Key Points on Root & Flow’s Privacy Policy
- Compliance with Canadian Law: This policy aligns with PIPEDA, emphasizing consent, limited data use, and user rights to access or correct information, ensuring transparency for Toronto-based holistic services.
- Data Collection Focus: Primarily gathers contact details, space preferences, and session notes for service delivery, with no unnecessary health data unless relevant to meditation or wellness goals.
- User Protections: Data is secured against unauthorized access, shared only with consent or for legal reasons, and retained only as needed—typically 7 years for records.
- Opt-Out Options: Users can withdraw consent for marketing or request data deletion, though this may limit services; cookies are used minimally for site functionality.
- No Sensitive Assumptions: While holistic practices may touch on well-being, evidence suggests such services handle data responsibly without overreach into medical privacy.
Overview
Root & Flow, a Toronto-based holistic design studio, prioritizes your privacy in all interactions, from website visits to consultations. This policy explains data handling practices, drawing from standard guidelines for wellness services in Canada. It applies to personal information collected via our site, emails, calls, or sessions.
What We Collect and Why
We gather minimal data like names, emails, addresses, and space details to customize Feng Shui, design, and meditation services. This supports booking, recommendations, and follow-ups, always with your consent. Automatic data like IP addresses helps improve site usability.
Your Rights and Controls
Request access, corrections, or deletion via [email protected]. We respond within 30 days, as per PIPEDA. Opt out of communications anytime.
Security Measures
Data is protected with encryption and access controls; we notify of breaches promptly.
Root & Flow is committed to safeguarding your personal information in line with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), which governs how private-sector organizations handle data during commercial activities. As a Toronto-based holistic space alignment studio offering Feng Shui consultations, intentional design, meditation sessions, and related services, we collect only necessary data to enhance your experience while fostering trust and transparency. This comprehensive Privacy Policy outlines our practices for collecting, using, disclosing, and protecting personal information, incorporating the 10 fair information principles of PIPEDA: accountability, identifying purposes, consent, limiting collection, limiting use/disclosure/retention, accuracy, safeguards, openness, individual access, and challenging compliance.
By using our website, booking services, or providing information, you consent to these practices. If you disagree, please refrain from engaging with our services. We may update this policy periodically; changes are effective upon posting, with the last update noted at the top. Continued use signifies acceptance. This policy is current as of December 17, 2025.
What Constitutes Personal Information?
Personal information is any factual or subjective data about an identifiable individual, including but not limited to name, contact details, opinions, or preferences. It excludes business contact information used solely for professional communication, such as a work email for service inquiries. In our context, this may include details shared during alignment calls or sessions, like home layout preferences or wellness goals, but we do not collect sensitive health data unless explicitly relevant (e.g., for personalized meditation) and with clear consent.
Types of Information We Collect
We collect information directly from you and automatically through our website and services. Below is a table summarizing the categories, examples, purposes, and collection methods, ensuring limited and purposeful gathering as per PIPEDA’s limiting collection principle.
| Category | Examples | Purpose | Collection Method |
|---|---|---|---|
| Contact Information | Name, email, phone number, mailing address | Booking consultations, sending confirmations, follow-ups, or marketing (with consent) | Website forms, email inquiries, phone calls, alignment calls |
| Demographic & Preference Data | Age range, gender (optional), space details (e.g., floor plans, photos), wellness goals | Customizing services like ROOT, FLOW, or BLOOM packages; energy assessments | Consultations, surveys, session notes |
| Payment Information | Credit card details (last 4 digits retained), billing address | Processing payments for services; auditing | Secure payment gateways during booking (full details not stored) |
| Health-Related Information (Limited) | Basic well-being notes (e.g., stress levels for meditation) | Tailoring sessions; not medical in nature | Voluntary disclosure during sessions, with explicit consent |
| Technical & Usage Data | IP address, browser type, device info, visit timestamps | Improving website functionality, analyzing trends | Automatic via cookies, server logs |
| Correspondence Records | Emails, feedback, testimonials | Responding to inquiries, quality improvement | Communications with us |
We do not collect information from individuals under 18 without guardian consent, aligning with protective practices in wellness services. No full credit card numbers are stored; transactions are handled securely.
How We Collect Information
- Directly: Through website forms, or during virtual/in-person sessions.
- Automatically: Via cookies for session management, analytics (e.g., Google Analytics for traffic patterns), and logs. We use session and persistent cookies for essential functions like remembering preferences, but not for extensive tracking. Opt out via browser settings, though this may limit site features.
- From Third Parties: Rarely, such as from payment processors or if you link via social media, but only with consent.
Before collection, we identify purposes and obtain meaningful consent—explicit for sensitive data, implied for basic interactions.
How We Use Your Information
We use data solely for identified purposes, limiting retention to what’s necessary (e.g., 7 years for financial records per tax laws). Primary uses include:
- Delivering services: Assessing energy flows, providing design plans, facilitating meditation.
- Business operations: Billing, appointment reminders (via email/text, with opt-out), customer service.
- Improvements: Analyzing anonymous trends to refine offerings, like seasonal workshops.
- Marketing: Sending updates on services (e.g., Airbnb styling tips) with consent; personalized recommendations based on past interactions.
- Legal compliance: Audits, dispute resolution, or fraud prevention.
We do not use data for unrelated purposes without renewed consent.
Sharing and Disclosure of Information
We share data minimally, only with:
- Service providers (e.g., payment processors, IT support) under strict contracts ensuring PIPEDA-level protection. Some may be outside Canada (e.g., U.S.-based tools), but we verify safeguards.
- Regulatory bodies: If required for audits or investigations.
- Third parties: For insurance claims (with your consent) or in business transfers (e.g., merger).
- As required by law: Responding to court orders, preventing harm, or detecting fraud.
Anonymous testimonials may be shared; full disclosure requires consent. We do not sell or rent data.
Data Security and Safeguards
We employ physical (locked files), administrative (staff training), and technical measures (encryption, firewalls) to protect against loss, theft, or unauthorized access. In case of breaches, we notify affected individuals and the Privacy Commissioner promptly, per PIPEDA rules. However, no system is infallible; transmissions are at your risk.
Retention Practices
Information is retained only as long as needed for purposes, legal requirements, or dispute resolution—typically 7 years for records, then securely deleted.
Cookies and Tracking
We use essential cookies for functionality; third-party tools like Google Analytics track usage anonymously. Manage via browser; opt out of targeted ads through NAI (https://www.networkadvertising.org/).
Third-Party Links
Our site may link to external sites; we are not responsible for their privacy practices.
Changes to This Policy
We notify of material changes via email or site notice. Review periodically.
Contact Us
For questions, reach Root & Flow through contact form
This policy ensures ethical data handling, reflecting best practices for holistic services while prioritizing user trust.