Privacy Policy

The data controller responsible for personal data described here is Velmorinttbrizur, 770 Broadway, New York, NY 10003, United States. We designate the following channels for privacy questions, rights requests, and regulatory correspondence.

Privacy inbox

mailuse@velmorinttbrizur.world

Studio telephone

+1 212-529-9500 (Eastern Time business hours for general intake; rights requests may also be emailed)

Postal address

Velmorinttbrizur, Attn: Privacy, 770 Broadway, New York, NY 10003, USA

Our public pages discuss sleep-friendly habit pacing, environmental cues, and reflective planning. They are educational, not diagnostic. We therefore avoid collecting health record data through ordinary browsing and we do not build advertising profiles from inferences about medical conditions unless you have provided a lawful, explicit consent where that consent is required.

If you voluntarily disclose health-related context in a free-form message, we treat that content as correspondence and retain it only under the schedules in the retention section unless law requires otherwise. We do not use such messages to train automated clinical systems.

Depending on how you interact with us, we may process the categories below. Not every visitor provides every category.

• Identity & contact: name, email address, phone number if you choose to share it, organization or role if you mention it.
• Transactional: purchase history, invoice identifiers, payment status (payment card data is handled by our payment partners, not stored on our servers).
• Communications: message text, attachment metadata, channel used, and internal notes needed to respond.
• Technical & usage: IP address, device type, browser version, referring URL, approximate region derived from IP, and on-site navigation patterns.
• Preference & consent records: cookie choices stored locally, mailing-list preferences, and documentation of consent timestamps.
• Program participation: attendance indicators, completion of workbook modules, and feedback you submit in cohort tools—limited to what is necessary to run the educational experience.

We obtain data directly from you when you complete forms, chat with us, or sign agreements. We also generate technical data automatically when your device loads our assets, and we may receive confirmation events from email or payment processors acting on our instructions.

Where the EU or UK GDPR applies, we rely on the following bases, sometimes in combination for different processing activities within the same relationship.

• Contract — processing necessary to deliver a product you purchased or to take pre-contractual steps at your request.
• Legitimate interests — securing our network, improving informational layouts, documenting consent, and preventing fraud, balanced against your rights.
• Consent — marketing beyond transactional notices, non-essential cookies, or other processing where consent is the appropriate ground.
• Legal obligation — responding to lawful requests from courts or regulators and retaining financial records.

You may withdraw consent without affecting prior processing; withdrawing may limit features such as personalized reminders.

We process personal data to operate the studio, fulfill informational missions, and maintain trust. Major purposes include delivering purchased materials, answering questions, measuring audience size when permitted, debugging technical faults, enforcing terms, and complying with law.

We do not sell personal information for money as that term is defined under leading US state laws. If we ever offer an incentive in exchange for data sharing where law requires notice, we will describe it separately with an opt-out as mandated.

Retention follows necessity and statute. Typical windows are indicative; legal holds or investigations may extend isolated extracts.

Contact and general inquiry mail

Twenty-four months from last substantive message unless you ask us to erase sooner and no exception applies.

Client service records & program notices

Three years after your last paid engagement unless contract or law mandates longer.

Accounting & tax

Up to seven years in line with US federal and New York record-keeping norms.

Security logs

Up to twelve rolling months in restricted infrastructure.

We share data with subprocessors that meet confidentiality, security, and data-protection contractual requirements. Some subprocessors store data in the United States or other regions.

When personal data originating in the EEA, Switzerland, or the UK is transferred to countries without adequacy decisions, we implement Standard Contractual Clauses, UK Addenda where applicable, or other lawful transfer tools, supplemented by technical measures such as encryption in transit.

We combine administrative, technical, and physical safeguards: role-based access, MFA for production tools where supported, vulnerability monitoring, backup encryption, vendor due diligence, and staff training on social engineering.

No online transmission is perfectly secure. If we confirm a breach affecting your personal data, we will follow applicable notification timelines and describe remedial steps proportionate to risk.

Depending on where you live, you may have rights to access, rectify, delete, restrict, port, or object to certain processing, and to lodge a complaint with a supervisory authority. We verify requests to prevent abuse and will explain any denial grounded in law.

• Email your request to the privacy inbox with enough detail for us to locate records.
• We acknowledge within a reasonable period and may ask for narrow follow-up information.
• We fulfill or explain denials within statutory windows, typically within thirty to forty-five days depending on jurisdiction.

Residents of California, Colorado, Connecticut, Virginia, Utah, and other states with comprehensive privacy statutes may have additional rights such as opt-out of certain sharing for cross-context advertising, appeal of decisions, and limits on use of sensitive personal information. We honor recognized universal opt-out signals where legally required once our implementation is complete.

We do not charge a different price for exercising privacy rights unless the difference is reasonably related to the value of your data as expressly permitted by law.

Informational offerings target adults who can contract. We do not knowingly collect personal information from children under sixteen for commercial purposes inconsistent with COPPA or state student-privacy analogs. Parents or guardians may contact us to remove inadvertently submitted youth data.

We do not make decisions producing legal or similarly significant effects about visitors solely through automated processing without human review. Scoring or segmentation for internal operations, if introduced later, would be disclosed before deployment where GDPR or state law requires.

We version this Policy when practices change materially. The dynamic date in the hero section reflects the latest substantive review. Prior versions are available on request for research or dispute resolution. Continued use after notice, where permitted, signifies acceptance of non-controversial administrative edits.