Privacy Policy

1. Who We Are

This Privacy Policy explains how Today Natural Journey (https://todaynaturaljourney.blog) handles your personal data. Data controller: Today Natural Journey, contact email [email protected].

If you reside in the European Economic Area (EEA) or the United Kingdom, Today Natural Journey acts as the “controller” under the GDPR/UK GDPR.

2. Scope

This Policy applies to all services, content, and features offered by Today Natural Journey (the “Service”), including the website, applications, forms, wellbeing programs, memberships, and communications.

3. Data We Collect

3.1 Data you provide

• Identity & contact: name, email, phone, country/city.
• Account & profile: optional photo, preferences, time zone.
• Transactions: purchase history, plan, amount, currency (card data is handled by the payment provider; we do not store the full PAN).
• Communications: support messages, surveys, testimonials.
• Wellbeing information (optional & sensitive): habits, activity level, goals, journals, questionnaire responses. Please do not submit diagnoses, medical reports, or clinical health data unless we explicitly request it with your consent.

3.2 Data collected automatically

• Technical data: IP, browser type/version, operating system, language, device, pages visited, access times, UTM/referrer.
• Cookies & similar technologies: see “Cookies & tracking technologies”.

3.3 Third-party data

• Payment processors (e.g., Stripe/PayPal) provide payment confirmations.
• Analytics/marketing tools (e.g., Google Analytics, Meta) provide aggregated statistics.
• Social networks if you interact with widgets or sign in with them.

4. Purposes & Legal Bases (GDPR)

We process your data to:

• Deliver the Service, manage your account, provide support. Legal basis: contract performance.
• Process payments, invoicing, fraud prevention. Legal basis: contract performance and legitimate interest; compliance with legal obligations (e.g., tax).
• Send operational communications (confirmations, account notices). Legal basis: contract performance.
• Send marketing communications (wellbeing tips, updates, offers). Legal basis: your consent, which you may withdraw at any time.
• Analytics, usage metrics, product improvement, security. Legal basis: legitimate interest (low impact and safeguards applied).
• Personalized wellbeing content (if you enable it). Legal basis: consent (may involve special categories of data).
• Legal compliance and responses to authorities. Legal basis: legal obligation.

5. Special Categories (Wellbeing Data)

Some information you choose to share may reveal health or habit-related details. We process it only if you submit it voluntarily and, when required by law, with your explicit consent. You can withdraw consent at any time via your account settings or by emailing [email protected].

6. Cookies & Tracking Technologies

We use first- and third-party cookies to operate the site, remember preferences, compile statistics, and—if you consent—personalize content/marketing. Manage your preferences at https://todaynaturaljourney.blog/cookies or via the consent banner. For details, see our Cookies Policy (if available).

7. Data Retention

We retain data only as long as necessary for the purposes described:

• Active accounts: while your account remains active.
• Billing & accounting: up to 7 years to meet legal obligations.
• Marketing: until you withdraw consent or 24 months without interaction.
• Security logs: between 6 and 12 months.

We delete or anonymize data after these periods unless the law requires longer retention.

8. Sharing Your Data

We may share data with:

• Processors (service providers that help us operate): hosting/CDN, analytics, transactional email, customer support, payment gateways. We sign contracts requiring confidentiality and security.
• Public authorities when legally required.
• Corporate transactions: in mergers, acquisitions, or restructurings your information may transfer as an asset; we will notify you when relevant.
• Aggregated/anonymous data: we may publish statistics that do not identify you.

We do not sell your personal data.

9. International Transfers

If we transfer data outside the EEA/UK (e.g., to the US), we implement appropriate safeguards such as EU Standard Contractual Clauses or UK equivalents, plus transfer impact assessments. You can request a copy of these safeguards.

10. Security

We apply reasonable technical and organizational measures (encryption in transit, access controls, logging, backups). No system is 100% secure; we will notify incidents in line with applicable regulations.

11. Your Rights (GDPR/UK GDPR)

You may access, rectify, erase, restrict, object to processing, and port your data. You can also withdraw consent at any time (without affecting prior lawful processing). To exercise rights, email [email protected] with your request and proof of identity. We will respond within one month (extendable for complex cases).

Complaints: contact your supervisory authority. Example: Portugal – Comissão Nacional de Proteção de Dados (CNPD); Spain – Agencia Española de Protección de Datos (AEPD).

12. Minors

The Service is not directed to children under 16 (or the minimum age in your country). We do not knowingly collect their data. If you believe a minor provided information, contact us to delete it.

13. Automated Decisions

We do not make decisions producing legal effects solely based on automated processing. If we introduce automated wellbeing recommendations in future, we will request your consent and explain the logic and possible consequences.

14. Third-Party Services & Links

Our site may include links or integrations (e.g., YouTube, Instagram, Google Maps). Their data practices follow their own policies; please review them.

15. Typical Providers (Examples)

• Analytics: Google Analytics – opt-out via browser add-on or consent management platform.
• Marketing: Meta Ads, Mailchimp.
• Payments: Stripe, PayPal.

We will update this list on our site if relevant providers change.

16. Databases, Testimonials & Community

If you post testimonials, forum comments, or community content, it may be publicly visible. Avoid sharing sensitive information. We may moderate or remove content that violates our rules.

17. Changes to this Policy

We may update this Policy to reflect legal or operational changes. We will publish the new version with its date. For substantial changes, we will seek to notify you (email or site notice).

18. Contact

Questions, requests, or complaints about privacy:

• Email: [email protected]
• Privacy requests form: https://todaynaturaljourney.blog/privacy-request
• Data Protection Officer (if applicable): [email protected]

Annex – California Rights (CCPA/CPRA)

If you are a California resident, you may have additional rights (access, deletion, correction, restriction of sensitive information, opt-out of “sale/share” for behavioral ads). To exercise them, email [email protected] or visit https://todaynaturaljourney.blog/do-not-sell. We will verify your identity and respond within legal timeframes.