Privacy Policy
We handle your personal information with care and transparency. Here's what you need to know.
In Summary
We use analytics and measurement tools
The site uses analytics, error monitoring, and marketing/conversion tooling to understand performance and improve the experience.
We use security and anti-abuse controls
We use account security features, Turnstile, and rate limiting to protect staff accounts, forms, and APIs.
We do not sell your information for money
We do work with third-party service providers and measurement vendors, which may receive identifiers and activity data as described below.
You can contact us about your data
We review privacy requests manually and may need to verify your identity before taking action.
What This Policy Covers
This privacy policy applies to the Sacred Society website, including our public pages, embedded or linked booking and newsletter experiences, promotional popups, and the staff portal available through this website.
Some pages or workflows rely on third-party services such as Momence, BambooHR, Mailchimp, Google, Meta, PostHog, Sentry, Cloudflare Turnstile, Upstash, and other operational vendors. When you interact with those services, they may process information under their own privacy notices in addition to this policy.
What We Collect
Information you provide directly
- •Contact details and other information you submit through newsletter forms, promotional signups, inquiry forms, application flows, contact forms, and other request flows made available on the site.
- •Booking, membership, class, or appointment information you provide through Sacred Society pages or linked booking providers such as Momence. Payment card details are generally processed by those providers rather than stored directly by Sacred Society.
- •Professional, scheduling, and free-text information you choose to submit in practitioner, collaboration, rental, accessibility, sustainability, or employment-related flows.
- •Optional details such as language preference, accessibility needs, dietary information, or communications preferences when you choose to provide them.
Information collected automatically
- •Browser, device, approximate location, referring URL, pageview, interaction, and performance information collected through analytics and diagnostic tooling.
- •Cookies, local storage, and session storage used for language preference, popup behavior, analytics persistence, event deduplication, and related site functionality.
- •IP address or IP-derived identifiers, request metadata, and abuse-prevention signals used for security, rate limiting, spam prevention, and troubleshooting.
- •Country-level geolocation signals derived from request headers or similar infrastructure metadata, which may be used to apply region-appropriate privacy and consent behavior.
- •Transaction, session, membership, or confirmation-page identifiers present in URLs when measuring booking or purchase conversions.
Staff account and security data
- •If you create or use a staff account, we may process your name, email address, hashed password, approval status, and account-session information.
- •For staff security, we may process password reset and verification data, encrypted multi-factor authentication secrets, recovery codes, and related security events.
- •We may also send account-related emails such as account setup messages, verification prompts, password resets, and security confirmations.
In some experiences, we may also store information locally in your browser for convenience, such as saved language preference, popup dismissal state, or draft content for certain forms.
How We Use Your Information
- •Provide bookings, classes, memberships, newsletters, inquiries, and other requested services.
- •Operate the public website, embedded experiences, and staff portal.
- •Maintain language preferences, popup behavior, and other user-experience settings.
- •Measure site usage, site performance, campaign effectiveness, and conversion activity.
- •Monitor errors, protect accounts, prevent spam or abuse, and troubleshoot operational issues.
- •Comply with legal obligations, enforce policies, and maintain business records.
Who We Share With
We do not sell your personal information for money. We do, however, work with service providers and measurement vendors that may receive identifiers, browser/device data, page activity, form information, or booking-related data as needed to operate the site and measure performance or conversions.
Depending on the page you use, your information may be processed by providers such as:
- •Momence - Booking, scheduling, memberships, and related class or appointment flows.
- •Mailchimp - Newsletter signup and email audience management.
- •Google Cloud and our CDN providers - Hosting, infrastructure, media delivery, and related operational storage.
- •PostHog - Product analytics, pageview and interaction tracking, and performance measurement.
- •Sentry - Application error monitoring, diagnostics, and operational troubleshooting.
- •Google Tag Manager, Google Analytics, and Google Ads - Tag management, analytics, and advertising/conversion measurement.
- •Meta - Advertising and purchase-conversion measurement through Meta Pixel.
- •EmbedReach - Marketing or campaign measurement.
- •Cloudflare Turnstile - Spam and abuse prevention for selected public forms.
- •Upstash Redis (if enabled) - Rate-limit counters derived from request path and client identifier, used to help protect forms and APIs from abuse.
- •BambooHR - Embedded jobs or recruiting-related experiences.
- •Asana - Internal workflow handling for selected inquiries, such as practitioner submissions.
- •Google Maps and other embedded services - Map, directions, and embedded location-related functionality.
Our PostHog analytics requests are sent directly to PostHog rather than through a first-party Sacred Society proxy.
If you interact with a third-party booking flow, embedded jobs board, map, or similar external experience, that provider may collect information directly under its own privacy notice.
Data Security
We protect your information using industry-standard security measures:
- •Encrypted data transmission (HTTPS/SSL)
- •Secure database with access controls
- •Regular security updates and monitoring
- •Limited staff access to personal data
- •Secure payment processing through trusted providers
While we take security seriously, no system is 100% secure. We continuously work to protect your data and may provide notice of significant incidents when appropriate and required.
How Long We Keep Data
We keep personal information for as long as reasonably necessary for the purposes described in this policy, including to provide services, maintain security, troubleshoot issues, comply with law, and preserve business records.
Examples include:
- •Newsletter and marketing signup information is typically kept until you unsubscribe or ask us to remove it, subject to provider-side processing.
- •Inquiry, application, and support records are kept for as long as reasonably necessary to respond, follow up, and maintain business records.
- •Staff account and security records may be retained while an account is active and for a reasonable period afterward to support security, compliance, and audit needs.
- •Analytics, error-monitoring, and security data may be retained according to operational needs and the retention settings of the providers we use.
- •Third-party providers such as Momence, Mailchimp, BambooHR, PostHog, Sentry, Google, Meta, or Asana may maintain their own retention schedules under their privacy notices.
If you have a question about a specific category of data, contact support@sacredsociety.com
Your Choices & Rights
- •Depending on your location, you may have the right to request access to, correction of, deletion of, or a copy of certain personal information we hold about you.
- •You can unsubscribe from marketing emails at any time using the unsubscribe link in the message or by contacting us.
- •You can control many cookies and similar technologies through your browser or device settings, and you can clear locally stored site data from your browser.
- •We may need to verify your identity before fulfilling certain privacy requests, and we may retain limited information where required for legal, security, fraud-prevention, or recordkeeping reasons.
- •At this time, privacy requests are handled manually by our team rather than through a fully self-service portal.
To ask about access, correction, deletion, or other privacy concerns, contact us at support@sacredsociety.com.
Children's Privacy
Our services are designed for adults. We do not knowingly collect personal information from children under 13. If a parent or guardian becomes aware that their child has provided us with information without consent, please contact us and we will delete it.
Changes to This Policy
We may update this privacy policy from time to time. We'll notify you of significant changes by email (if you're subscribed) or by posting a notice on our website. Continued use of our services after changes constitutes acceptance of the updated policy.
Questions or Concerns?
If you have questions about this privacy policy or how we handle your information, we're here to help:
Sacred Society
3410 W 38th Ave
Denver, CO 80211
“Clarity is a form of care.”