1. Overview
Sacred Reference respects your privacy. This Policy explains what information we collect, how we use it, and the choices you have. By using our website, booking sessions, or using the client portal, you acknowledge this Policy and our Terms of Service.
Important: Sacred Reference offers alternative health and embodied coaching — not licensed clinical therapy. Session content is treated confidentially in practice, but is not protected under HIPAA. See our Informed Consent for the full service description.
2. Information we collect
- Identity and contact data: name, email, phone, account credentials.
- Booking and session data: scheduled times, session type, notes you provide, attendance status.
- Communications: messages you send us and form submissions (including intention fields).
- Consent records: timestamps and version of Informed Consent and related agreements.
- Technical data: IP address, browser type, device information, cookies, and usage logs needed to secure and improve the site.
- Media: session recordings and related metadata when recording is enabled and you have consented.
- Payment data (when applicable): processed by third-party payment processors; we do not store full card numbers on our servers.
3. How we use information
- Provide, schedule, and deliver coaching sessions and portal access.
- Create and maintain your account and private session library.
- Process recordings (where consented) and store them for your use.
- Send service-related emails (confirmations, reminders, recording-ready notices).
- Improve the website, fix errors, and protect against fraud or abuse.
- Comply with legal obligations and enforce our Terms.
- Document that you agreed to Informed Consent and service disclaimers.
4. Legal bases (where applicable)
Depending on your location, we may process data based on contract (providing the service you requested), consent (e.g., marketing or recording where required), legitimate interests (security, service improvement), and legal obligations.
5. Sharing and processors
We do not sell your personal information. We may share data with trusted service providers who help us operate the platform, such as:
- Hosting and infrastructure (e.g., Vercel)
- Authentication and database (e.g., Supabase)
- Video conferencing / recording (e.g., LiveKit or similar)
- Email delivery providers
- Payment processors (when payments are enabled)
These providers process data under agreements and only as needed to perform their services. We may also disclose information if required by law, legal process, or to protect rights, safety, or property.
6. Confidentiality and security
We use reasonable administrative, technical, and organizational measures to protect personal data (encryption in transit, access controls, private storage for recordings where configured). No method of transmission or storage is 100% secure. Because this is not a HIPAA-covered clinical practice, your information is not afforded HIPAA statutory protections.
7. Cookies and analytics
We may use essential cookies for authentication and session security. If privacy-focused analytics are enabled, they help us understand aggregate site usage. You can control cookies through your browser settings; disabling essential cookies may affect login and booking.
8. Retention
We retain account, booking, consent, and session records for as long as needed to provide services, resolve disputes, and meet legal or legitimate business requirements. You may request deletion of your account; some records may be retained where required by law or for legitimate documentation of consent and safety.
9. Your rights and choices
Subject to applicable law, you may request access, correction, deletion, or export of your personal data, and you may withdraw consent where processing is consent-based (withdrawal does not affect prior lawful processing). Contact us using the email below. You may also opt out of non-essential marketing emails via unsubscribe links.
10. Children
Services are intended for adults. We do not knowingly collect personal information from children under 18. If you believe a child has provided data, contact us so we can delete it.
11. International transfers
Data may be processed in the United States or other countries where our providers operate. Where required, we use appropriate safeguards for cross-border transfers.
12. Changes to this Policy
We may update this Privacy Policy periodically. The effective date at the top of this page will change when updates are published. Continued use of the services after updates constitutes acknowledgment of the revised Policy.
13. Contact
Privacy questions or requests: hello@sacredreference.com.