Privacy Policy

Last updated: March 2026

1. Information We Collect

When you use Aphor Subconscious Studio ("the Service"), we may collect the following types of information:

  • Account Information: Your name, email address, and password when you create an account or sign up for a free session.
  • Payment Information: Billing details processed securely through Stripe, our third-party payment processor. We do not store your full credit card number, CVV, or other sensitive payment credentials on our servers.
  • Usage Data: Information about how you interact with our sessions, including listening history, session completion rates, course progress, and content preferences.
  • Device Information: Browser type, operating system, device identifiers, screen resolution, and IP address used to access the Service.
  • Communication Information: Any information you provide when contacting us, including email correspondence, support requests, and feedback.
  • Email Marketing Information: If you subscribe to our newsletter or marketing communications via ConvertKit, we collect your email address, name, and engagement data such as email opens and click-through rates.

2. Legal Basis for Processing

We process your personal data under the following legal bases as applicable under GDPR and similar data protection laws:

  • Contractual Necessity: To perform and fulfill our obligations under our Terms of Service, including delivering purchased content, managing your account, and processing payments.
  • Consent: Where you have opted in to receive marketing emails, newsletters, or other promotional communications. You may withdraw consent at any time.
  • Legitimate Interests: To improve our services, analyze usage patterns, prevent fraud, and ensure the security and reliability of the platform, where such interests are not overridden by your fundamental rights.
  • Legal Obligation: Where we are required to process data to comply with applicable laws, regulations, or legal proceedings.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process transactions, manage subscriptions, and send related billing communications
  • Personalize your experience, including session and course recommendations based on your usage patterns
  • Send periodic emails about new content, features, practitioner updates, or offers (you may opt out at any time via the unsubscribe link in any email)
  • Monitor and analyze usage trends to improve our content, platform performance, and user experience
  • Detect, prevent, and address technical issues, fraud, and security threats
  • Respond to your inquiries, support requests, and feedback
  • Comply with legal obligations and enforce our Terms of Service

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on the Service. These include:

  • Essential Cookies: Required for the Service to function properly, including session authentication, shopping cart state, and security tokens. These cannot be disabled.
  • Analytics Cookies: Used to understand how visitors interact with the Service, including page views, session duration, and navigation patterns. We use this data to improve content and user experience.
  • Preference Cookies: Remember your settings and preferences, such as audio player volume, playback position, and display options.

You can control cookie preferences through your browser settings. Disabling certain cookies may limit your ability to use some features of the Service.

5. Third-Party Services

We work with trusted third-party services to operate Subconscious Studio. These include:

  • Stripe: To securely process payments, manage subscriptions, and handle billing. Stripe processes your payment information in accordance with PCI DSS standards. See Stripe's Privacy Policy.
  • ConvertKit: To deliver newsletters, email sequences, and transactional emails. See ConvertKit's Privacy Policy.
  • Netlify: To host and serve the website and content securely. See Netlify's Privacy Policy.
  • Analytics Providers: To understand usage patterns and improve the Service.

These services have their own privacy policies, and we encourage you to review them. We share only the minimum data necessary for each provider to perform its function. We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL protocols
  • Secure storage of account credentials with industry-standard hashing algorithms
  • Regular review of data collection, storage, and processing practices
  • Restricted access to personal data on a need-to-know basis

While we strive to protect your personal data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to implementing commercially reasonable safeguards.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

  • Account Data: Retained for the duration of your account and for up to 30 days after account deletion to allow for recovery.
  • Transaction Records: Retained for a minimum of 7 years to comply with tax and financial reporting obligations.
  • Usage Data: Aggregated and anonymized usage data may be retained indefinitely for analytics purposes.
  • Marketing Data: Retained until you unsubscribe or request deletion, after which your email will be suppressed from future mailings.

8. International Data Transfers

Aphor Subconscious Studio is operated from the United States. If you access the Service from outside the United States, please be aware that your data may be transferred to, stored, and processed in the United States and other jurisdictions where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

By using the Service, you consent to the transfer of your information to the United States and other jurisdictions as described in this policy. Where required by applicable law, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your data during international transfers.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal retention obligations.
  • Restriction: Request that we restrict the processing of your personal data under certain circumstances.
  • Objection: Object to the processing of your personal data where we rely on legitimate interests as the legal basis.
  • Portability: Request your data in a structured, commonly used, machine-readable format.
  • Opt-Out: Unsubscribe from marketing emails at any time using the link in any email.
  • Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.

GDPR Rights (EEA/UK Residents)

If you are a resident of the European Economic Area or the United Kingdom, you have the rights outlined above under the General Data Protection Regulation. You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated.

CCPA Rights (California Residents)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act:

  • Right to Know: You may request details about the categories and specific pieces of personal information we have collected, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
  • No Sale of Data: We do not sell personal information as defined under the CCPA and have not done so in the preceding 12 months.

To exercise any of these rights, contact us at privacy@aphor.me. We will verify your identity before processing your request and respond within the timeframe required by applicable law.

10. Automated Processing

We may use automated systems to personalize your experience on the Service, such as recommending sessions or courses based on your listening history and preferences. These recommendations are designed to enhance your experience and do not produce legal or similarly significant effects. You have the right to request human review of any automated decision that significantly affects you.

11. Children's Privacy

Aphor Subconscious Studio is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@aphor.me. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

12. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users without undue delay and no later than 72 hours after becoming aware of the breach, where feasible. Notification will include the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to address the breach.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via email or through a prominent notice on the Service. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy. We encourage you to review this page periodically.

14. Severability

If any provision of this Privacy Policy is found to be unenforceable or invalid by a court of competent jurisdiction, that provision shall be limited or eliminated to the minimum extent necessary so that this Privacy Policy shall otherwise remain in full force and effect.

15. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Aphor Subconscious Studio
Email: privacy@aphor.me

We will respond to your inquiry within 30 days, or sooner where required by applicable law.