Sieveback Gentle End of the Day

Legal

Privacy Policy

This document explains how Sieveback collects and processes personal data when you visit sieveback.world or communicate with our studio.

Last updated:

1. Data controller

The data controller responsible for processing under this policy is:

Sieveback
6200 Hollywood Blvd, Los Angeles, CA 90028, USA
Phone: +1 323-245-6400
Email: touch@sieveback.world
Website: https://sieveback.world

We operate as an educational studio providing gentle end-of-day programs, consulting, and related informational materials. We are not a healthcare provider and do not process special categories of health data through this website except where you voluntarily include such information in free-text messages—which we discourage and delete when not needed for your request.

2. Categories of personal data we collect

2.1 Data you provide directly

When you complete our contact form, we may collect your name, email address, message content, and confirmation that you agree to data processing. If you enroll in programs, we may additionally collect billing address, payment confirmation references (processed by third-party payment providers), and scheduling preferences.

2.2 Data collected automatically

When you browse our site, servers may log IP address, browser type, device type, referring URL, pages viewed, and timestamps. If you accept analytics cookies, aggregated usage statistics may be collected through privacy-oriented analytics tools configured to minimize identification.

2.3 Cookies and similar technologies

We use strictly necessary cookies for consent storage and optional analytics or marketing cookies only with your permission. Details appear in our Cookie Policy.

3. Purposes and legal bases for processing

We process personal data only for defined purposes and on lawful grounds under the EU General Data Protection Regulation (GDPR) and comparable laws:

  • Responding to inquiries (Art. 6(1)(b) GDPR): To answer questions about programs, sessions, or policies before a contract exists.
  • Contract performance (Art. 6(1)(b)): To deliver purchased educational materials, session access, and consulting appointments.
  • Legitimate interests (Art. 6(1)(f)): To secure our website, prevent fraud, improve content quality, and document consent records. We balance these interests against your rights and offer opt-outs where required.
  • Legal obligation (Art. 6(1)(c)): To retain invoices and tax records as required by California and federal law.
  • Consent (Art. 6(1)(a)): For optional analytics, marketing cookies, and newsletters where applicable. You may withdraw consent at any time without affecting prior lawful processing.

4. Data retention periods

We retain data only as long as necessary for the purposes described:

  • Contact form submissions: up to twenty-four (24) months from last interaction unless a longer period is needed for active enrollment.
  • Program enrollment and payment records: seven (7) years from the end of the fiscal year in which the transaction occurred, for accounting and dispute resolution.
  • Server logs: ninety (90) days unless required for security investigations.
  • Cookie consent records: twelve (12) months, then refreshed upon your next visit.
  • Marketing lists: until you unsubscribe or twelve (12) months of inactivity, whichever occurs first.

When retention periods expire, we delete or anonymize data using secure erasure procedures.

5. Online advertising and measurement

If you arrived via online advertising (including Google Ads), we may use conversion and analytics tools only after you consent to marketing or analytics cookies. These tools help us measure whether visitors request information—not to sell personal data. Google and other partners may process technical identifiers under their own policies when tags are enabled. You can withdraw consent through our cookie banner or browser settings.

We do not use sensitive interest categories prohibited by advertising policies, and we do not retarget based on health conditions.

6. Recipients and international transfers

We do not sell personal data. We may share data with:

  • Hosting and email delivery providers under data processing agreements.
  • Payment processors that handle card transactions independently as controllers.
  • Professional advisers (lawyers, accountants) bound by confidentiality.
  • Authorities when required by valid legal process.

Where processors are located outside your country, we rely on Standard Contractual Clauses, adequacy decisions, or equivalent safeguards as applicable.

7. Security measures

We implement technical and organizational measures appropriate to the risk, including HTTPS encryption for data in transit, access controls for staff accounts, regular software updates, encrypted backups, and training on confidentiality. No method of transmission over the Internet is completely secure; we encourage strong passwords on any accounts we provide and prompt reporting of suspected incidents to touch@sieveback.world.

8. Your rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request confirmation whether we process your data and receive a copy.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion when data is no longer necessary or consent is withdrawn, subject to legal exceptions.
  • Restriction: Limit processing in certain circumstances.
  • Portability: Receive data you provided in a structured, machine-readable format where processing is automated and based on consent or contract.
  • Objection: Object to processing based on legitimate interests or direct marketing.
  • Withdraw consent: At any time for consent-based processing.
  • Complaint: Lodge a complaint with your local supervisory authority. In the EU, you may contact your national Data Protection Authority. California residents may also exercise rights under the CCPA/CPRA as described below.

8.1 California privacy rights

California residents may request disclosure of categories collected, sources, business purposes, and third parties; deletion subject to exceptions; and correction of inaccurate information. We do not sell or share personal information for cross-context behavioral advertising as defined under CPRA. Submit requests to touch@sieveback.world with sufficient verification. Authorized agents may submit requests with written authorization.

9. Children

Our services target adults. We do not knowingly collect data from individuals under sixteen (16). If you believe a child provided data, contact us for prompt deletion.

10. Changes to this policy

We may update this Privacy Policy to reflect legal or operational changes. Material updates will be indicated by revising the date at the top of this page. Continued use after publication constitutes acknowledgment of non-material updates where permitted by law.

11. Contact for privacy matters

For any privacy-related request, email touch@sieveback.world or write to the postal address above with the subject line "Privacy Request." We respond within thirty (30) days where GDPR applies, or sooner when required by local law.