Home About
Services Contact Client Login

Privacy Policy

Privacy Policy

Effective Date: 03/01/2025

1. Who We Are

Elizabeth Neal Coaching LLC, doing business as The Sacred Return, is a Massachusetts limited liability company providing life and wellness coaching services at elizabethnealcoaching.com. Our mailing address is PO Box 3985, Peabody, MA 01961. For purposes of data protection law, we are the data controller of the personal information described in this Policy.

Questions or requests about this Policy may be directed to Elizabeth Neal at [email protected]

 

2. What We Collect

Information you provide: When you contact us, sign up for emails, book a session, or enroll in a program, we may collect your name, email address, phone number, mailing address, and payment information. Payment is processed by Stripe; we do not store full card numbers.

Information collected automatically: When you visit our Website, we automatically collect your IP address, browser type, operating system, pages visited, and session duration through log files and Google Analytics. If you are a member or student inside our Kajabi platform, Kajabi also automatically records behavioral data on your behalf, including video watch time, lesson completion progress, login activity, and email engagement metrics (opens and clicks). This data is used solely to deliver and improve your program experience.

Information from third parties: We may receive your name and email from Typeform when you complete intake forms.

You are not required to provide personal information to browse the public areas of our Website.

3. How We Use Your Information

We use your information only to deliver and improve our services, process payments, send you communications you have requested or consented to, comply with legal obligations, and protect the security of our Website and users. We do not sell, rent, or trade your personal information.

5. Cookies & Tracking Technologies

We use the following categories of cookies and tracking technologies:

  • Strictly necessary: required for the Website to function; cannot be disabled
  • Analytics: Google Analytics collects anonymized usage data (requires your consent)
  • Marketing: we may use Meta Pixel and Google Ads tags to measure advertising effectiveness and serve relevant ads (requires your consent)

When you first visit our Website, a cookie consent banner will ask for your permission before any non-essential cookies are set. You may update your preferences at any time by contacting us. If your browser sends a Do Not Track signal, only a strictly necessary session cookie will be placed.

You may opt out of Google Analytics via the Google Analytics opt-out browser add-on. You may opt out of interest-based advertising at optout.aboutads.info.

6. Who We Share Your Information With

We share your information only with the following service providers, each contractually bound to use it solely on our behalf:

  • Stripe — payment processing (name, billing address, payment data)
  • Typeform — client intake forms (name, email, form responses)
  • Kajabi — website hosting, course and program delivery, member account management, client portal, and email marketing; data shared includes name, email address, phone number, purchase history, course progress, lesson completion, video watch time, and email engagement data. Kajabi stores data on servers operated by Amazon Web Services (AWS) in the United States. We have entered into a Data Processing Agreement (DPA) with Kajabi governing the processing of personal data on our behalf.
  • Google Analytics — anonymized website analytics

We may also disclose your information if required by law, court order, or to protect our legal rights. In the event of a business acquisition or merger, your information may transfer to a successor entity subject to this same Policy.

We do not sell or share your personal information. No mobile opt-in or SMS consent data is ever shared with third parties for any purpose.
 

If you participate in a Kajabi Community hosted on our platform, please be aware that content you post — including comments, questions, and profile information — may be visible to other community members. Do not share information in a community that you would not want other members to see. We are not responsible for how other members use information you choose to share publicly within the community.

7. How Long We Keep Your Data

  • Client and payment records: 7 years from end of engagement (required by IRS and Massachusetts tax law)
  • Kajabi member and course activity data: retained for the duration of your active membership or enrollment, plus 7 years thereafter for client records, or deleted upon a verified erasure request for non-client data
  • Email subscribers (non-clients): until you unsubscribe, or 24 months of inactivity, whichever comes first
  • Inquiry and lead data: 12 months from last contact unless a client relationship forms
  • Website analytics: up to 26 months (Google Analytics default)

When data is no longer needed, we securely delete or anonymize it.

8. Security & Data Breach Notification

We maintain reasonable technical and organizational safeguards, including SSL/TLS encryption, restricted access controls, PCI-DSS compliant payment processing, and a Written Information Security Program (WISP) as required by Massachusetts M.G.L. c. 93H and 201 C.M.R. 17.00.

No internet transmission is 100% secure. In the event of a breach affecting your personal information:

  • EEA/UK residents: we will notify the relevant supervisory authority within 72 hours and, where required, notify you directly without undue delay (GDPR Art. 33–34)
  • Massachusetts residents: we will notify the Massachusetts Attorney General, the Director of Consumer Affairs and Business Regulation, and affected residents as soon as reasonably possible, as required by M.G.L. c. 93H
  • Other U.S. residents: we will comply with all applicable state breach notification laws

9. Your Privacy Rights

Depending on where you live, you have some or all of the following rights regarding your personal data: the right to access, correct, delete, or receive a portable copy of your data; the right to object to or restrict certain processing; and the right to withdraw consent at any time.

To exercise any right: email [email protected] with the subject line "Privacy Rights Request." Include your name, your email address on file, and a description of your request. We may verify your identity before fulfilling the request. We will acknowledge within 5 business days and respond fully within 30 days (extendable to 60 days for complex requests, with notice).

We will never discriminate against you for exercising your privacy rights. Doing so will not affect your access to services, pricing, or quality of care.

EEA and UK residents may also lodge a complaint with their supervisory authority. In the UK: the Information Commissioner's Office (ICO). Additional resources: gdpr.eu.

10. California Residents — CCPA / CPRA

California residents have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Know what personal information we have collected, used, or disclosed in the past 12 months
  • Delete personal information we hold about you, subject to legal exceptions
  • Correct inaccurate personal information
  • Opt out of the sale or sharing of personal information — we do not sell or share your data
  • Limit the use of sensitive personal information to what is necessary to provide our services
  • Non-discrimination for exercising these rights

To submit a California request, email [email protected] with the subject line "California Privacy Request." We respond within 45 days (extendable by an additional 45 days with notice).

Shine the Light (Cal. Civ. Code § 1798.83): We do not disclose personal information to third parties for their own direct marketing purposes.

11. Other U.S. State Residents

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other states with comprehensive privacy laws have rights substantially similar to those in Section 9. We respond within 45 days as required by each applicable law. If we deny a request, you may appeal by emailing us with the subject line "Privacy Rights Appeal" within 30 days of our response.

12. International Data Transfers (EEA & UK)

Our business and our service providers are based in the United States. When we transfer personal data from the EEA or UK to the U.S., we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as our primary transfer mechanism, and on UK International Data Transfer Agreements (IDTAs) for UK transfers. GDPR Article 49 derogations are used only as a fallback for truly exceptional, non-repetitive transfers. You may request a copy of the applicable transfer mechanism by contacting us.

Data stored within our Kajabi platform is hosted on servers operated by Amazon Web Services (AWS), located in the United States. Kajabi's sub-processors, including AWS, are bound by Kajabi's own data processing agreements and are subject to the same SCCs and transfer safeguards described above. For further information on Kajabi's sub-processors and data handling, see Kajabi's Privacy Policy.

13. Email & SMS Marketing

We send emails only to people who have opted in or who have purchased from us. EEA and UK residents receive marketing emails only with explicit, freely given consent. Every commercial email we send identifies us as the sender, includes our mailing address (PO Box 3985 Peabody, MA 01961), and contains a clear unsubscribe link, in compliance with the CAN-SPAM Act. We honor all unsubscribe requests within 10 business days.

If you have opted in to SMS, you consent to receive text messages from us. Reply STOP to opt out at any time. Reply HELP for assistance. Standard message and data rates may apply. SMS opt-in data is never shared with third parties.

14. Automated Decision-Making

We do not make any decisions about you using solely automated processes that produce legal or similarly significant effects. Basic email segmentation and website analytics involve automated tools, but all decisions affecting you involve human review.

15. Massachusetts Residents — M.G.L. c. 93H

As a Massachusetts company, we maintain a Written Information Security Program (WISP) in compliance with M.G.L. c. 93H and 201 C.M.R. 17.00. In the event of a breach of security of personal information of Massachusetts residents, we will notify the Massachusetts Attorney General, the Director of Consumer Affairs and Business Regulation, and affected individuals as soon as reasonably possible, as required by law.

16. Children's Privacy (COPPA)

Our Website and services are intended for individuals aged 18 and older. We do not knowingly collect personal information from anyone under the age of 13. If you believe a child under 13 has submitted information to us, please contact us at [email protected] and we will promptly delete it.

17. Third-Party Links

Our Website may link to third-party sites or embed third-party content. Those sites are governed by their own privacy policies. We are not responsible for their practices. Some links may be affiliate links; we may earn a commission at no cost to you.

18. Changes to This Policy

We may update this Policy at any time. Material changes will be communicated by email or a prominent Website notice before taking effect. The "Last updated" date above reflects the most recent revision. Continued use of our Website after changes constitutes acceptance.

19. Contact Us

Elizabeth Neal Coaching LLC dba The Sacred Return
Attn: Elizabeth Neal, Privacy Representative
PO Box 3985, Peabody, MA 01961
[email protected]
elizabethnealcoaching.com

If you need this Policy in an alternative format (large print, audio), please contact us and we will accommodate your request.