Privacy policy.

Effective date: [18 September 2025]
Who we are: Rhythm Wellness Club (“Rhythm”, “we”, “us”, “our”).
Contact: [hello@rhythmwellnessclub.com] · [82A James Carter Road, Mildenhall, Suffolk, 1P28 7DE, UK ]

This Policy explains how we collect, use, disclose, and protect your information when you use our website, app, programs, and communities (the “Services”). It applies globally, with additional disclosures for UK/EU residents (GDPR) and US residents (including California).

1) What we collect

Information you provide

  • Account & contact info (name, email, password, country/time zone).

  • Profile & community content (posts, comments, messages, reactions).

  • Purchase & billing details (order history; payment details are handled by our processor and never stored in full by us).

  • Program inputs (questionnaires, habits, preferences, goals).

  • Wellness information you choose to share (e.g., symptoms, routines, lab summaries). This may include special category data under GDPR; see §4.

Information we get automatically

  • Device & usage data (pages viewed, clicks, IP, app version, device type).

  • Cookies and similar technologies (pixels, SDKs, local storage). See §9.

Information from third parties

  • Payment processors (transaction confirmations).

  • Scheduling/meeting tools (booking info).

  • Analytics/advertising partners (aggregated performance data).

  • Community/app platform provider(s).

Typical service providers we use (processors)

  • Payments: Stripe (or equivalent).

  • Community/app: Circle.so (or equivalent).

  • Scheduling: Calendly (or equivalent).

  • Analytics/ads: Google Analytics / Meta (if enabled).

  • Email: [Circle.so or equivalent].

2) Why we process your data (legal bases)

We process personal data only when a legal ground applies:

  • Contract – to deliver the Services you sign up for (create your account, process payments, provide content and community access).

  • Legitimate interests – to secure and improve the Services, prevent fraud/abuse, personalize non-sensitive features, and communicate important service updates.

  • Consent – for certain emails/marketing, analytics/advertising cookies (where required), and for any special category wellness data you choose to share.

  • Legal obligation – to comply with tax, accounting, and regulatory requirements.

3) How we use your data

  • Provide, personalize, and maintain the Services (program access, saved progress, community features).

  • Process transactions, subscriptions, and customer support.

  • Recommend content and features aligned to your selections.

  • Monitor safety, enforce community guidelines, and prevent misuse.

  • Send service messages (receipts, changes to terms, security alerts).

  • With your consent, send updates, offers, or surveys (opt out anytime).

4) Special category data (wellness information)

If you share wellness-related information (e.g., cycle notes, sleep patterns, mineral/lab summaries), we process it only as voluntarily provided by you and on the basis of your explicit consent to use it for the specific purpose of personalization and program support.

  • You can choose not to share this information and still use much of the Service.

  • You can withdraw consent at any time (we’ll stop processing and, where applicable, delete or de-identify subject to legal/contractual retention).

We do not provide medical care through the Services. See our Disclaimer.

5) Sharing your data

We share data only as needed to operate the Services or when you ask us to:

  • Service providers (processors) bound by contract and only on our instructions.

  • Payment processors to complete purchases and prevent fraud.

  • Community/app platform to host accounts, posts, and interactions.

  • Analytics/ads partners (if enabled) using cookies/SDKs; see §9 and §12 (California).

  • Legal & safety – to comply with law, enforce terms, or protect rights and security.

  • Business transfers – if we merge, sell, or reorganize, your data may transfer with notice.

We do not sell personal information for money. If we use targeted advertising/analytics that qualify as “sharing” under California law, you can opt out; see §12 and our “Do Not Sell or Share My Personal Information” link (where applicable).

6) International transfers

We operate globally. If your data is transferred outside the UK/EU, we use lawful safeguards such as:

  • Standard Contractual Clauses (SCCs) and the UK Addendum, and/or

  • Participation in an adequacy framework (where applicable), and

  • Additional technical/organizational measures.

7) Data retention

We keep data only as long as needed for the purposes in this Policy, including:

  • Account data: while your account is active and for a reasonable period after closure to comply with legal/financial obligations and to resolve disputes.

  • Transaction records: as required by tax/accounting law (typically 6–10 years).

  • Community content: until you delete it or close your account (content may persist in backups for a limited time).

  • Wellness/special category data: for the minimum time needed to provide the relevant feature; deleted or de-identified when consent is withdrawn, subject to legal holds.

8) Security

We use industry-standard safeguards (encryption in transit, access controls, least-privilege). No system is 100% secure; please use a strong, unique password and keep your login private. Report concerns to [hello@rhythmwellnessclub.com].

9) Cookies & similar tech

We use cookies, pixels, and SDKs to:

  • keep you logged in, remember preferences, and provide core features;

  • measure performance; and, where enabled and consented,

  • tailor content/ads and measure marketing effectiveness.

In regions where required, we’ll ask for consent via a cookie banner. You can adjust preferences anytime via Cookie Settings and through your browser/device settings.

10) Your rights (UK/EU)

Under UK/EU GDPR, you may have the right to access, rectify, erase, restrict, object, port your data, and withdraw consent at any time. You can also complain to your local authority (e.g., ICO in the UK or your EU DPA).
Requests: [privacy@rhythmwellnessclub.com]. We will verify identity before acting.

11) Your rights (US)

Depending on your state (e.g., CA, CO, CT, VA), you may have rights to know/access, correct, delete, and opt out of sales/sharing or targeted advertising, plus appeal a decision.

  • California residents: see §12 (Notice at Collection) and our Do Not Sell or Share link (if applicable).

  • We will not discriminate against you for exercising your privacy rights.

12) California (CPRA) — Notice at Collection

Categories collected: identifiers (name, email), commercial info (purchases), internet/network activity (usage), geolocation (coarse/IP), inferences (to personalize). If you choose to share, we may process wellness information (sensitive) with your explicit consent.
Purposes: provide and improve Services, security, debugging, analytics, customer support, marketing (with consent where required).
Retention: see §7.
Selling/Sharing: we do not sell personal info for money. If we use cross-context behavioral advertising, it may be considered sharing—you may opt out via our site link “Do Not Sell or Share My Personal Information.”
Sensitive information: used only for permitted purposes with your consent; we do not use it for inferring characteristics beyond delivering the requested feature.

13) Children’s privacy

Our Services are for adults 18+. We do not knowingly collect personal data from children. If you believe a child has provided data, contact us and we’ll delete it.

14) Third-party links

Our Services may link to third-party sites/apps. Their privacy practices are their own; review their policies before using.

15) Changes to this Policy

We’ll update this Policy as needed and post the new date at the top. If changes are material, we’ll provide additional notice (e.g., email or in-app).

16) How to contact us

  • Email: hello@rhythmwellnessclub.com

  • Post: Rhythm Wellness Club, 82A James Carter Road, Mildenhall, Suffolk, 1P28 7DE, United Kingdom