PRIVACY POLICY

Last Updated: December 10, 2025

Introduction

AyurvedaNest.org ("AyurvedaNest," "we," "us," or "our") recognizes the importance of privacy and is committed to ensuring the confidentiality, integrity, and security of personal data entrusted to us by our users. This Privacy Policy outlines our practices regarding the collection, use, management, and protection of personal information through our website and mobile application (collectively, the "Platform" or "Service"). It reflects our dedication to protect your privacy and handle your personal data transparently, responsibly, and in accordance with applicable laws, including the General Data Protection Regulation (GDPR) and Portuguese data protection laws.

Scope and Consent

This Privacy Policy applies to all users of our Service, including visitors to our Platform, individuals who complete our assessments, and subscribers to our wellness application. By accessing or using our Service, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use our Service.

Information We Collect

Personal Data

Identifying Information: Includes your name, email address, phone number (if provided), and other contact details you provide when creating an account, completing assessments, or communicating with us.

Demographic Information: Such as your age, gender, location, lifestyle preferences, and other information you voluntarily provide through our assessments and surveys.

Financial Information: Payment details, including credit card numbers and billing information, required for processing subscription transactions. Payment information is collected and processed securely through our third-party payment processors (such as Stripe) and is not stored on our servers.

Account Information: Username, password (encrypted), subscription status, subscription preferences, and account settings.

Health and Wellness Data

Assessment Responses: Information you provide when completing our dosha assessments, wellness quizzes, and other health-related questionnaires, including responses about your physical constitution, symptoms, lifestyle habits, diet, sleep patterns, stress levels, and wellness concerns.

Wellness Goals and Preferences: Information about your wellness objectives, health goals, dietary preferences, and lifestyle choices that you share with us.

Self-Reported Health Information: Any health-related information you voluntarily provide through our assessments, surveys, or communications. This may include information about your physical symptoms, mental well-being, energy levels, digestive health, and other wellness indicators.

Important Note: The health and wellness information we collect is used solely to provide you with personalized Ayurvedic assessments and recommendations. We do not collect medical diagnoses, prescription information, or medical records. Our Service is for educational and informational purposes only and does not constitute medical advice.

Usage Data

Platform Interaction Data: Details of your interactions with our Service, including pages visited, features accessed, time spent on the Platform, quiz completion rates, and navigation patterns.

Device and Technical Information: Information about your device, browser type, operating system, IP address, device identifiers, and mobile network information.

Log Data: Server logs that may include your IP address, browser type, referring/exit pages, date and time stamps, and clickstream data.

Tracking Technologies and Cookies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect and track information and to improve and analyze our Service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Types of Cookies We Use:

  • Essential Cookies: Necessary for the Platform to function properly, including authentication and security functions.

  • Analytics Cookies: Help us understand how visitors interact with our Platform by collecting and reporting information anonymously.

  • Functionality Cookies: Enable personalized features and remember your preferences.

  • Marketing Cookies: Track your activity across websites to deliver relevant advertisements (only with your consent).

How We Use Your Information

We use the information we collect for the following purposes:

To Provide and Maintain Our Service:

  • Process and fulfill your dosha assessments and wellness evaluations

  • Generate personalized Ayurvedic reports and recommendations

  • Deliver customized content based on your dosha type and wellness profile

  • Provide access to our subscription-based wellness application

  • Maintain and improve the functionality of our Platform

To Manage Your Account:

  • Create and manage your user account

  • Authenticate your identity and maintain account security

  • Process your subscription, including free trials and renewals

  • Manage your preferences and settings

To Process Transactions:

  • Execute and fulfill your subscription purchases

  • Process payments securely through our payment processors

  • Send billing statements and payment confirmations

  • Handle billing inquiries and disputes

To Communicate With You:

  • Send you personalized wellness reports and assessment results

  • Provide customer support and respond to your inquiries

  • Send service-related communications, including account verification, security alerts, and updates

  • Notify you of changes to our Service or policies

  • Send promotional communications and newsletters (with your consent, where required)

To Improve Our Service:

  • Conduct research and analysis to understand user preferences and behavior

  • Develop new features, products, and services

  • Analyze trends and usage patterns to optimize user experience

  • Test and evaluate new technologies and methodologies

To Ensure Security and Compliance:

  • Monitor and protect the security of our Platform

  • Detect, prevent, and respond to fraud, security breaches, and illegal activities

  • Enforce our Terms and Conditions and other policies

  • Comply with legal obligations and regulatory requirements

For Marketing and Promotional Purposes:

  • Send you information about our services, features, and promotions (with your consent)

  • Conduct surveys and gather feedback

  • Personalize marketing communications based on your interests and preferences

Legal Basis for Processing Personal Data (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the specific context in which we collect it. We collect personal data from you only where:

Consent: We have your explicit consent to process your personal data for specific purposes, such as sending marketing communications or processing sensitive wellness data.

Contract Performance: The processing is necessary to fulfill our contractual obligations to you, such as providing your personalized assessment reports or maintaining your subscription.

Legitimate Interests: The processing is in our legitimate business interests and not overridden by your data protection interests or fundamental rights and freedoms. This includes improving our services, conducting analytics, and ensuring platform security.

Legal Obligation: We need to process your personal data to comply with legal obligations, such as tax reporting or responding to legal requests.

You have the right to withdraw your consent at any time where we rely on consent as the legal basis for processing. However, this will not affect the lawfulness of processing based on consent before its withdrawal.

Data Storage and Security

Data Storage Location

Your personal data is stored on secure servers in compliance with applicable data protection laws. We utilize cloud service providers with robust security measures and data protection frameworks, including services located in the European Union and other jurisdictions with adequate data protection standards.

Security Measures

We employ comprehensive physical, electronic, and procedural safeguards to protect your personal data from unauthorized access, disclosure, alteration, and destruction. Our security measures include:

  • Encryption: SSL/TLS encryption for data transmission and encryption at rest for sensitive data

  • Access Controls: Strict access controls and authentication measures to limit data access to authorized personnel only

  • Security Monitoring: Continuous monitoring for security threats and vulnerabilities

  • Regular Security Assessments: Periodic security audits and vulnerability assessments

  • Secure Payment Processing: PCI DSS compliant payment processing through trusted third-party processors

  • Data Minimization: Collection of only the data necessary for our specified purposes

  • Employee Training: Regular security awareness training for all personnel handling personal data

Data Security Limitations

While we implement industry-standard security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your personal data. You are responsible for maintaining the confidentiality of your account credentials and for any activities under your account.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

Active Accounts: Personal data is retained while your account is active and you continue to use our Service.

Subscription Data: Payment and transaction records are retained for accounting, tax, and legal compliance purposes, typically for 7 years or as required by applicable law.

Assessment Data: Your quiz responses and assessment results are retained as long as your account is active to provide ongoing personalized recommendations. You may request deletion at any time.

Marketing Data: Contact information for marketing purposes is retained until you unsubscribe or request deletion.

Legal Requirements: Some data may be retained longer to comply with legal obligations, resolve disputes, or enforce our agreements.

After the retention period expires, your personal data will be securely deleted or anonymized in a manner that prevents reconstruction.

Sharing and Disclosure of Information

Service Providers

We engage trusted third-party companies and individuals to facilitate our Service ("Service Providers"). These service providers may include:

  • Payment Processors: To securely process subscription payments and transactions (e.g., Stripe, PayPal)

  • Cloud Hosting Providers: To store and manage data securely (e.g., Google Cloud Platform, Amazon Web Services)

  • Email Service Providers: To send automated reports, notifications, and marketing communications

  • Analytics Providers: To analyze Platform usage and improve user experience (e.g., Google Analytics)

  • Customer Support Tools: To provide efficient customer service and support

These third parties have access to your personal data only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose. We enter into data processing agreements with service providers to ensure they comply with applicable data protection laws and maintain appropriate security measures.

Legal Requirements and Protection

AyurvedaNest may disclose your personal data when we believe in good faith that such disclosure is necessary to:

  • Comply with a legal obligation, court order, or legal process

  • Protect and defend our rights, property, or safety, or that of our users or the public

  • Prevent or investigate possible wrongdoing, fraud, or security breaches in connection with the Service

  • Respond to lawful requests from public authorities, including law enforcement or national security requirements

  • Enforce our Terms and Conditions and other agreements

Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal data may be transferred to the successor entity. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.

Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. This data may be used for research, analytics, marketing, or other business purposes without restriction.

Commitment to Data Privacy: No Sale of Personal Data

At AyurvedaNest, we uphold the highest standards of privacy and data protection. We want to be absolutely clear: We will never sell, lease, rent, or otherwise commercially exploit your personal data to third parties for monetary gain.

This commitment is fundamental to our values and business practices:

User Trust: The trust you place in us by sharing your personal wellness information is sacred. We honor this trust by ensuring your data remains confidential and is used solely to enhance and deliver our services to you.

Privacy by Design: Our service architecture and business model are built on the principle of privacy by design. Protecting your privacy is integrated into every aspect of our Platform, not added as an afterthought.

Ethical Standards: We adhere to the highest ethical standards in all operations, including how we handle your personal data. Your wellness journey is personal, and we treat your information with the respect and confidentiality it deserves.

Regulatory Compliance: Our commitment aligns with global data protection regulations, including the GDPR, which emphasize the importance of personal data protection and strictly limit the conditions under which personal data can be shared or sold.

Transparency: We believe in complete transparency about our data practices. This Privacy Policy outlines exactly how we use your information, and we will never use it in ways that contradict our stated purposes without your explicit consent.

Your Data Protection Rights

You have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee if your request is manifestly unfounded or excessive.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure ("Right to be Forgotten")

You have the right to request that we erase your personal data under certain conditions, such as when the data is no longer necessary for the purposes for which it was collected or when you withdraw consent.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data under certain conditions, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, in a structured, commonly used, and machine-readable format.

Right to Object

You have the right to object to our processing of your personal data under certain conditions, particularly for direct marketing purposes.

Right to Withdraw Consent

Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before withdrawal.

Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Our wellness assessments use algorithms to generate recommendations, but these are not automated legal or similarly significant decisions.

How to Exercise Your Rights

To exercise any of these rights, please contact us at hello@ayurvedanest.org. We will respond to your request within 30 days. You may also have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of alleged infringement.

Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. If we become aware that we have collected personal data from children under 18 without verification of parental consent, we will take steps to remove that information from our servers.

International Transfers of Personal Data

Your information, including personal data, may be transferred to and maintained on computers located outside of your country, state, province, or other governmental jurisdiction where data protection laws may differ from those of your jurisdiction.

If you are located outside Portugal and choose to provide information to us, please note that we transfer the data, including personal data, to Portugal and process it there.

For EEA Users: When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission

  • Transfers to countries with adequacy decisions

  • Service providers certified under relevant data protection frameworks

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to such transfers.

Third-Party Links and Services

Our Platform may contain links to third-party websites, applications, or services that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. This includes payment processors, which have their own privacy policies governing how they handle your payment information.

Marketing Communications and Opt-Out

Email Communications

We may send you marketing communications about our services, features, promotions, and content that may be of interest to you. You can opt out of receiving marketing emails at any time by:

  • Clicking the "unsubscribe" link at the bottom of any marketing email

  • Adjusting your email preferences in your account settings

  • Contacting us at hello@ayurvedanest.org

Please note that even if you opt out of marketing communications, we will still send you transactional and service-related emails, such as assessment reports, account notifications, and important updates about our Service.

Do Not Track Signals

Some web browsers have a "Do Not Track" feature that signals to websites that you do not want your online activities tracked. Our Platform does not currently respond to Do Not Track signals.

California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

Right to Know: You can request information about the personal data we have collected about you in the past 12 months.

Right to Delete: You can request deletion of your personal data, subject to certain exceptions.

Right to Opt-Out of Sale: We do not sell your personal data, so this right does not apply.

Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights.

To exercise these rights, contact us at hello@ayurvedanest.org.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page

  • Updating the "Last Updated" date at the top of this policy

  • Sending you an email notification (for significant changes)

  • Displaying a prominent notice on our Platform

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Service after any changes become effective constitutes your acceptance of the revised Privacy Policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: hello@ayurvedanest.org
Website: https://ayurvedanest.org
Business Location: Portugal

For GDPR-Related Inquiries:
If you are located in the EEA and have concerns about our data practices, you may also contact your local data protection authority.

Data Protection Officer

For significant data protection inquiries or to exercise your rights under GDPR, you may contact our Data Protection Officer at: hello@ayurvedanest.org

By using AyurvedaNest, you acknowledge that you have read, understood, and agree to this Privacy Policy.

Last Updated: December 10, 2025

AyurvedaNest.org - All Rights Reserved