Skip to main content
Lightworkers Logo
Lightworkers

Privacy Policy

Effective Date: October 1, 2025
Last Updated: October 1, 2025
Document Version: 1.0

LIGHTWORKERS.LIFE PRIVACY POLICY

Effective Date: October 1, 2025
Last Updated: October 1, 2025
Document Version: 1.0

1. INTRODUCTION AND SCOPE

Lightworkers ("Lightworkers," "we," "our," or "us") is committed to protecting your privacy and maintaining the highest standards of data protection. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your personal information when you access or use the Lightworkers.life platform ("Platform").

Our Mission: We recognize that spiritual wellness and healing services involve deeply personal and sensitive information. This Policy reflects our commitment to handling your data with the utmost care, respect, and transparency.

Scope: This Policy applies to all users of our Platform, including:

  • Clients seeking holistic wellness services
  • Practitioners offering spiritual and healing services
  • Website visitors and prospective users
  • Newsletter subscribers and community members

Legal Framework: We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant privacy regulations worldwide.

2. DATA CONTROLLER INFORMATION

Data Controller Details:

  • Company: Lightworkers
  • Email: support@lightworkers.life

Contact for Privacy Matters:
For all privacy-related inquiries, data subject requests, or concerns, please contact us using the information provided in Section 19.

3. COMPREHENSIVE INFORMATION WE COLLECT

3.1 Personal Information You Provide Directly

Account Registration Information:

  • Full name and preferred name/nickname
  • Email address and phone number
  • Date of birth (for age verification)
  • Geographic location (country, state/province, city)
  • Profile photograph (optional)
  • Preferred communication methods and languages

For Practitioners - Professional Information:

  • Professional credentials, certifications, and licenses
  • Training background and educational qualifications
  • Specializations and service offerings
  • Professional bio and experience description
  • Business information (if applicable)
  • Professional photographs and portfolio images
  • Pricing and availability information
  • Verification documents (certificates, licenses, etc.)

For Clients - Wellness Information:

  • Health and wellness goals (optional)
  • Previous experience with holistic practices
  • Preferences for practitioner characteristics
  • Specific wellness interests and needs
  • Session feedback and reviews

Communication Data:

  • Messages sent through our Platform messaging system
  • Support ticket communications
  • Feedback, surveys, and testimonials
  • Community forum posts and interactions (if applicable)

3.2 Sensitive Personal Data

Special Category Data Under GDPR:
We may process sensitive personal data related to:

  • Physical and mental health information
  • Spiritual and religious beliefs
  • Wellness conditions and treatment preferences
  • Emotional and psychological states

Legal Basis: We process sensitive data only with your explicit consent or where necessary for the provision of health/wellness services, in accordance with Article 9 of GDPR.

Health Data Safeguards: All health-related information is subject to enhanced security measures and restricted access controls.

3.3 Automatically Collected Information

Device and Technical Information:

  • IP address and general geographic location
  • Device type, operating system, and browser information
  • Unique device identifiers and mobile advertising IDs
  • Screen resolution and device capabilities
  • Network connection type and carrier information

Platform Usage Analytics:

  • Pages visited and time spent on each page
  • Click patterns, search queries, and navigation paths
  • Session duration and frequency of visits
  • Features used and user engagement patterns
  • Error logs and technical performance data

Cookies and Tracking Technologies:

  • Essential cookies for Platform functionality
  • Analytics cookies for usage statistics
  • Preference cookies for user settings
  • Security cookies for fraud prevention
  • Third-party cookies (with consent)

3.4 Third-Party Sources

Payment Information:

  • Payment processing data from secure payment providers
  • Billing address and payment method details
  • Transaction history and payment status

Social Media Integration:

  • Public profile information (if you connect social accounts)
  • Profile picture and basic demographic information
  • Friends/connections list (if relevant and consented)

Professional Verification Services:

  • Credential verification from third-party databases
  • Professional licensing status confirmation
  • Background check results (where legally permitted and consented)

4. DETAILED PURPOSES AND LEGAL BASIS FOR PROCESSING

4.1 Core Platform Services (Legal Basis: Contract Performance)

Account Management:

  • Creating and maintaining user accounts
  • Authenticating users and managing access
  • Providing customer support and technical assistance
  • Managing user preferences and settings

Practitioner-Client Connections:

  • Facilitating introductions between clients and practitioners
  • Enabling communication through our messaging system
  • Coordinating appointments and scheduling
  • Processing booking requests and confirmations

Service Delivery Support:

  • Providing platform features and functionality
  • Enabling secure video/audio sessions (if offered)
  • Supporting payment processing and billing
  • Managing session feedback and reviews

4.2 Service Improvement (Legal Basis: Legitimate Interest)

Platform Enhancement:

  • Analyzing usage patterns to improve user experience
  • Developing new features and services
  • Conducting user research and feedback analysis
  • Optimizing Platform performance and reliability

Quality Assurance:

  • Monitoring service quality and user satisfaction
  • Identifying and resolving technical issues
  • Ensuring practitioner credential accuracy
  • Maintaining Platform security and integrity

4.3 Legal and Safety Compliance (Legal Basis: Legal Obligation/Legitimate Interest)

Regulatory Compliance:

  • Fulfilling legal reporting requirements
  • Responding to law enforcement requests
  • Complying with tax and financial regulations
  • Meeting professional licensing requirements

Platform Safety:

  • Preventing fraud, abuse, and misuse
  • Protecting against security threats
  • Enforcing Platform Terms of Service
  • Investigating violations and disputes

4.4 Marketing and Communication (Legal Basis: Consent/Legitimate Interest)

Promotional Communications:

  • Sending newsletters and platform updates
  • Sharing relevant wellness content and tips
  • Promoting new features and services
  • Conducting user engagement campaigns

Personalized Recommendations:

  • Suggesting relevant practitioners and services
  • Customizing content based on interests
  • Providing targeted wellness resources
  • Enhancing user discovery experience

5. ENHANCED DATA SHARING AND DISCLOSURE

5.1 Practitioner-Client Information Sharing

Facilitated Connections:
When you contact a practitioner or respond to a client inquiry, we share:

  • Basic contact information (name, email, phone if provided)
  • Relevant wellness interests or service offerings
  • Public profile information and photographs
  • Previous session history (if applicable and consented)

Communication Facilitation:

  • Messages sent through our Platform messaging system
  • Appointment scheduling information
  • Session notes (if enabled and consented)
  • Feedback and review information

5.2 Trusted Service Providers

Technology Infrastructure Partners:

  • Cloud hosting and storage providers (AWS, Google Cloud, etc.)
  • Content delivery networks for Platform performance
  • Database management and backup services
  • Cybersecurity and monitoring services

Business Operations Partners:

  • Payment processors (Stripe, PayPal, etc.)
  • Email service providers for communications
  • Analytics and user experience platforms
  • Customer support and chat services

Professional Services:

  • Legal and compliance advisors
  • Accounting and financial services
  • Marketing and advertising partners (with consent)
  • Professional verification services

Data Processing Agreements: All service providers are bound by comprehensive data processing agreements ensuring GDPR compliance and equivalent data protection standards.

5.3 Legal and Regulatory Disclosures

Required by Law:

  • Court orders and subpoenas
  • Law enforcement investigations
  • Regulatory compliance requirements
  • Tax authority requests
  • Public health emergency responses

Protection of Rights:

  • Defending against legal claims
  • Protecting user safety and wellbeing
  • Preventing fraud and abuse
  • Enforcing Platform Terms of Service

5.4 Business Transactions

Corporate Changes:
In the event of a merger, acquisition, sale, or other business transaction, your information may be transferred to the acquiring entity, subject to:

  • Advance notice to affected users
  • Continued protection under equivalent privacy standards
  • Opportunity to delete account before transfer
  • Compliance with applicable data protection laws

6. ADVANCED DATA SECURITY MEASURES

6.1 Technical Safeguards

Encryption Protocols:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • End-to-end encryption for sensitive communications
  • Encrypted database storage and backups

Access Controls:

  • Multi-factor authentication for all accounts
  • Role-based access permissions
  • Regular access audits and reviews
  • Automated access revocation for inactive accounts

Infrastructure Security:

  • SOC 2 Type II compliant hosting environments
  • Regular penetration testing and vulnerability assessments
  • Intrusion detection and prevention systems
  • 24/7 security monitoring and incident response

6.2 Organizational Safeguards

Employee Training:

  • Comprehensive data protection training for all staff
  • Regular privacy awareness updates
  • Specialized training for data handling roles
  • Confidentiality agreements for all personnel

Data Governance:

  • Privacy by Design principles in system development
  • Regular privacy impact assessments
  • Data minimization and retention policies
  • Documented procedures for data handling

Incident Response:

  • Rapid breach detection and response procedures
  • Incident escalation and notification protocols
  • Forensic investigation capabilities
  • Recovery and remediation procedures

6.3 Vendor Security Requirements

Third-Party Vetting:

  • Security assessments for all data processing vendors
  • Regular security audits and compliance reviews
  • Contractual security and privacy requirements
  • Ongoing monitoring of vendor security practices

7. COMPREHENSIVE COOKIE AND TRACKING POLICY

7.1 Types of Cookies We Use

Essential Cookies (Always Active):

  • Authentication and login session management
  • Security and fraud prevention
  • Platform functionality and feature access
  • Load balancing and performance optimization

Functional Cookies (With Consent):

  • User preference storage
  • Language and region settings
  • Accessibility features
  • Shopping cart and session state

Analytics Cookies (With Consent):

  • Google Analytics for usage statistics
  • Hotjar for user experience analysis
  • Custom analytics for Platform optimization
  • Performance monitoring and error tracking

Marketing Cookies (With Consent):

  • Social media integration and sharing
  • Targeted advertising and remarketing
  • Campaign effectiveness measurement
  • Cross-platform user identification

7.2 Cookie Management

Consent Management:

  • Granular consent for different cookie types
  • Easy withdrawal of consent at any time
  • Clear explanation of each cookie category
  • Opt-in required for non-essential cookies

Cookie Control:

  • Browser-based cookie management tools
  • Platform cookie preference center
  • Regular consent renewal requests
  • Detailed cookie information and purposes

7.3 Third-Party Tracking

External Services:
We may use approved third-party services that may place cookies or similar tracking technologies:

  • Google Analytics (with IP anonymization)
  • Social media plugins (with consent)
  • Customer support chat widgets
  • Email marketing platforms

Cross-Site Tracking:
We do not engage in cross-site tracking without explicit consent and clear disclosure of purposes.

8. COMPREHENSIVE DATA RETENTION POLICY

8.1 General Retention Principles

Data Minimization:
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law.

Regular Review:
Data retention periods are reviewed annually and updated based on legal requirements, business needs, and user preferences.

8.2 Specific Retention Periods

Account Information:

  • Active accounts: Retained during account lifecycle
  • Inactive accounts: Deleted after 3 years of inactivity
  • Closed accounts: Deleted within 30 days (unless legal hold applies)
  • Backup copies: Securely deleted within 90 days

Communication Records:

  • Platform messages: Retained for 2 years after last activity
  • Support communications: Retained for 3 years
  • Legal communications: Retained as required by law
  • Marketing communications: Until consent withdrawal

Financial Information:

  • Payment records: Retained for 7 years (tax compliance)
  • Transaction logs: Retained for 5 years
  • Billing information: Retained during active subscription plus 1 year
  • Fraud prevention data: Retained for 5 years

Professional Verification:

  • Practitioner credentials: Retained during active account plus 2 years
  • Verification documents: Securely deleted after verification
  • Professional reviews: Retained for 3 years
  • Licensing information: Updated and maintained during account activity

8.3 Secure Deletion

Deletion Procedures:

  • Automated deletion processes for expired data
  • Secure overwriting of digital storage media
  • Physical destruction of paper records
  • Certificate of destruction for sensitive data

Backup Management:

  • Regular purging of backup systems
  • Encrypted backup storage with access controls
  • Restoration procedures that respect retention limits
  • Audit trails for all deletion activities

9. INTERNATIONAL DATA TRANSFERS

9.1 Cross-Border Data Flows

Transfer Necessity:
Your personal data may be transferred to and processed in countries outside your location to:

  • Provide Platform services through global infrastructure
  • Enable practitioner-client connections across borders
  • Utilize international service providers and partners
  • Comply with legal and regulatory requirements

9.2 Transfer Safeguards

Adequacy Decisions:
Where possible, we transfer data to countries with European Commission adequacy decisions or equivalent regulatory approval.

Standard Contractual Clauses:
For transfers to countries without adequacy decisions, we use:

  • European Commission Standard Contractual Clauses (SCCs)
  • Approved data transfer impact assessments
  • Additional safeguards as required by law
  • Regular monitoring of transfer safety

Alternative Transfer Mechanisms:

  • Binding Corporate Rules (if applicable)
  • Certification schemes and codes of conduct
  • User consent for specific transfers
  • Derogations for service provision

9.3 Data Location Transparency

Primary Data Centers:

  • EU-based servers for EU residents
  • US-based servers with Privacy Shield successor protections
  • Regional data centers for performance optimization
  • Regular audits of data location and transfer practices

10. ENHANCED USER RIGHTS AND CONTROLS

10.1 Universal Privacy Rights

Right to Information:
You have the right to understand:

  • What personal data we collect about you
  • Why we process your data
  • Who we share your data with
  • How long we retain your data
  • Your rights regarding your data

Right of Access:
You can request:

  • A copy of all personal data we hold about you
  • Details about our processing activities
  • Information about data recipients
  • Data retention periods
  • Source of data (if not collected directly from you)

10.2 Data Management Rights

Right to Rectification:

  • Correct inaccurate personal data
  • Complete incomplete data records
  • Update outdated information
  • Modify profile and preference settings

Right to Erasure ("Right to be Forgotten"):
Request deletion of your personal data when:

  • Data is no longer necessary for original purposes
  • You withdraw consent (where consent is the legal basis)
  • Data has been unlawfully processed
  • Deletion is required for legal compliance
  • You object to processing and no overriding legitimate grounds exist

Right to Restrict Processing:
Temporarily limit our processing of your data when:

  • You contest the accuracy of the data
  • Processing is unlawful but you oppose deletion
  • We no longer need the data but you need it for legal claims
  • You have objected to processing pending verification of legitimate grounds

10.3 Data Portability and Objection Rights

Right to Data Portability:
Receive your personal data in a structured, commonly used, machine-readable format to:

  • Transfer data to another service provider
  • Keep personal copies of your data
  • Facilitate switching between similar services
  • Exercise control over your digital identity

Right to Object:
Object to processing based on legitimate interests for:

  • Direct marketing (absolute right)
  • Profiling for marketing purposes
  • Scientific or historical research
  • Public interest or official authority tasks

10.4 Automated Decision-Making Rights

Algorithmic Transparency:
We will inform you about:

  • Use of automated decision-making systems
  • Logic involved in automated processing
  • Significance and consequences of such processing
  • Your right to human intervention

Protection Against Automated Decisions:
You have the right to:

  • Not be subject to purely automated decision-making
  • Request human review of automated decisions
  • Express your point of view regarding automated decisions
  • Contest automated decisions that significantly affect you

11. REGION-SPECIFIC PRIVACY RIGHTS

11.1 California Consumer Privacy Rights (CCPA/CPRA)

Enhanced Rights for California Residents:

Right to Know:

  • Categories of personal information collected
  • Specific pieces of personal information collected
  • Categories of sources of personal information
  • Business/commercial purposes for collection
  • Categories of third parties with whom we share data

Right to Delete:
Request deletion of personal information, subject to exceptions for:

  • Legal compliance requirements
  • Fraud prevention and security
  • Internal uses aligned with consumer expectations
  • Service provision completion

Right to Opt-Out:

  • Opt-out of sale or sharing of personal information
  • Opt-out of targeted advertising
  • Limit use and disclosure of sensitive personal information

Right to Non-Discrimination:
We will not discriminate against you for exercising CCPA rights by:

  • Denying services or charging different prices
  • Providing different levels of service quality
  • Suggesting that you may receive different treatment

11.2 European Privacy Rights (GDPR)

Enhanced Protections for EU/EEA Residents:

Lawful Basis Transparency:
Clear identification of legal basis for each processing activity:

  • Consent: Freely given, specific, informed, and unambiguous
  • Contract: Processing necessary for service provision
  • Legal Obligation: Required by law
  • Vital Interests: Protecting life and safety
  • Public Task: Official authority or public interest
  • Legitimate Interest: Balanced against your rights and freedoms

Special Category Data:
Enhanced protections for sensitive data including:

  • Health and wellness information
  • Spiritual and religious beliefs
  • Biometric data (if collected)
  • Trade union membership (if applicable)

12. CHILDREN'S PRIVACY PROTECTION

12.1 Age Restrictions and Verification

Minimum Age Requirements:

  • Primary users must be at least 18 years of age
  • Users aged 16-17 may access with verifiable parental consent (EU)
  • Users aged 13-17 may access with parental consent (US)
  • We do not knowingly collect data from children under 13

Age Verification:

  • Self-declaration during account registration
  • Document verification for professional accounts
  • Parental consent verification for minors
  • Regular age validation for existing accounts

12.2 Parental Rights and Controls

Parental Consent Requirements:
For users under 18 (or applicable age of majority):

  • Explicit parental consent for account creation
  • Consent for data collection and processing
  • Approval for practitioner communications
  • Permission for sensitive data sharing

Parental Access Rights:
Parents/guardians have the right to:

  • Access their child's personal information
  • Request correction or deletion of data
  • Withdraw consent at any time
  • Receive copies of consent records

13. DATA BREACH NOTIFICATION

13.1 Breach Detection and Response

Detection Systems:

  • 24/7 monitoring and alerting systems
  • Automated anomaly detection
  • Regular security audits and assessments
  • User reporting mechanisms

Response Procedures:

  • Immediate containment and investigation
  • Assessment of breach scope and impact
  • Forensic analysis and documentation
  • Recovery and remediation actions

13.2 Notification Requirements

Regulatory Notifications:

  • Data Protection Authority notification within 72 hours (GDPR)
  • State Attorney General notification (CCPA)
  • Sector-specific regulator notification as required
  • Law enforcement notification if criminal activity suspected

User Notifications:
We will notify affected users without undue delay when a breach:

  • Poses high risk to rights and freedoms
  • Involves sensitive personal data
  • Could result in identity theft or fraud
  • Requires user action for protection

14. PRIVACY GOVERNANCE AND ACCOUNTABILITY

14.1 Privacy Program Structure

Data Protection Officer (DPO):

  • Appointed DPO for GDPR compliance
  • Independent privacy oversight and advice
  • Point of contact for data protection authorities
  • User privacy rights facilitation

Privacy Team:

  • Cross-functional privacy governance committee
  • Regular privacy training and awareness programs
  • Privacy impact assessment coordination
  • Incident response and breach management

15. POLICY UPDATES AND CHANGE NOTIFICATION

15.1 Policy Revision Process

Regular Reviews:

  • Annual policy review and updates
  • Quarterly assessment of regulatory changes
  • Immediate updates for legal requirements
  • User feedback integration and response

Material Changes:
We will provide advance notice for:

  • Changes to data processing purposes
  • New data sharing arrangements
  • Reduced privacy protections
  • Changes affecting user rights

16. WELLNESS-SPECIFIC PRIVACY CONSIDERATIONS

16.1 Spiritual and Health Data Sensitivity

Special Category Protections:
We recognize that spiritual wellness data includes:

  • Religious and spiritual beliefs
  • Mental and emotional health information
  • Physical health conditions and treatments
  • Personal transformation and growth data
  • Energy healing and alternative therapy records

Enhanced Safeguards:

  • Explicit consent for all sensitive data processing
  • Additional encryption and access controls
  • Restricted sharing with third parties
  • Enhanced retention period controls
  • Specialized staff training for sensitive data

17. DISPUTE RESOLUTION AND COMPLAINTS

17.1 Internal Complaint Process

User Concerns:
For privacy-related complaints or concerns:

  • Contact our Privacy Team at support@lightworkers.life
  • Provide detailed description of the issue
  • We will acknowledge receipt within 48 hours
  • Investigation completed within 30 days
  • Written response with resolution or explanation

18. CONTACT INFORMATION AND SUPPORT

18.1 Privacy Contact Details

General Privacy Inquiries:

  • Email: support@lightworkers.life
  • Response Time: Within 48 hours for initial response
  • Languages: English, Spanish, French [expand as needed]

Data Subject Rights Requests:

  • Email: support@lightworkers.life
  • Response Time: Within 30 days (1 month under GDPR)
  • Verification: Secure identity verification required

19. GOVERNING LAW AND JURISDICTION

19.1 Applicable Law

This Privacy Policy and our data processing practices are governed by:

  • Primary Jurisdiction: Delaware, USA
  • GDPR: For EU/EEA residents and data processing
  • CCPA/CPRA: For California residents and applicable data
  • Local Laws: As applicable based on user location and data processing location

20. EFFECTIVENESS AND VERSION CONTROL

Effective Date: This Privacy Policy becomes effective on October 1, 2025 and applies to all data processing from that date forward.

Previous Versions: Previous versions of this Policy are available upon request and for regulatory compliance purposes.

Next Review Date: [TO BE SCHEDULED - ANNUALLY]

ACKNOWLEDGMENT

BY USING THE LIGHTWORKERS PLATFORM, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS PRIVACY POLICY, UNDERSTAND IT, AND AGREE TO BE BOUND BY ITS CONDITIONS. IF YOU DO NOT AGREE TO THIS POLICY, YOU MUST NOT ACCESS OR USE THE PLATFORM.

Lightworkers Logo
Lightworkers

Síguenos

Lightworkers es una plataforma de autoservicio que conecta profesionales independientes del bienestar con clientes. Todos los profesionales son los únicos responsables de sus servicios, cualificaciones y conducta profesional. Lightworkers no verifica, avala ni garantiza a ningún profesional o servicio. Los servicios ofrecidos no constituyen consejo médico y no deben sustituir la atención médica profesional. Consulta siempre con un proveedor sanitario autorizado para cuestiones médicas. El uso de esta plataforma es bajo tu propia discreción y riesgo.

© 2025 Lightworkers. Todos los derechos reservados.