Privacy Policy
Effective date: January 1, 2026
1. Who we are
InnerRoot Studio (“we”, “us”) provides mindfulness and meditation courses. Contact: [email protected], +1 (415) 937-4428.
2. What we collect
- Account data: name, email, hashed password.
- Purchase data: items purchased, price, timestamps (payments processed by third-party providers).
- Usage data: pages visited, device/browser info, approximate location (derived from IP), and cookies for essential operations.
- Support data: messages you send us and related metadata.
Plain note: we avoid collecting more than we need and do not sell personal data.
3. Why we collect it
- Provide services: account creation, course access, and customer support.
- Improve our offerings: understand aggregate usage patterns.
- Legal compliance: tax/audit records and security logs.
- Communications: transactional emails and optional updates (with consent where required).
4. Cookies
We use essential cookies for authentication, remembering preferences (like theme), and analytics with privacy safeguards. You can manage cookies in your browser settings. See the cookie banner for a summary.
5. Sharing
We share data with service providers who help us run the site (hosting, analytics, customer support, payment processors). They process data under contracts and only as instructed by us. We may disclose data to comply with law or protect rights and safety.
6. Retention
We keep data only as long as necessary for the purposes above: account and purchase records for up to 7 years (for legal reasons), support messages for up to 24 months, and analytics data according to provider limits.
7. Security
We apply reasonable technical and organizational measures, including encryption in transit, access controls, and regular reviews. No method is perfectly secure; please choose a strong password.
8. Your rights
Depending on your location, you may request access, correction, deletion, or portability of your data, or object to/limit processing. Contact [email protected]. If unsatisfied, you may contact your local data authority.
9. Children
Our services are directed to users 16+ unless a parent/guardian provides consent. If we learn a child’s data was collected without consent, we will delete it.
10. International transfers
Data may be processed in countries with different laws. We use appropriate safeguards (such as standard contractual clauses) when required.
11. Changes
We may update this policy. We will post the new version here and update the effective date. Substantive changes may be notified by email if you have an account.
If you have questions, contact [email protected].