Privacy Policy

Who we are

Our website address is: https://mercurytheme.com.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Additional information

Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. In tempus, erat eget tincidunt elementum, mauris quam laoreet erat, in porttitor sem eros sit amet nibh. Nulla sit amet volutpat risus. Maecenas pharetra nisl nec egestas sollicitudin.

How we protect your data

At our Yoga Studio, we take the security of your personal information seriously. We implement a variety of technical and organizational measures to maintain the safety of your data when you browse our site, book a session, or access our training materials.

Secure Data Transmission and Storage

All sensitive information you provide is transmitted via Secure Socket Layer (SSL) technology. This ensures that the data exchanged between your browser and our website remains encrypted and protected from unauthorized access. Once received, your data is stored on secure servers protected by modern firewalls and access control protocols.

Limited Access

We restrict access to your personal information to only those employees, contractors, and service providers who need to know that information in order to operate, develop, or improve our services. These individuals are bound by strict confidentiality obligations and may be subject to disciplinary action if they fail to meet these standards.

Payment Security

We do not store your credit card information on our servers. All financial transactions are processed through secure, third-party payment gateways that are PCI-DSS compliant. This means your payment details are handled with the highest industry standards for security and privacy.

Regular Audits and Updates

Our systems are regularly monitored for potential vulnerabilities and attacks. We stay up-to-date with the latest security patches and best practices to ensure that our platform remains a safe environment for our community to practice and grow.

Your Control

You have the right to access, update, or request the deletion of your personal data at any time. We are committed to transparency and will always inform you about how your data is being used to enhance your experience on our platform.

What data breach procedures we have in place

We take the security of your personal information seriously and maintain procedures designed to prevent, detect, respond to, and recover from potential data breaches. While no method of transmission or storage is 100% secure, we work to minimize risk and act quickly if an incident occurs.

1) Prevention and Risk Reduction

We use reasonable technical and organizational safeguards to reduce the likelihood of unauthorized access, including access controls, least-privilege permissions, encryption where appropriate, and routine security updates.

2) Monitoring and Detection

We monitor our systems for suspicious activity and potential vulnerabilities. Where appropriate, we use logging and alerting to help us identify unusual access patterns or unexpected system behavior.

3) Incident Response and Investigation

If we suspect or confirm a breach, we take steps to:

  • Contain the incident (for example, isolating affected systems, rotating credentials, or disabling compromised access).
  • Assess impact (what happened, what data may be involved, and which users may be affected).
  • Preserve evidence and document actions taken to support investigation and remediation.

4) Remediation and Recovery

After containment, we work to fix the root cause and reduce the chance of recurrence. This may include patching vulnerabilities, strengthening controls, updating configurations, and validating system integrity before returning affected services to normal operation.

5) User and Regulatory Notification (When Required)

When legally required and depending on the nature of the incident, we may notify:

  • Affected users, with information about what happened, what data may be involved, steps we’re taking, and recommended actions (e.g., changing passwords).
  • Regulators or authorities, in accordance with applicable data protection laws.

6) Post‑Incident Review

Following resolution, we perform a review to improve our security posture and incident response processes. This may involve updating internal policies, training, and technical safeguards.

If you want, tell me the regions you operate in (e.g., UK/EU for GDPR, US states, etc.) and whether you collect health data—then I can tailor this section to better match the legal notification language typically used in those jurisdictions.

What third parties we receive data from

To provide a seamless experience and improve our services, we may receive information about you from various third-party sources. We ensure that any data shared with us is handled in accordance with this policy and the privacy standards of the original provider.

Social Media and Integrated Logins

If you choose to register or log in to our site using a third-party account (such as Google, Facebook, or Apple), we receive certain profile information from that provider. This typically includes your name, email address, and profile picture, allowing you to create an account quickly without manual entry.

Payment Processors

When you purchase a subscription or an author-led training session, we receive transaction-related information from our payment partners (such as Stripe or PayPal). While we do not see your full credit card details, they provide us with confirmation of payment, the last four digits of your card, and billing contact information to help us manage your orders.

Analytics and Advertising Partners

We work with service providers like Google Analytics to understand how visitors interact with our website. These partners provide us with aggregated, de-identified data regarding user behavior, such as which yoga poses are most popular or how much time is spent on our training videos. This helps us tailor our content to your interests.

Marketing and Lead Generation

We may receive contact information from marketing partners or platforms where you have explicitly opted in to receive information about wellness and yoga services. This data is used to send you relevant offers and updates about our new author workouts, provided you have given your consent to the third party to share your details.

Technical Service Providers

We may receive data from technical partners who assist with website hosting, security monitoring, and error reporting. This information is primarily technical in nature (such as IP addresses or device types) and is used to ensure our site remains stable, fast, and secure for all users.

What automated decision making and/or profiling we do with user data

We may use limited automated processing (sometimes called “profiling”) to improve your experience on our website and to operate our services efficiently. We do not use automated decision-making that produces legal effects or similarly significant impacts on you (for example, automatically denying access to essential services) without meaningful human involvement, unless we clearly inform you and have a lawful basis to do so.

Personalization and Recommendations

We may use automated tools to tailor what you see, such as:

  • Recommending workouts, programs, or pose guides based on pages you view, content you save, or classes you complete.
  • Showing recently viewed items or suggesting similar content (e.g., hip openers if you often browse flexibility sequences).

Progress and Usage Insights

If you have an account, we may automatically analyze activity data to generate:

  • Practice history (completed sessions, time spent, favorites)
  • Streaks, reminders, or suggested next sessions based on your activity patterns

Marketing and Communications

Where permitted by law and your preferences, we may use automated systems to:

  • Segment users (e.g., new members vs. returning members) to send more relevant emails or updates
  • Measure engagement with messages (opens, clicks) to improve our communications

Security and Fraud Prevention

We may use automated methods to detect suspicious activity, such as:

  • Unusual login patterns, repeated failed login attempts, or abnormal traffic behavior
  • Indicators that help protect accounts and prevent abuse of the website

Cookies and Similar Technologies

Some profiling may be based on cookies or similar technologies used for analytics and, where applicable, advertising. You can control cookie settings through your browser and (where available) our cookie preferences tools.

Your Choices and Rights

Depending on where you live, you may have rights to:

  • Object to certain types of profiling (especially for direct marketing)
  • Request access, correction, or deletion of your personal data
  • Withdraw consent where processing is based on consent

If you tell me what jurisdiction your Privacy Policy is targeting (e.g., GDPR/UK, US states like California, or global), I can adjust the wording to match the typical legal requirements and terminology.

Industry regulatory disclosure requirements

We aim to comply with applicable privacy, consumer protection, and e-commerce laws and regulations that may require specific disclosures about how we collect, use, store, and share personal data. The exact requirements that apply depend on where you and our business are located, and on the nature of the services we provide (for example, subscriptions, online payments, marketing communications, or wellness-related content).

Key Disclosures We May Provide (Where Required)

Depending on the laws that apply, our Privacy Policy and related notices may include:

  • Categories of personal data collected (e.g., account details, purchase history, device and usage data).
  • Purposes of processing (e.g., providing content, managing subscriptions, customer support, security, analytics).
  • Legal bases for processing (where required, such as under GDPR/UK GDPR).
  • Categories of recipients / third parties we share data with (e.g., hosting providers, payment processors, analytics providers).
  • International data transfers and safeguards (e.g., contractual protections where applicable).
  • Retention periods or criteria used to determine how long data is kept.
  • User rights and choices, including how to exercise them (access, deletion, correction, opt-out of marketing, etc.).
  • Cookies and tracking disclosures, including consent mechanisms where required.
  • Security measures and data breach notification practices.
  • Children’s privacy disclosures and age restrictions, if relevant.
  • “Do Not Sell/Share” or targeted advertising opt-out disclosures where required by certain laws.

Payments and Financial Disclosures

If we accept payments online, we may be required to disclose:

  • The use of third-party payment processors (we typically do not store full card details).
  • Subscription terms, renewal and cancellation policies, and refund policies (if any), as required by consumer protection laws.

Health/Wellness Content Disclaimer (If Applicable)

Because our site relates to yoga and wellness, we may include disclosures clarifying that:

  • Content is provided for general informational/educational purposes.
  • It is not medical advice, and users should consult a qualified professional as appropriate.

Contact and Complaints

Where required, we may provide:

  • A contact method for privacy requests and questions.
  • Information about how to lodge a complaint with a relevant supervisory authority (for certain jurisdictions).

If you tell me which region(s) you operate in (e.g., EU/UK, USA/California, Canada, Australia) and whether you sell subscriptions, I can tailor this section to match the most common disclosure requirements for that jurisdiction.

    © Copyright 2023 | Powered by WordPress | Mercury Theme
    practice studio
    © Copyright 2023 | Powered by WordPress | Mercury Theme