Privacy Policy

Last Updated: July 30, 2025

1. Introduction
Welcome to The Spiritual Vault. Your privacy is critically important to us. This Privacy Policy outlines how The Spiritual Vault ("The Spiritual Vault," "we," "us," or "our") collects, uses, protects, and shares your personal information when you use our website, services, and applications (collectively, the "Platform").
We are committed to protecting your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This policy explains what information we collect, why we collect it, the legal basis for our processing, and your rights as a data subject.

2. Who is the Data Controller?
For the purpose of the UK GDPR, the data controller is:
The Spiritual Vault Email: hello@thespiritualvault.com
This is the entity responsible for your personal data.

3. What Information We Collect
We collect information to provide and improve our service. The type of information we collect depends on your interaction with our Platform (whether you are a Client or a Medium).

3.1. Information You Provide Directly:
  • Account Registration Data: When you create an account, we collect your name, email address, and password.
  • Profile Information: Mediums may provide additional information for their public profile, such as a biography, photograph, areas of specialty, and other professional details.
  • Payment Information: To process payments for readings, we use a third-party payment processor (e.g., Stripe). We do not store your full credit card or bank account details on our servers. The processor will collect the necessary payment information directly from you.
  • Communications and Readings: We collect the content of communications between you and other users (i.e., between a Client and a Medium), which includes the digital readings themselves. We also collect the content of any communications you have with our support team.
  • Reviews and Feedback: If you are a Client, we collect the reviews and ratings you provide for Mediums.
3.2. Information We Collect Automatically:
  • Usage and Log Data: We automatically collect information about your interactions with the Platform, such as your IP address, browser type, device information, operating system, pages visited, the date and time of your visit, and referring URLs.
  • Cookies and Similar Technologies: We use cookies to operate and administer our Platform, gather usage data, and improve your experience. For more information, please see our "Cookies" section below.

4. How We Use Your Information and Our Lawful Basis
Under UK GDPR, we must have a lawful basis for processing your personal data. We use your information for the following purposes:

Purpose: To provide and operate the Platform (create your account, facilitate readings, display profiles).
  • Type of Data Used: Account, Profile, Communications, Usage Data.
  • Lawful Basis for Processing: Performance of a Contract with you.

Purpose: To process payments and manage transactions.
  • Type of Data Used: Account Data, Payment Information (via processor).

  • Lawful Basis for Processing: Performance of a Contract with you.
Purpose: To communicate with you (service updates, support requests, security alerts, marketing).

  • Type of Data Used: Account, Communications Data.
  • Lawful Basis for Processing: Performance of a Contract; Legitimate Interests (to keep you informed).

Purpose: To handle sensitive information in readings.
  • Type of Data Used: See Section 5 of the Privacy Policy.

  • Lawful Basis for Processing: Explicit Consent.
Purpose: To improve our Platform (analytics, research, new features).

  • Type of Data Used: Usage Data, Anonymised Feedback.
  • Lawful Basis for Processing: Legitimate Interests (to develop our business).

Purpose: To ensure security and prevent fraud.
  • Type of Data Used: Account, Usage, and Payment Data.

  • Lawful Basis for Processing: Legitimate Interests (to protect our Platform and users).
Purpose: To comply with legal obligations.

  • Type of Data Used: Any data required by law enforcement or courts.
  • Lawful Basis for Processing: Legal Obligation.

5. Special Category Data
The content of a spiritual reading may inadvertently include "special category data" as defined by the UK GDPR, such as information revealing religious or philosophical beliefs, health status, or sexual orientation.
  • Our Lawful Basis: We process this data based on your explicit consent.
  • Your Consent: By requesting or delivering a reading on the Platform, you provide your explicit consent for us (and the other user involved in the reading) to process any special category data you choose to share for the sole purpose of providing or receiving that reading. You can withdraw this consent at any time, but this will not affect the lawfulness of processing based on consent before its withdrawal.

6. Who We Share Your Information With
We do not sell your personal data. We may share your information with the following parties:
  • Other Users: We share information between Clients and Mediums as necessary to facilitate a reading. For example, a Client's username is shared with the Medium they book, and the Medium's profile is visible to all Clients.
  • Third-Party Service Providers: We use trusted third parties to perform functions and provide services, such as payment processing (e.g., Stripe), cloud hosting (e.g., AWS, Google Cloud), email delivery, and analytics. These providers are contractually bound to safeguard your data and only use it for the purposes we specify.
  • Legal and Regulatory Bodies: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new owner.

7. International Data Transfers
Some of our third-party service providers may be based outside the United Kingdom. When we transfer your data to such countries, we ensure that a similar degree of protection is afforded to it by implementing appropriate safeguards, such as the UK's Adequacy Regulations or by using International Data Transfer Agreements (IDTAs).

8. Data Security
We have implemented appropriate technical and organisational security measures designed to protect the security of any personal information we process. These measures include encryption, access controls, and secure data storage policies. However, please remember that no method of transmission over the Internet or method of electronic storage is 100% secure.

9. Data Retention
We will only retain your personal data for as long as is necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. As a general rule, we will retain your account data for as long as your account is active and for a reasonable period thereafter in case you decide to re-activate the service.

10. Your Data Protection Rights
Under UK data protection law, you have rights including:
  • Right to be Informed: To be informed about how we use your personal data (which is the purpose of this policy).
  • Right of Access: To request a copy of the personal data we hold about you.
  • Right to Rectification: To request that we correct any inaccurate or incomplete data.
  • Right to Erasure (The 'Right to be Forgotten'): To request that we delete your personal data from our systems.
  • Right to Restrict Processing: To request that we suspend the processing of your personal data.
  • Right to Data Portability: To request a copy of your data in a machine-readable format to transfer to another service.
  • Right to Object: To object to our processing of your personal data (for example, for direct marketing purposes).
  • Rights related to automated decision-making and profiling.
To exercise any of these rights, please contact us at [Your Privacy/Data Protection Email Address].
11. Cookies
Cookies are small text files placed on your device to collect standard Internet log information and visitor behaviour information. We use cookies to make the Platform work, to improve its efficiency, and for analytics. You can set your browser not to accept cookies, but this may affect the functionality of our Platform.

12. Children's Privacy
The Platform is not intended for or directed at individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have, we will take steps to delete such information.

13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.

14. How to Contact Us and Your Right to Complain
If you have any questions or concerns about this Privacy Policy or our data protection practices, please contact us at:
hello@thespiritualvault.com

You also have the right to lodge a complaint with the UK's supervisory authority, the Information Commissioner's Office (ICO).
Information Commissioner's Office (ICO)
Website: https://www.ico.org.uk
Helpline: 0303 123 1113