top of page

Privacy Policy

Last updated: 26th Oct 2025

Ritual & Restore (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and share your information when you use our website, mobile app, and online services (together, the “Service”).

By using the Service, you agree to this Privacy Policy.

1. Who We Are

Ritual & Restore is a wellness and yoga brand based in Eskdalemuir, Scotland, offering classes, courses, and digital content designed to help users cultivate calm, connection, and wellbeing.

Data Controller: Ritual & Restore
Contact email: ritualandrestore@gmail.com
Postal address: Moodlaw, Eskdalemuir, Dg13 0qt

If you have questions about this policy or wish to exercise your data rights, contact us at the email above.

2. The Data We Collect

We collect and process:
(a) Identification & Contact Data — your name, email address, username, and password.
(b) Transaction Data — payments, subscriptions, and purchase history.
(c) Usage Data — how you interact with our website/app (IP address, device type, browsing behaviour, app logs).
(d) Marketing Preferences — your choices about receiving communications from us.
(e) Optional Wellbeing Data — if you choose to share information about your yoga practice or wellness goals (never required and processed only with explicit consent).

3. How We Use Your Data

We process your data to:

  • provide access to classes, memberships, and digital content;

  • manage your account and subscriptions;

  • send you essential service updates;

  • improve user experience and platform functionality;

  • send you marketing emails (only if you’ve opted in);

  • comply with legal obligations (tax, accounting, data protection).

4. Legal Bases for Processing

Under the UK and EU GDPR, we rely on these lawful bases:

  • Contractual necessity: to deliver the services you’ve requested;

  • Legitimate interests: to maintain and improve our platform;

  • Consent: when you opt-in to marketing or share optional wellness data;

  • Legal obligation: to meet regulatory requirements.

You may withdraw consent at any time.

5. Sharing Your Data

We may share limited data with trusted third parties who help operate the Service:

  • Payment processors (e.g., Stripe, PayPal, Apple Pay, Google Pay);

  • Cloud hosting and data storage providers;

  • Analytics and marketing platforms (e.g., Google Analytics, Meta Ads);

  • Professional advisers (accountants, legal consultants).

All partners are bound by contracts requiring GDPR-level data protection.

We do not sell or rent your data.

6. International Transfers

If data is transferred outside the UK or EEA (for instance, to servers in the US), we ensure safeguards are in place such as:

  • an adequacy decision from the UK or EU Commission; or

  • standard contractual clauses approved under the GDPR.

7. Data Security

We use appropriate technical and organisational measures — encryption, password protection, secure servers — to protect your personal data from loss, misuse, or unauthorised access.

8. Data Retention

We keep your data only as long as necessary for the purposes described:

  • Account information — for as long as you have an active account;

  • Transaction data — for up to 7 years (to comply with accounting laws);

  • Marketing consent — until you withdraw it.

After that, data is securely deleted or anonymised.

9. Your Data Rights

You have the right to:

  • access a copy of your personal data;

  • correct inaccurate or incomplete data;

  • request deletion (“the right to be forgotten”);

  • restrict or object to processing;

  • data portability (receive your data in a structured format);

  • withdraw consent at any time;

  • lodge a complaint with your local data protection authority (in the UK: ICO – www.ico.org.uk).

To exercise any of these rights, contact [insert email].

10. Cookies

We use cookies and similar technologies to improve site performance and understand usage patterns.

You can manage or disable cookies through your browser settings. For details, see our [Cookie Policy] (if applicable).

11. Children’s Data

Our Service is not intended for children under 16. We do not knowingly collect data from minors. If you believe we have unintentionally collected such data, contact us immediately.

12. Updates to This Policy

We may revise this Privacy Policy occasionally. Updates will appear on our website or app with a new “Last updated” date. Continued use of the Service after updates means you accept the new version.

Ritual & Restore – Data Safety Information

1. Data Collection and Handling Overview

Ritual & Restore collects limited personal and app-usage data to operate the service, manage memberships, and improve the user experience. We do not sell or share data for advertising purposes.

All personal data is handled under the UK GDPR and EU GDPR, and securely stored on servers using encryption and access control.

2. Data Collected

Data Type Collected Shared Purpose of Use Required / Optional

Name✔️❌ Account creation and personalised experience  - Required

Email address✔️❌Login, communication, password recovery - Required

Payment information (processed by Stripe, Apple Pay, or Google Pay)✔️ (via processor only)❌Subscription payments, refunds - Required

App activity (pages visited, videos viewed)✔️❌Analytics and performance improvement - Optional

Device information (device type, OS version, app version)✔️❌App functionality and security - Required

Crash logs / Diagnostics✔️❌Error detection and fixing technical issues - Optional

Approximate location⚙️ (if user enables)❌Localised content recommendations - Optional

Marketing preferences✔️❌Manage consent and communication settings - Optional

3. Data Sharing

We do not sell or share data with third parties for marketing or advertising.
We only share limited information with trusted service providers who help us operate the app:

  • Payment processors (Stripe, Apple, Google)

  • Cloud hosting and analytics (e.g., Google Cloud / Firebase Analytics)
    All partners are bound by GDPR-compliant agreements.

4. Data Encryption and Security

  • All data is encrypted in transit (HTTPS/TLS) and stored securely.

  • Access is restricted to authorised personnel only.

  • No biometric or sensitive health data is collected without explicit consent.

5. Data Retention

Data is kept only for as long as needed to provide services, comply with law, or resolve disputes.

  • Account data: stored until account deletion.

  • Transaction data: retained up to 7 years for tax/accounting compliance.

  • Analytics data: retained up to 24 months, anonymised thereafter.

6. User Rights & Controls

Users can:

  • View, update, or delete their data.

  • Withdraw consent for marketing.

  • Request data export (portability).

  • Delete their account at any time via the app or by contacting [insert email].

7. Security Practices

Ritual & Restore follows industry best practices for data protection and undergoes regular security reviews.
We comply with:

  • UK Data Protection Act 2018

  • UK GDPR and EU GDPR

  • Apple App Store & Google Play data safety requirements

8. Developer Contact Information

Ritual & Restore
Email: ritualandrestore@gmail.com
Website: ritualandrestore.com
Address: Moodlaw, Eskdalemuir, Dg13 0qt

Follow us

  • Facebook
  • Instagram
  • Twitter

​© 2024 by Ritual and Restore Ltd. Powered and secured by Wix

bottom of page