Privacy Policy

Who we are

The Alchemist’s Journey

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

E-commerce Transactions (WooCommerce)

When you purchase a product from our site, we collect personal data including your name, billing address, shipping address, email address, and phone number. This data is used to process your order, confirm payment, deliver the products, and manage your customer account.

Service Bookings (BookingPress)

When you book a service through our platform, we collect your name, email address, and phone number. This information is used solely to manage your appointment, send booking confirmations, and provide service-related communications.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

We use Google Analytics to understand how visitors use our site and to improve our service offerings. Google Analytics collects information such as your IP address, browser type, operating system, and pages visited.

This data is used for statistical analysis and reporting and is generally anonymized. We have implemented certain features of Google Analytics including Demographics and Interest reporting.

You can opt-out of Google Analytics tracking by visiting the Google Analytics Opt-Out Page or by adjusting your browser settings.

Who we share your data with

We share personal data with third-party service providers and partners to facilitate our business operations, including payment processing, accounting, and service booking. We only share the minimum data necessary for them to perform their functions.

  • Payment Processors: We share transaction details and billing information with our payment processor (e.g., Stripe, PayPal) to securely process credit card and other forms of payment. We do not store full credit card numbers on our server.
  • WooCommerce: As our e-commerce platform, WooCommerce processes customer data, including order details, shipping information, and customer accounts, to manage the fulfillment of your purchases.
  • Intuit QuickBooks: We share customer name, billing address, sales data, and order totals with our accounting software, Intuit QuickBooks, for bookkeeping, invoicing, and compliance with tax requirements.
  • Amelia Bookings: We share your name, email, and booking details with the Amelia scheduling plugin to manage and confirm your appointment with our services.
  • Shipping Carriers: If your order requires physical delivery, we share your name, shipping address, and phone number with carriers (e.g., USPS, FedEx) to facilitate shipment and delivery tracking.
  • Automated Spam Detection: Visitor comments and form submissions are sent to an automated spam detection service for security purposes.

How long we retain your data

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Inquiries: Any customer service communications or inquiries are retained for one (1) year after the final resolution of the request.

Order Data (WooCommerce & Intuit QuickBooks): We retain information related to your purchases and transactions (including name, email, billing, and shipping addresses) for a period of seven (7) years to comply with financial and tax laws.

Service Booking Records (Amelia): Data related to appointments and services booked is retained for two (2) years after the completion of the service for service quality assurance and repeat booking history.

Comments & Reviews: If you leave a comment or review, the comment and its metadata are retained indefinitely.

Customer Accounts: For users who register on our website, we store the personal information they provide in their user profile until they request that their account be deleted.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

If you have questions or concerns about our Privacy Policy or wish to exercise any of your privacy rights, please contact us at:

  • Privacy Specific Email: Alchemistsjourney.life@gmail.com
  • Mailing Address: Alchemist’s Journey LLC, 343 Shady Bluff Dr, Wimberley, TX, 78676

Additional information

How we protect your data

We take the protection of your data seriously and have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorized way.

  • Encryption (SSL): Our entire website uses SSL (Secure Socket Layer) encryption to secure all data transmissions, including checkout and user login information.
  • Payment Security (PCI DSS): We do not store full credit card numbers on our servers. All payment transactions are handled by PCI DSS compliant, third-party payment processors (e.g., Stripe, PayPal), ensuring your financial details are securely handled outside of our direct control.
  • Software Updates: We maintain all website software, including WordPress, WooCommerce, and all plugins, with the latest security updates to patch known vulnerabilities.
  • Access Control: Access to customer data is strictly limited to employees who need to know the information to fulfill orders and provide customer service.

What data breach procedures we have in place

In the unlikely event of a data breach involving personal data, we have implemented the following procedures:

  • Immediate Containment & Assessment: Our security team will immediately work to isolate and contain the breach to prevent further unauthorized access and will conduct a rapid assessment to determine the nature and scope of the breach.
  • Notification: If the breach is likely to result in a high risk to the rights and freedoms of natural persons (as defined by GDPR or other applicable laws), we will notify the appropriate supervisory authorities and affected customers without undue delay and typically within 72 hours of becoming aware of the breach.
  • Remediation: We will take immediate steps to mitigate any harm, secure the affected systems, and implement preventative measures to stop similar breaches from occurring in the future.
  • Documentation: We will keep full records of all facts related to the breach, its effects, and the remedial action taken.

What third parties we receive data from

In general, we do not receive personal data about our users from third parties. All personal data is collected directly from you when you place an order, book a service, or create an account.

However, we do receive certain non-personally identifiable analytical data from the following integrated services:

  • Google Analytics: We receive aggregated, non-personally identifiable data regarding website usage and visitor demographics.
  • Payment Processors: After a transaction is processed, our payment processors provide us with transaction confirmation and the last four digits of the payment method for reconciliation purposes.

What automated decision making and/or profiling we do with user data

We do not use user data for automated decision-making processes that would produce legal effects concerning you or similarly significantly affect you (e.g., automated loan approval or denial).

However, we do engage in basic profiling to customize your experience and improve our marketing efforts:

  • Targeted Marketing: We may use your purchase history (from WooCommerce) and site activity to display relevant products or services to you on our website or through external advertising platforms.
  • Spam Filtering: We use an automated spam detection service (as noted under Comments) to filter submissions, which is a form of automated processing.

Industry regulatory disclosure requirements

California Consumer Privacy Act (CCPA)

If you are a California resident, you have the right to request information about the categories of personal information we have collected about you and the purposes for which we collected and used that information.

Right to Opt-Out of Sale or Sharing:

  • While we do not sell customer lists for cash, the use of third-party advertising cookies and analytics tools may be considered a “sale” or “sharing” under the CCPA.
  • You have the right to opt-out of the sharing of your personal information for targeted advertising or analytical purposes. To exercise this right, please contact us using the Your Contact Information section above.