Privacy policy

Scope and purpose

This policy applies when you browse vlixaroxthral.world, use our forms, email us, speak with us by phone, or purchase services. We describe processing in plain language so you can make informed choices. Where the GDPR applies, we act as controller for the activities described here unless we state otherwise.

For individuals in Canada, we align our practices with the Personal Information Protection and Electronic Documents Act (PIPEDA) and with applicable provincial privacy laws where they apply in addition to or instead of PIPEDA.

We process personal data only for defined purposes and select the narrowest reasonable means to achieve them. If we introduce a new purpose that requires consent, we will ask for it separately before that processing begins.

Categories of personal data

Depending on how you interact with us, we may process: identity and contact data (name, email, phone when you provide it); communication content (messages, intake notes, scheduling correspondence); service records (session dates, agreed plans, billing references); technical data from your device (IP address, browser type, operating system, approximate region derived from IP, referring page, pages viewed, and interaction timestamps when logs are generated); and cookie or local storage identifiers when you accept optional categories.

We do not ask you to submit sensitive categories of data through the website. If you voluntarily include such information in a message, we will treat it with additional care and limit access to personnel who need it to respond.

Legal bases

We rely on: contract when processing is necessary to deliver services you requested or to prepare an offer; legitimate interests for operating a secure site, measuring aggregate performance, preventing abuse, and improving content, where we balance those interests against your rights; consent for optional cookies and certain marketing communications where required; and legal obligation when we must retain or disclose information for tax, accounting, or regulatory reasons.

How we use personal data

We use data to reply to inquiries, schedule and document coaching sessions, issue invoices, maintain customer support history, secure our systems, analyze traffic in aggregate when analytics cookies are enabled, and comply with applicable law. We do not sell personal data and we do not use automated decision-making that produces legal effects concerning you.

Retention periods

Contact and intake records are generally retained for up to thirty-six months after the last substantive interaction unless a longer period is required for disputes, legal holds, or statutory accounting rules. Optional analytics and marketing data tied to cookies is retained for up to fourteen months after collection unless you withdraw consent earlier. Security logs may be kept for up to twelve months. Accounting and tax records follow applicable statutory periods, commonly up to seven years in Canada depending on the record type.

When retention ends, we delete or irreversibly anonymize data where deletion is technically feasible. Backups may persist for a limited additional period before rotation.

Processors and recipients

We use infrastructure and communications providers that process data on our instructions under appropriate contractual terms. Categories may include hosting, email delivery, calendar scheduling, payment processing, and optional analytics or marketing tools when you consent. We assess providers for security practices and data protection alignment before engagement.

We may disclose information when required by law, court order, or competent authority, or when necessary to protect the rights, safety, or property of clients, staff, or the public.

International transfers

If personal data is transferred outside the European Economic Area, we implement safeguards such as Standard Contractual Clauses or equivalent mechanisms where required, and we document transfer impact considerations for high-risk scenarios.

Security measures

We apply layered controls including role-based access, authentication requirements for administrative systems, transport encryption where supported by services, separation of environments where practical, and periodic review of integrations. Staff access follows least-privilege principles. No online transmission is completely risk-free; we encourage you to use strong passwords and avoid sending unnecessary sensitive details by email.

Your rights

Subject to applicable law, you may request access to your personal data, rectification of inaccuracies, erasure where grounds apply, restriction of processing, objection to processing based on legitimate interests, and data portability for data you provided where processing is automated and contract-based. You may withdraw consent for consent-based processing at any time without affecting prior lawful processing.

To exercise rights, contact us using the email or postal address above. We typically respond within one month and will explain any extension where complexity requires it. You may also lodge a complaint with a supervisory authority in your country of residence or workplace.

Children

The site is not directed at individuals under sixteen. We do not knowingly collect their personal data. If you believe we have received such data, contact us and we will delete it promptly where appropriate.

Changes to this policy

We may update this policy to reflect operational, technical, or legal developments. Material changes will be indicated on this page with an updated reference date in the hero section. Continued use after notice constitutes acceptance of the revised policy where permitted by law.