Privacy Policy | Gaylyn Morgan Wellness

1. Introduction

**This Privacy Policy explains how we collect, use, and protect your personal information in compliance with the Australian Privacy Act 1988, the Australian Privacy Principles (APPs), and the EU General Data Protection Regulation (GDPR).

2. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your data under the following legal bases:

Contractual Necessity: To provide the products and services you purchased.
Consent: When you opt-in to daily tarot emails.
Legitimate Interests: To protect our website from fraud (ReCaptcha) and manage our business records.

3. Information We Collect

We collect the minimal information necessary to provide our services:

Identity Data: Name and Email Address.
Transaction Data: Billing address (optional), purchase history, and coupon usage. Note: We do not store credit card details; these are handled securely by Stripe.
Technical & Usage Data: Timezone, magic link authentication logs, and record of digital cards viewed.
Sensitive/Service Data: * Coaching & Hypnosis Notes: Professional notes taken during sessions to inform future progress. These are de-identified (stored separately from your name/email) and are only accessible by Gaylyn Morgan.
Tarot Summaries: Temporary summaries of readings.

4. How We Use Your Information

To manage appointments and deliver purchased services (Coaching, Hypnosis, Tarot).
To provide access to digital downloads and subscription content.
To send "Card of the Day" emails (only with your explicit consent).
To maintain session continuity for Coaching and Hypnosis.
To protect our site using Google ReCaptcha V3.

5. Data Retention & Deletion

We adhere to the principle of storage limitation:

Active Accounts: Data is retained while your account is active.
Inactive Accounts: Accounts and associated data are deleted after 2 years of inactivity.
Coaching/Hypnosis Notes: These are destroyed 12 months after your final session.
Tarot Summaries: Deleted immediately once you acknowledge receipt.
Unsubscribe Requests: We keep a record of your "opt-out" to ensure we do not email you again.

6. Data Security and International Transfers

Security: We use passwordless "Magic Link" authentication and encryption in transit (SSL/TLS).
Storage: As an Australian-based business, your data may be stored on servers located outside the EU. We ensure "Standard Contractual Clauses" or equivalent protections are in place to safeguard your data during international transfer.
Third Parties: We never sell your data. We only share data with essential service providers (e.g., Stripe for payments, Google for ReCaptcha).

7. Your Rights (Your Choice & Control)

Under the Privacy Act and GDPR, you have the following rights:

Access & Portability: You may request a copy of your personal data in a machine-readable format.
Correction: You can ask us to fix inaccurate information.
Erasure ("Right to be Forgotten"): You can request that we delete your account and all associated data (subject to legal record-keeping requirements, like tax logs).
Withdraw Consent: You can unsubscribe from marketing/daily emails at any time via the link in the email.
Lodge a Complaint: You have the right to contact the OAIC (Australia) or your local EU Data Protection Authority if you believe your data has been mishandled.

8. Cookies

We use "strictly necessary" cookies for session management (keeping you logged in) and shopping cart functionality. We do not use third-party tracking or advertising cookies.

9. Contact Our Data Controller

For all data-related inquiries or to exercise your rights, please contact:

Gaylyn Morgan Email: info@gaylynmorgan.com Website: gaylynmorgan.com