Privacy Policy

Effective Date: May 2026

We take your privacy seriously and are committed to being transparent about how we collect, use, and protect your personal information. This Privacy Policy ("Policy") outlines the practices of The Inner Atlas ("Company," "we," "us," or "our") regarding your access and use of our website, mobile applications, and related services (the "Services").

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you have any questions or concerns, please contact us at privacy@theinneratlas.space.

What We Do

The Inner Atlas provides a transformative personal assessment tool (the "Portrait") designed to help you understand yourself more deeply. Our Services also include access to curated journaling resources, and invitations to exclusive retreat experiences for select participants.

Our assessment does not process sensitive information about you (such as health conditions, racial or ethnic origin, sexual orientation, political views, or religious beliefs). The questions in our assessment are reflective and general, designed to illuminate your authentic self without intrusion into your private life.

For users in the EU and other jurisdictions: We do not use automated decision-making alone to generate your assessment results. A combination of algorithmic analysis and human expertise informs your personalized insights. We do not engage in profiling as defined by GDPR.

1. Data Controller

The Inner Atlas

For questions or requests regarding your privacy rights, you may contact us at: privacy@theinneratlas.space

2. What Information We Collect

Account & Registration Information

When you create an account, subscribe to our Services, or interact with us, we collect:

  • Name and email address
  • Password (hashed and securely stored)
  • Phone number (if you choose to provide it)
  • Billing address (for paid services)
  • Any information you provide through contact forms

Assessment & Personal Data

When you complete our Portrait assessment, we collect:

  • Your written responses to open-ended questions
  • Your selections from multiple-choice questions
  • Your assessment results and personalized insights report
  • Completion timestamp and duration

Transaction Information

For paid services (detailed analysis reports, retreat signups), we collect:

  • Transaction details and purchase history
  • We do NOT store credit card information. All payment processing is handled securely by Stripe, PayPal, or similar third-party processors. You should review their privacy policies directly.

Device & Technical Information

When you access our Services, we automatically collect:

  • IP address and browser type
  • Device information (operating system, device type)
  • Browsing activity on our website
  • Cookies and similar tracking technologies (see "Cookies" section below)
  • General geographic location (country/region level, not precise)

Communication Information

When you contact us or subscribe to our mailing list, we collect:

  • Email address
  • Any messages you send us
  • Preferences regarding communications

Retreat-Related Information

If you express interest in or register for a retreat experience, we collect:

  • Your assessment responses and insights
  • Dietary preferences, accessibility needs, and other relevant details
  • Emergency contact information
  • Any special requests or health considerations you share with us

3. How We Use Your Information

To Provide & Improve Services

  • Generate your personalized assessment report
  • Deliver your Portrait results and insights
  • Enable your access to journaling resources
  • Respond to your inquiries and support requests
  • Process your retreat registration and accommodations

For Analytics & Research

  • Analyze aggregate trends in assessment responses (anonymized)
  • Improve the accuracy and relevance of our assessment
  • Understand how users interact with our Services
  • Conduct research to enhance user experience

For Marketing & Communications

  • Send you updates about new retreat offerings
  • Share journaling prompts and insights
  • Deliver emails you've opted into
  • Respond to your inquiries

For Security & Legal Compliance

  • Detect and prevent fraud or unauthorized access
  • Comply with legal obligations and law enforcement requests
  • Enforce our Terms of Use and other agreements
  • Protect the rights, privacy, and safety of our users and Services

Legal Basis for Processing

For EU users: Our processing is based on:

  • Contractual Necessity: To provide Services you've requested or purchased
  • Legitimate Interest: To operate our business, improve Services, and prevent fraud
  • Your Consent: For marketing communications and optional data processing
  • Legal Obligation: To comply with applicable laws

4. Who We Share Your Information With

Retreat Providers & Partners

If you register for a retreat experience, we share relevant information with our retreat partners and service providers, including:

  • Your name, email, and contact information
  • Your assessment insights (to personalize your experience)
  • Dietary preferences, accessibility needs, and health considerations
  • Special requests or accommodations

These partners are contractually obligated to protect your information and use it only for providing the retreat experience.

Service Providers

We work with trusted third parties who assist us in operating our Services:

  • Email & Mailing List: Services like Mailchimp or similar for sending communications
  • Payment Processing: Stripe, PayPal, or similar for handling transactions
  • Cloud Storage: Supabase for securely storing your data
  • Analytics: Google Analytics and similar tools to understand user behavior
  • Technical Support: Third-party support platforms

These service providers are contractually bound to use your information only as necessary to provide services to us and to maintain confidentiality.

Legal Requirements

We may disclose information when required by law, including:

  • Responses to government requests, subpoenas, or court orders
  • Compliance with legal obligations or regulations
  • Prevention of fraud or illegal activity
  • Protection of our rights, your rights, or the safety of others

Business Transfers

If The Inner Atlas is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

Your Consent

We may share information with other parties when you explicitly consent or request us to do so.

What We Do NOT Do

  • We do NOT sell your personal information to third parties.
  • We do NOT use your assessment responses for purposes other than those described here without your consent.
  • We do NOT share your data for marketing purposes without your explicit opt-in.

5. How Long We Keep Your Information

Assessment Data

Your Portrait assessment responses and detailed insights are retained for 6 months following the completion of your retreat experience (or from the date you requested deletion if you do not participate in a retreat). After this period, your assessment data will be securely deleted from our systems.

We may retain anonymized, aggregated data from assessments indefinitely for research and analytics purposes.

Account Information

Your account information (name, email, password) is retained as long as your account remains active. If you request deletion or your account becomes inactive for more than 12 months, we will delete your account information.

Transaction Records

Payment and transaction records are retained for as long as required by applicable law (typically 7 years for tax and accounting purposes).

Communications

Email communications and customer support records are retained for 2 years unless longer retention is required by law.

Mailing List Data

Email addresses for mailing list subscribers are retained until you unsubscribe or request deletion.

Retreat-Related Data

Information collected for retreat participation (health details, preferences, emergency contacts) is retained for the duration of your retreat experience and for 6 months afterward, then securely deleted.

6. Cookies & Tracking Technologies

Our Services may use cookies, pixels, web beacons, log files, and similar technologies to collect information about your browsing behavior and device. This helps us:

  • Remember your preferences and login information
  • Understand how you use our Services
  • Measure the effectiveness of our website
  • Deliver personalized content and advertisements

Types of Cookies

  • Essential Cookies: Required for basic website functionality (login, security)
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Help us understand user behavior (e.g., Google Analytics)
  • Marketing Cookies: Deliver targeted advertisements based on your interests

Third-Party Analytics & Advertising

We use services like Google Analytics to track website traffic and user behavior. Google may use this information to contextualize and personalize its own advertising network. For more information, visit:

  • Google Privacy Policy: https://policies.google.com/privacy
  • Google Analytics Opt-Out: https://tools.google.com/dlpage/gaoptout

Managing Your Cookie Preferences

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when they are sent. Please note that disabling essential cookies may affect website functionality.

For more information about cookies and how to manage them, visit: https://www.allaboutcookies.org/

Do Not Track Signals

Our Services do not currently respond to "Do Not Track" browser signals. However, we do honor Global Privacy Control (GPC) signals where supported.

7. Data Security & International Transfers

Security Measures

We implement industry-standard technical and organizational security measures to protect your personal information, including:

  • Encryption in transit (SSL/TLS) and at rest
  • Secure password hashing
  • Regular security audits and monitoring
  • Access controls and authentication protocols
  • Secure deletion of data after retention periods

Important: While we employ strong security measures, no system is 100% secure. We cannot guarantee absolute protection against all unauthorized access or data breaches. You use our Services at your own risk.

International Data Transfers

Your personal information may be transferred to, stored in, and processed in countries outside your country of residence, including the United States and countries where our service providers operate. These countries may have different data protection laws than your jurisdiction.

For EU/EEA Users: When we transfer personal data outside the EU/EEA, we do so in compliance with GDPR, including through Standard Contractual Clauses (SCCs). By using our Services, you consent to the transfer of your information to countries outside the EU/EEA as described in this Policy.

For UK Users: We ensure appropriate safeguards are in place for international transfers, including compliance with UK data protection laws.

8. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. To exercise any of the following rights, please contact us at privacy@theinneratlas.space with the subject "Privacy Request" and include your name and the email address associated with your account.

Right to Access

You have the right to request and obtain a copy of the personal information we hold about you, including the categories of data collected, the sources, and how it's used.

Right to Rectification

You have the right to request correction of inaccurate or incomplete information about you.

Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal information, subject to certain legal exceptions (e.g., if we have a legal obligation to retain it). Upon request, we will delete your assessment data and account information, though transaction records may be retained as required by law.

Right to Data Portability

You have the right to request your personal information in a structured, commonly-used format that you can transmit to another service provider.

Right to Restrict Processing

You have the right to request that we limit how we use your information while you address a dispute or we verify its accuracy.

Right to Object

You have the right to object to our processing of your information for legitimate interests or marketing purposes. If you object, we will cease processing for those purposes unless we have a compelling legal reason to continue.

Right to Withdraw Consent

If we process your information based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before you withdrew consent.

Right to Opt-Out of Marketing

You may unsubscribe from marketing emails by clicking the "unsubscribe" link in any email or by contacting us. Please note that you may still receive non-marketing communications (e.g., account updates, retreat confirmations).

Right to Lodge a Complaint

For EU/EEA Users: You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights. A list of EU authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

Response Timeline

We will respond to your privacy requests within 30 days of receipt (or as required by applicable law). If your request is complex, we may extend this period. You will be notified of any extension.

Verification

We may ask you to verify your identity before processing your request to protect your privacy and security.

9. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we discover that we have collected information from a child under 18, we will promptly delete it from our records.

Parents or guardians who believe their child has provided information to us should contact us immediately at privacy@theinneratlas.space.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated Policy on our website with an updated "Effective Date." Your continued use of our Services after any changes constitutes your acceptance of the updated Policy.

We encourage you to review this Policy regularly to stay informed about how we protect your privacy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

Email: privacy@theinneratlas.space
For Inquiries: feedback@theinneratlas.space

We value your privacy and are committed to addressing your concerns promptly and transparently.

12. Additional Information for Specific Regions

California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the "sale" or "sharing" of personal information. We do not sell your personal information. For more information about your California privacy rights, you may contact us at privacy@theinneratlas.space.

EU/EEA Residents (GDPR)

If you are a resident of the European Union or European Economic Area, you have rights under the General Data Protection Regulation (GDPR), as outlined in Section 8 of this Policy. We process your data in compliance with GDPR requirements.

UK Residents (UK GDPR)

If you are a UK resident, your data is protected under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We comply with these regulations in processing your personal information.