PRIVACY POLICY
Effective Date: February 19, 2026
Last Updated: February 19, 2026
This Privacy Policy applies to all users of our services, with specific provisions for:
California residents (CCPA compliance)
European Economic Area, United Kingdom, and Switzerland residents (GDPR compliance)
Controller/Business: Paloma Neuman / Zero To Sold-Out Retreats
Contact: hello@palomaneuman.com
Website: palomaneuman.com
Mailing Address: 6713 Rolando Knolls Drive, La Mesa, California, 91942
1. INTRODUCTION
We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains:
What personal data we collect
How we use your data
Your privacy rights (including CCPA and GDPR rights)
How we protect your information
For California Residents: See Section 13 for your specific CCPA rights
For European Users: See Section 14 for your specific GDPR rights
2. WHO WE ARE
Business Name: Paloma Neuman
Owner: Paloma Neuman
Role: We are the "data controller" (GDPR) and "business" (CCPA) of your personal information
Contact for Privacy Matters:
Email: hello@palomaneuman.com
Mailing Address: Rolando Knolls Drive, La Mesa, California, 91942
3. INFORMATION WE COLLECT
3.1 Personal Information You Provide
When you purchase our products or services:
Name
Email address
Billing address
Payment information (processed by third-party processors)
Phone number (optional)
When you create an account or join our community:
Username
Profile information (optional)
Communication preferences
When you contact us:
Name
Email address
Message content
Any information you choose to share
When you subscribe to our email list:
Email address
Name (optional)
Communication preferences
3.2 Information Collected Automatically
When you visit our website:
IP address
Browser type and version
Device type and operating system
Pages visited and time spent
Referring website/source
Date and time of visits
Cookies and similar tracking technologies
3.3 Information from Third Parties
We may receive information from:
Payment processors (Stripe, PayPal)
Email service providers (Systeme.io)
Community platforms (Skool)
Analytics providers (Google Analytics)
4. CATEGORIES OF PERSONAL INFORMATION (CCPA)
For California residents, we collect the following categories:
A. Identifiers
Name, email address, mailing address, IP address
B. Commercial Information
Purchase history, payment records, transaction data
C. Internet or Network Activity
Browsing history, website interactions, email engagement
D. Professional or Employment Information
Business name, profession, industry (if voluntarily provided)
E. Inferences
Preferences and interests derived from your activity
We do NOT collect:
Social Security numbers
Driver's license numbers
Sensitive personal information as defined by CCPA
Biometric data
Precise geolocation data
5. LEGAL BASIS FOR PROCESSING (GDPR)
For European Users, we process your data based on:
5.1 Contractual Necessity (GDPR Article 6(1)(b))
Fulfill our contract with you
Process payments
Deliver purchased products
Provide customer support
5.2 Legitimate Interests (GDPR Article 6(1)(f))
Improve our services
Website analytics
Fraud prevention
Internal record-keeping
5.3 Consent (GDPR Article 6(1)(a))
Marketing communications (can be withdrawn anytime)
Non-essential cookies
5.4 Legal Obligation (GDPR Article 6(1)(c))
Tax and accounting requirements
Legal compliance
6. HOW WE USE YOUR INFORMATION
6.1 Business Purposes:
Process and fulfill orders
Deliver digital products and course access
Provide customer support
Manage your account and community access
Send transactional emails (confirmations, access instructions)
Prevent fraud and ensure security
Comply with legal obligations
Maintain and improve our services
6.2 Commercial/Marketing Purposes:
Send promotional emails about our products (with consent)
Share educational content and resources
Announce new offerings or events
Personalize your experience
You can opt out of marketing communications at any time.
7. HOW WE SHARE YOUR INFORMATION
WE DO NOT SELL YOUR PERSONAL INFORMATION (CCPA & GDPR)
7.1 Service Providers (Data Processors)
We share data with third-party service providers who process data on our behalf:
Payment Processors:
Stripe, PayPal
Purpose: Process payments
Location: USA (with appropriate GDPR safeguards)
Email Service Providers:
Purpose: Send communications
Location: [Confirm location]
Community Platforms:
Skool
Purpose: Provide community access
Location: USA
Analytics Providers:
Google Analytics
Purpose: Website analytics
Location: USA
Hosting Providers:
Purpose: Host website and content
Location: USA
All service providers:
Are contractually bound to protect your data
Process data only on our instructions
Have appropriate security measures
For EU users: Standard Contractual Clauses in place
7.2 Legal Requirements
We may disclose information when required by law or to:
Comply with legal processes or court orders
Respond to government requests
Protect our rights, property, or safety
Prevent fraud or illegal activity
Enforce our terms and conditions
7.3 Business Transfers
If we are involved in a merger, acquisition, or sale of assets:
Your information may be transferred
We will notify you before transfer
You will be informed of any new privacy policy
8. INTERNATIONAL DATA TRANSFERS (GDPR)
For European Users:
Your data may be transferred to and processed in countries outside the EEA, including the United States.
We ensure appropriate safeguards through:
Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy Decisions where applicable
Your explicit consent for specific transfers
US-Based Service Providers:
We use Standard Contractual Clauses
We conduct transfer impact assessments
We implement supplementary security measures
9. COOKIES AND TRACKING TECHNOLOGIES
9.1 Types of Cookies We Use:
Strictly Necessary Cookies:
Essential for website functionality
Cannot be disabled
Examples: Session management, security, shopping cart
Analytics Cookies:
Google Analytics (tracks website usage)
Helps us understand user behavior
Can be disabled
Marketing Cookies:
Track email opens and link clicks
Help measure campaign effectiveness
Can be disabled
9.2 Your Cookie Choices:
Browser Settings:
You can disable cookies in your browser settings
Note: Disabling essential cookies may affect functionality
Opt-Out Options:
Google Analytics: https://tools.google.com/dlpage/gaoptout
Marketing emails: Use unsubscribe link
Cookie Consent (EU Users):
First-time visitors will see a cookie consent banner
You can change preferences at any time
10. DATA RETENTION
How long we keep your data:
Active Accounts:
As long as you maintain an active account
Purchase Records:
7 years (for tax, accounting, and legal compliance)
Marketing Data:
Until you unsubscribe or request deletion
Website Analytics:
Google Analytics: 26 months
Legal Requirements:
As long as required by applicable law
After Deletion:
We may retain anonymized or aggregated data for analytics
Backup copies may exist for a limited time
11. DATA SECURITY
We implement appropriate technical and organizational measures to protect your data:
Security Measures:
SSL/TLS encryption for data transmission
Secure payment processing (PCI-DSS compliant processors)
Access controls and authentication
Regular security updates
Limited employee access to personal data
Data processing agreements with service providers
Incident response procedures
However: No method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
Data Breach Notification:
We will notify affected users and authorities as required by law
GDPR: Within 72 hours to authorities if required
CCPA: Without unreasonable delay
12. CHILDREN'S PRIVACY
Our services are not directed to individuals under 18 (or 16 for EU residents, or the applicable age in your jurisdiction).
We do not knowingly collect information from children. If we learn we have collected data from a child, we will delete it immediately.
Parents/Guardians: If you believe your child has provided us with personal information, contact us at hello@palomaneuman.com.
13. YOUR CALIFORNIA PRIVACY RIGHTS (CCPA)
If you are a California resident, you have the following rights:
13.1 Right to Know
You can request information about:
Categories of personal information we collected
Categories of sources from which we collected information
Business or commercial purpose for collecting information
Categories of third parties with whom we share information
Specific pieces of personal information we collected about you
13.2 Right to Delete
You can request deletion of your personal information, subject to certain exceptions:
Completing transactions
Detecting and preventing fraud/security incidents
Legal compliance
Internal uses reasonably aligned with your expectations
13.3 Right to Opt-Out of Sale
We do NOT sell your personal information. However, you have the right to opt-out if our practices change.
13.4 Right to Correct
You can request correction of inaccurate personal information.
13.5 Right to Limit Use of Sensitive Personal Information
We do not collect or use sensitive personal information as defined by CCPA.
13.6 Right to Non-Discrimination
We will NOT discriminate against you for exercising your CCPA rights.
We will not:
Deny goods or services to you
Charge different prices or rates
Provide a different level or quality of service
Suggest you will receive different prices or quality of service
13.7 How to Exercise Your Rights
To submit a request:
Email: hello@palomaneuman.com
Subject Line: "CCPA Privacy Request"
Please include:
Your full name
Email address associated with your account
Specific request type (right to know, delete, etc.)
Enough information to verify your identity
Verification Process:
We will verify your identity before responding
We may request additional information to confirm identity
Response Time:
We will respond within 45 days
May extend to 90 days for complex requests (we will notify you)
Authorized Agents:
You may designate an authorized agent to make requests on your behalf
We will require written proof of authorization
14. YOUR EUROPEAN PRIVACY RIGHTS (GDPR)
If you are a resident of the EEA, UK, or Switzerland, you have the following rights:
14.1 Right of Access (Article 15)
Request a copy of the personal data we hold about you.
14.2 Right to Rectification (Article 16)
Request correction of inaccurate or incomplete data.
14.3 Right to Erasure / "Right to be Forgotten" (Article 17)
Request deletion of your personal data, subject to certain exceptions.
14.4 Right to Restriction of Processing (Article 18)
Request that we limit how we use your data.
14.5 Right to Data Portability (Article 20)
Request a copy of your data in a structured, machine-readable format.
14.6 Right to Object (Article 21)
Object to processing based on legitimate interests or for direct marketing.
14.7 Right to Withdraw Consent (Article 7(3))
Withdraw consent at any time (doesn't affect prior processing based on consent).
14.8 Right to Lodge a Complaint
File a complaint with your local Data Protection Authority:
EU Data Protection Authorities: https://edpb.europa.eu/about-edpb/board/members_en
UK: Information Commissioner's Office (ICO) - https://ico.org.uk
Switzerland: Federal Data Protection and Information Commissioner (FDPIC)
14.9 How to Exercise Your Rights
To submit a request:
Email: hello@palomaneuman.com
Subject Line: "GDPR Data Subject Request"
Please include:
Your full name
Email address
Country of residence
Specific request type
Response Time:
We will respond within 30 days
May extend to 60 days for complex requests (we will notify you within 30 days)
No Fee:
Exercising your rights is free unless requests are manifestly unfounded or excessive
15. AUTOMATED DECISION-MAKING
We do NOT use automated decision-making or profiling that produces legal effects or similarly significant effects on you.
We may use analytics to understand user behavior and improve services, but this does not result in automated decisions that affect your rights.
16. THIRD-PARTY LINKS
Our website and emails may contain links to third-party websites or services.
Important:
We are not responsible for the privacy practices of third parties
Please review their privacy policies before providing information
This Privacy Policy applies only to our services
17. CALIFORNIA "SHINE THE LIGHT" LAW
California Civil Code Section 1798.83 allows California residents to request information about disclosure of personal information to third parties for direct marketing purposes.
We do not share personal information with third parties for their direct marketing purposes.
18. DO NOT TRACK SIGNALS
Some browsers have "Do Not Track" features. We currently do not respond to Do Not Track signals because there is no industry standard for compliance.
19. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy occasionally to reflect:
Changes in our practices
Legal or regulatory changes
New features or services
When we make changes:
We will post the updated policy on this page
We will update the "Last Updated" date
For material changes, we will notify you by email or prominent website notice
Your continued use after changes constitutes acceptance.
20. CONTACT US
General Privacy Questions:
Email: hello@palomaneuman.com
Website: palomaneuman.com
Mailing Address: 6713 Rolando Knolls Drive, La Mesa, 91942
For Privacy Rights Requests:
California Residents (CCPA): Subject line "CCPA Privacy Request"
European Users (GDPR): Subject line "GDPR Data Subject Request"
Response Times:
CCPA requests: 45 days
GDPR requests: 30 days
Complaints:
California: California Attorney General's Office
EU/UK/Switzerland: Your local Data Protection Authority
Paloma Neuman
Rolando Knolls Drive La Mesa, CA 91942
Term Links