until consent is withdrawn

• Website Analytics: 26 months

• AI Tool Interactions: Session-based (not permanently stored unless you create an account)

• Support Communications: 3 years after resolution

Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• SSL/TLS encryption for data in transit

• Encryption of sensitive data at rest

• Access controls and authentication measures

• Regular security assessments and monitoring

• Staff training on data protection

• Secure payment processing through PCI-DSS compliant providers

Important: While we take all reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security against all potential threats, including malware, viruses, DDoS attacks, or unauthorized third-party breaches. Users are responsible for protecting their own devices and credentials.

Your Rights

Depending on your location, you have the following rights:

UK/EU GDPR Rights

• Access: Request a copy of your personal data

• Rectification: Correct inaccurate or incomplete data

• Erasure: Request deletion ("right to be forgotten")

• Restrict Processing: Limit how we use your data

• Data Portability: Receive your data in a structured format

• Object: Object to processing based on legitimate interests

• Withdraw Consent: Withdraw consent at any time

• Lodge a Complaint: Contact the UK ICO or relevant EU supervisory authority

California (CCPA) Rights

• Right to know what personal information is collected

• Right to know if personal information is sold or disclosed

• Right to opt-out of the sale of personal information (we do not sell data)

• Right to request deletion of personal information

• Right to non-discrimination for exercising your rights

Canadian (PIPEDA) Rights

• Right to access your personal information

• Right to challenge accuracy and completeness

• Right to withdraw consent

Web Browser Cookies

Our Site may use 'cookies' to enhance User experience. User's web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. User may choose to set their web browser to refuse cookies, or to alert you when cookies are being sent. If they do so, note that some parts of the Site may not function properly.

Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of external sites. We encourage you to read the privacy policies of any third-party sites you visit.

Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly. If you believe we have collected information from a minor, please contact us immediately.

Data Breach Protocol

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours

• Notify affected individuals without undue delay when required

• Document the breach and remedial actions taken

• Implement measures to prevent future incidents

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of material changes via email or prominent website notice. The "Effective Date" at the top indicates when the policy was last revised.

Contact Us

For questions about this Privacy Policy or to exercise your data protection rights:

• Email: connect@namayou.com

• Website: deliberatetransformation.com

• Brand Website: namayou.com

We will respond to your request within 30 days. For complex requests, we may extend this period by an additional 60 days, in which case we will inform you of the extension and reasons.