Privacy Policy

LAST UPDATED: MAY 2026

Sovereign State Retreats (“we,” “us,” or “our”) operates the website ssretreats.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website or participate in our retreats. By using our website or services, you consent to the practices described in this policy.

1. Information We Collect

We may collect the following categories of information when you visit our website, submit an application, or book a retreat:

1.1 Information You Provide

  • Personal identification: Full name, email address, date of birth, and emergency contact information.
  • Professional information: Professional designation, licensing body, license number, and practice details (used to verify retreat eligibility).
  • Payment information: Credit or debit card details are processed securely through Stripe (WooPayments). We do not store your full card number, CVV, or PIN on our servers.
  • Health and safety disclosures: Medical conditions, allergies, dietary requirements, medications, and physical limitations disclosed for retreat safety and accommodation planning.
  • Communications: Emails, application form submissions, questionnaire responses, and any other correspondence you send us.
  • Travel information: Passport details, flight itineraries, and travel insurance information you provide for retreat logistics.

1.2 Information Collected Automatically

  • Technical data: IP address, browser type and version, operating system, device type, screen resolution, and referring URLs.
  • Usage data: Pages visited, time spent on pages, click patterns, and navigation paths through our site.
  • Cookie data: Session identifiers, preferences, and analytics data collected through cookies and similar technologies (see Section 5).

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Process bookings and payments — including sending confirmation emails, receipts, and invoices.
  • Verify professional eligibility — confirming that applicants hold valid credentials as licensed mental health professionals.
  • Prepare for your retreat — including meal planning, activity accommodations, room assignments, and safety measures based on your disclosures.
  • Send pre-retreat logistics — welcome kits, travel information, packing guides, and itineraries.
  • Communicate with you — about your reservation, retreat updates, schedule changes, and post-retreat follow-up.
  • Marketing communications — future retreat announcements and related content, only with your explicit opt-in consent. You may unsubscribe at any time.
  • Improve our website and services — analyze usage patterns, troubleshoot issues, and enhance user experience.
  • Comply with legal obligations — including tax reporting, financial record-keeping, and responding to lawful requests from authorities.
  • Protect safety and security — detecting fraud, enforcing our terms, and ensuring the safety of retreat participants.

3. Legal Basis for Processing

We process your personal information on the following legal grounds:

  • Consent: When you voluntarily provide information through our forms, application, or opt in to marketing communications.
  • Contractual necessity: When processing is required to fulfill our booking agreement with you (e.g., processing payments, arranging accommodations).
  • Legitimate interests: When processing is necessary for our business operations, such as improving our services, ensuring safety, and preventing fraud.
  • Legal obligations: When we are required by law to retain or disclose information (e.g., tax records, regulatory compliance).

4. Payment Processing

All payment transactions are handled by Stripe (via WooPayments). Stripe is PCI DSS Level 1 certified — the highest level of security certification in the payments industry. When you make a payment:

  • Your card details are transmitted directly to Stripe via an encrypted connection (TLS/SSL).
  • We never store, process, or have access to your full card number, CVV, or PIN.
  • We only receive a transaction confirmation, the last 4 digits of your card, card type, and the payment amount.
  • Stripe may independently collect and process information in accordance with their own privacy policy.

For more information, see Stripe’s Privacy Policy.

5. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to provide essential functionality and improve your experience:

  • Essential cookies: WooCommerce session cookies and WordPress authentication cookies required for the booking and checkout process. These are strictly necessary and cannot be disabled without affecting site functionality.
  • Analytics cookies: We may use Google Analytics or similar services to understand how visitors use our site. This data is anonymized and aggregated. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
  • Functional cookies: Cookies that remember your preferences (such as language or region) to personalize your experience.

We do not currently use advertising, retargeting, or third-party marketing cookies. You can manage cookie preferences through your browser settings. Disabling essential cookies may affect your ability to complete a booking.

6. Third-Party Services

We share your information only with trusted third parties necessary to deliver our services:

  • Stripe (WooPayments) — secure payment processing.
  • WooCommerce / WordPress — order management and booking system (hosted on Hostinger).
  • Email service provider — transactional emails (booking confirmations, receipts) and marketing emails (with your consent only).
  • Retreat venue and logistics partners — your name, dietary requirements, and medical/safety disclosures may be shared with the retreat venue in El Salvador and relevant logistics providers for accommodation and safety purposes.
  • Professional verification services — licensing information may be shared with credential verification providers to confirm your eligibility.

We do not sell, rent, or trade your personal information to any third party for marketing or advertising purposes. We require all third-party service providers to handle your data in accordance with applicable privacy laws.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • SSL/TLS encryption for all data transmitted through our website.
  • PCI DSS-compliant payment processing through Stripe.
  • Access controls limiting who within our organization can view your personal data.
  • Secure hosting infrastructure with regular security updates and monitoring.
  • Health and safety disclosures are stored separately from general booking data and access-restricted to authorized personnel only.

While we take reasonable precautions to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

8. Data Retention

We retain your information for the following periods:

  • Booking and financial records: 7 years from the date of the transaction (as required by Canadian tax and legal obligations).
  • Health and safety disclosures: Securely deleted within 90 days after the retreat concludes, unless required for ongoing safety documentation or legal purposes.
  • Professional credential records: Retained for the duration of our business relationship and deleted within 12 months after your last interaction with us.
  • Marketing consent records: Retained until you withdraw consent.
  • Website analytics data: Anonymized and retained for up to 26 months.
  • Communications and correspondence: Retained for up to 3 years after the last communication.

9. Your Rights

Under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation, you have the right to:

  • Access — request a copy of the personal information we hold about you.
  • Correction — request that we correct any inaccurate or incomplete information.
  • Deletion — request that we delete your personal information, subject to legal retention requirements.
  • Withdraw consent — opt out of marketing communications at any time by clicking the unsubscribe link in any email or contacting us directly.
  • Data portability — request your data in a commonly used, machine-readable format.
  • File a complaint — contact the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated.

To exercise any of these rights, contact us at info@ssretreats.com. We will respond to your request within 30 calendar days.

10. Canadian Anti-Spam Legislation (CASL)

We comply with Canada’s Anti-Spam Legislation (CASL). We will only send you commercial electronic messages (such as newsletters, promotions, and retreat announcements) if you have provided express opt-in consent. Every marketing email includes a clear unsubscribe mechanism. Transactional emails related to your booking (confirmations, receipts, logistics) are exempt from CASL and will be sent as necessary to fulfill our agreement with you.

11. International Data Transfers

Your data may be processed in Canada and the United States (where our hosting and payment processors are located), and may be shared with retreat venue partners in El Salvador. By using our services, you consent to the transfer of your information to these jurisdictions, which may have different data protection laws than your country of residence. We take reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

12. Children’s Privacy

Sovereign State Retreats is exclusively designed for licensed mental health professionals aged 18 and over. We do not knowingly collect, use, or disclose personal information from anyone under the age of 18. If we become aware that we have inadvertently collected information from a minor, we will delete it immediately. If you believe a minor has provided us with personal information, please contact us at info@ssretreats.com.

13. Links to Other Websites

Our website may contain links to third-party websites or services that are not operated by us (e.g., Stripe, venue websites, social media platforms). We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party websites you visit.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. When we make material changes, we will update the “Last Updated” date at the top of this page. For significant changes that affect how we handle your data, we will make reasonable efforts to notify you via email or a prominent notice on our website. Your continued use of our website or services after any changes constitutes your acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:

Sovereign State Retreats
Email: info@ssretreats.com
Website: ssretreats.com