Privacy Policy

Privacy Policy Effective date: to be confirmed at launch. 1. Who We Are The School of Informational Yoga ("the School", "we", "our") operates the platform at info-yoga.com. We are the data controller for personal data collected through this platform. 2. Data We Collect We collect the following categories of personal data: (a) Account data: name, email address, and optionally a phone number, provided at registration. (b) Practice and session data: records of sessions held, curriculum progress, and session notes created by the assigned master during the course of practice. (c) Diary entries: personal reflections entered by the Member through the platform's diary feature. (d) Billing data: payment method and transaction history, processed through our payment provider. We do not store full card numbers. (e) Usage data: pages visited, session timestamps, and platform interactions, collected for operational and security purposes. 3. Diary Data — Security and Encryption The School takes the privacy of diary entries seriously. Diary data is handled differently depending on the surface through which it is entered: (a) Web diary (info-yoga.com): diary entries submitted through the web platform are transmitted over TLS and stored server-side in our database. At rest, diary data is protected using AES-256 encryption with AWS Key Management Service (SSE-KMS). Only authorised School systems and your assigned master can access your diary content. Our administrative staff cannot read diary entries without an explicit technical access process, which is logged. (b) iOS app: diary entries created in the iOS app are encrypted client-side using iOS Keychain-derived keys before transmission. The encrypted payload is stored on our servers. Even in the event of a server breach, client-side encrypted diary entries cannot be read without the device-local key. In both cases, your diary content is accessible only to you and your assigned master. 4. How We Use Your Data We use your personal data to: provide and operate the platform and membership services; facilitate session scheduling and master-member communication; maintain billing and membership records; improve the platform and curriculum; and comply with legal obligations. We do not sell, rent, or share your personal data with third parties for marketing purposes. 5. Data Retention Account and practice data is retained for the duration of your membership and for 12 months thereafter, after which it is deleted or anonymised. You may request deletion at any time by contacting hello@info-yoga.com. 6. Your Rights Depending on your jurisdiction, you may have rights to access, correct, delete, or export your personal data. To exercise these rights, contact hello@info-yoga.com. 7. Cookies The platform uses session cookies for authentication and security. We do not use third-party advertising cookies. 8. Changes to This Policy We may update this policy from time to time. Material changes will be communicated by email to registered Members. 9. Contact For privacy questions or data requests, contact hello@info-yoga.com.