Effective date: August 28th, 2025
Controller: Jhourney, Inc., 2261 Market Street, Suite 22161, San Francisco, CA 94114
Contact: retreats@jhourney.io
We provide meditation retreats (online and in-person). This notice explains what data we collect, why, how long we keep it, who we share it with, and your choices.
Who this applies to
- Retreat applicants/participants (online and in-person)
- Prospects/waitlisters, website/app visitors, newsletter subscribers
Age
Our services are 18+. We don’t knowingly collect information from children.
What information we collect
We collect information you provide, data created during retreats, and limited technical data:
- Identifiers & contact: name, email, phone, emergency contact, and purchase/waiver details.
- Retreat information: practice history and goals; logistics/dietary preferences; communications with us.
- Mental-health data that is required for safety, including: mental health history, medications, prior incidents, hospitalizations, and similar information
- Recordings, transcripts, and messages: we record audio/video by default in retreat contexts for safety and quality assurance. Messages you send us in retreat support channels may be reviewed on a need to know basis for safety and support.
- Payments & transactional: processed by our payment providers (we don’t store full card numbers).
- Device/usage data: limited technical data (e.g., IP, device/browser) to run the site/app and secure our systems.
- Marketing & ads: if you consent to non-essential cookies/pixels, we receive analytics/ads events (see Cookies).
Data minimization principle: we only collect data required for these stated purposes.
Why we use it (purposes) & legal bases (EU/UK)
We use your information to:
- Screen, deliver, and support retreats; safety/QA; incident response; aftercare.
- Legal bases: Vital interest (Article 9(2)) in participant safety. Our legitimate interests: Ensuring participant safety during meditation retreats, preventing incidents, and providing appropriate support. We've assessed that these interests override privacy concerns given the safety-critical nature of our services and voluntary participation in retreats. Completing safety/mental health screening is required for participation in our retreats.
- Communicate with you (program updates, service messages, customer support).
- Bases: contract for program communication; legitimate interests for broader program communication.
- Payments, operations, security, and fraud prevention.
- Bases: contract; legitimate interests; compliance with law.
- Optional R&D, product improvement, and staff training.
- Only if you opt in (explicit consent). You can withdraw at any time (see “Your choices”).
- Marketing (with your choices respected).
- Bases: consent where required; otherwise legitimate interests.
Automated decision-support. We use algorithmic + human review to assess retreat suitability from screening data using the contraindications listed on our website. Decisions are not solely automated.
EU/UK users can request human review and contest a decision by emailing retreats@jhourney.io.
Your choices & consents
- Required to attend: We require processing and recording for safety/QA (screening, monitoring, incident response, and aftercare) and limited need-to-know sharing (e.g., select staff/contractors, on-call mental-health consultants, emergency/crisis services, medical providers, legal counsel as needed to protect life/safety or comply with law).
- Optional: You may opt in to allow reuse of your survey responses and retreat recordings/transcripts for broader R&D, product improvement, and staff training. Declining does not affect your ability to attend. You may withdraw optional consent anytime (see “Contact Us”).
Disclosures (who we share with)
We share personal information with:
- Service providers (processors) under contract (e.g., cloud storage/collaboration, communications/CRM, video conferencing/recording and transcription, payments, website hosting, security, analytics/advertising if enabled).
- On-call mental-health consultants and emergency/crisis services when reasonably needed for safety.
- Legal, compliance, and insurance advisors, and authorities where required by law.
- Corporate transactions (e.g., merger/acquisition) under confidentiality.
We require processors to follow our instructions, protect data, and not use it for their own purposes (including no model training or retention beyond providing the service).
International transfers
We primarily process data in the United States. For EU/UK users, we rely on Standard Contractual Clauses (and the UK addendum) and other permitted safeguards for cross-border transfers.
EU/UK representative. We are appointing EU and UK Article 27 representatives; until published here, EU/UK users may contact us at retreats@jhourney.io for privacy matters.
Cookies & ads
We use essential cookies to run our site. We may also use analytics and advertising pixels to measure and improve campaigns and to show more relevant ads. In the EU/UK, we request consent before setting non-essential cookies. In some US states, advertising pixels may be considered “sharing” for cross-context behavioral advertising; see “Do Not Sell or Share” below.
- Manage cookies via our banner or your browser settings.
See “Your rights (California)” for Do Not Sell or Share.
How long we keep information (key ranges)
We keep data no longer than necessary for the purposes above:
- Safety/QA recordings & transcripts: up to 4 years, unless needed longer for legal or safety compliance. We retain this data for the duration of a conservative U.S. statute of limitations for negligence claims.
- Screening surveys & incident logs: typically up to 4 years (or 1 year after your last interaction), unless needed longer for legal obligations or disputes.
- Optional R&D/training copies (only if you opted in): up to 7 years or until you withdraw consent, whichever comes first.
- Payments/tax/waivers: up to 7 years (legal requirements).
- Marketing contacts: until you unsubscribe or your data becomes inactive, then we minimize or delete.
Security
We use appropriate technical and organizational measures to protect personal information, including access controls and encryption in transit and at rest, and we periodically review our safeguards.
Your rights
- EU/UK: You may request access, correction, deletion, restriction, portability, and objection, and withdraw consent at any time (withdrawal doesn’t affect prior lawful processing). You may also request human review of decisions supported by algorithms.
- California (CPRA): You may request access, deletion, correction, and opt out of “sale” or “sharing” of personal information for cross-context behavioral advertising (we do not “sell,” and you can opt out of “sharing” via our Do Not Sell or Share page or Global Privacy Control).
We will not discriminate against you for exercising your rights.
How to exercise: Email retreats@jhourney.io. We may take reasonable steps to verify your identity (e.g., email match and, for sensitive requests, additional details). We generally respond within the timelines required by law (EU/UK: 1 month; CA: 45 days).
Appeals (US states with appeal rights): If we deny your request, you may appeal by emailing retreats@jhourney.io with “Appeal” in the subject.
Supervisory authorities: EU/UK users may contact their local data protection authority; UK users may contact the ICO. We can provide a list of EEA authorities upon request.
HIPAA
We are not a HIPAA covered entity and our services are wellness/educational services (not medical care). We still safeguard sensitive information as described in this Notice.
Breach Notification
If we become aware of a data breach, we will notify the relevant authorities within 72 hours, and will notify impacted individuals as required.
Changes
We may update this Notice. We’ll change the effective date above and, for material changes, provide additional notice.
Contact Us
Controller: Jhourney, Inc., 2261 Market Street, Suite 22161, San Francisco, CA 94114
Email: retreats@jhourney.io