Privacy Policy

Privacy

Privacy Policy

Effective date: 10 May 2026

Effective date: 10 May 2026

The Vedic Life (“we”, “us”, or “our”) operates the website https://thevediclife.com (the “Site”). This Privacy Policy explains what personal data we collect when you visit the Site, sign up for an account, take a course, book a consultation or subscribe to our newsletter, how we use that data, who we share it with, how long we keep it, and the rights you have over it.

We are the “data controller” for the personal data we hold about you. If you live in the UK or the EEA, this policy describes your rights under the UK GDPR and the EU GDPR. If you live elsewhere, equivalent rights may apply under your local law.

What we collect and why

Account & profile data. When you create a student account, enrol in a course or book a consultation, we collect your name, email address, billing address and the password you set. We use this to deliver the service you bought, identify you when you log in and contact you about your purchase.

Payment data. When you pay for a course or consultation, your card or PayPal details are submitted directly to our payment processors — Stripe (via WooPayments) and PayPal — over an encrypted connection. We do not store full card numbers on our Site. We do store the order itself, including amount, currency, products purchased, billing address, and a payment-processor reference, so we can fulfil and account for the order.

Course progress data. If you enrol in a course, we store your progress — lessons completed, quiz attempts, assignments submitted, certificates earned — so you can pick up where you left off and so we can issue your certificate of completion.

Communications data. If you subscribe to our newsletter or contact us via the contact form, we store the email address you give us, the message and any reply we send. We use this to respond to you and, if you opted in, to send occasional updates and educational content.

Reviews & comments. If you leave a course review or article comment, we store the text, the rating, the name you submitted under and your account ID (if logged in). Your first name and last initial are displayed publicly alongside your review.

Technical & usage data. Our hosting provider, our security plugin (Wordfence), our analytics (Google Analytics, via Site Kit) and our spam protection (Google reCAPTCHA on the checkout) collect technical data automatically when you visit, including your IP address, the date and time of your visit, the pages you view, the browser and device you use, and a referring URL if any. This is used to keep the Site secure, debug problems and understand which pages students find useful.

Lawful bases

Under UK and EU data-protection law we need a lawful basis for each thing we do with your data. We rely on:

  • Performance of a contract — to give you access to a course you bought, deliver a consultation, take payment and issue receipts.
  • Consent — to send you marketing emails or non-essential cookies. You can withdraw consent at any time (see “Your rights” below).
  • Legitimate interests — to keep the Site secure, prevent fraud, fix bugs and improve our services. We balance these against your rights and only rely on legitimate interests where doing so wouldn’t override them.
  • Legal obligation — to keep tax-and-accounting records for the period required by HMRC, the Irish Revenue, the Lithuanian tax authority and equivalent bodies, and to respond to lawful requests.

Who we share data with

We do not sell your personal data. We share it only with the third-party processors that make the Site work, and only to the extent each one needs:

  • DreamHost — our hosting provider; stores all Site data on our behalf.
  • Stripe (via WooPayments) & PayPal — process card and PayPal payments. They are independent controllers for the payment data they hold; their privacy notices apply (see stripe.com/privacy and paypal.com/uk/legalhub/privacy-full).
  • MailPoet — sends our newsletter and transactional course emails.
  • Google — Google Analytics (via Site Kit) for traffic analytics, and Google reCAPTCHA on the checkout for spam/bot protection. Google’s privacy policy applies (policies.google.com/privacy).
  • Wordfence — our security plugin; receives a hashed IP and user-agent for any blocked or suspicious request.
  • WP Mail SMTP — our outgoing-email relay for password resets, order confirmations and contact-form replies.
  • UpdraftPlus — our backup tool; encrypted backups are stored in remote object storage we control.
  • Government and legal authorities — if we are required by a valid court order, a regulator or a subpoena, or to protect our rights, your safety, or the safety of others.

International transfers

Some of the processors named above (notably Stripe, PayPal, Google and DreamHost) operate infrastructure outside the UK or EEA, including in the United States. Where personal data leaves the UK or EEA, transfers are made under the UK’s International Data Transfer Agreement, the EU Standard Contractual Clauses or another approved safeguard. You can ask us for a copy of the relevant safeguard at any time.

Cookies

We use a small number of cookies. Essential cookies keep you logged in, remember the contents of your cart and protect the checkout from spam — these don’t require consent. Analytics cookies (Google Analytics) record anonymous usage data so we can see which pages help our students. Performance cookies are set by WP Rocket to deliver cached pages quickly. You can clear or block cookies in your browser settings; doing so will not affect access to course content but may sign you out.

How long we keep data

  • Account & course data — for as long as your account is active, plus 24 months after the last login, then deleted unless you ask us to delete it sooner.
  • Order & tax records — retained for 7 years after the order date, in line with our tax-record obligations.
  • Newsletter subscriptions — until you unsubscribe (the unsubscribe link is in every email).
  • Server logs & security logs — 90 days, then automatically rotated.
  • Backups — 30 days, then overwritten.

Your rights

If you live in the UK or the EEA, you have the right to:

  • Access the personal data we hold about you and receive a copy of it;
  • Rectify any data you believe is inaccurate or out of date;
  • Erase your personal data, subject to our legal-retention obligations (e.g. tax records);
  • Restrict or object to certain types of processing;
  • Withdraw consent for marketing emails or analytics cookies at any time;
  • Receive your data in a portable format (data portability);
  • Lodge a complaint with your data-protection authority — in the UK that is the Information Commissioner’s Office; if you live elsewhere in the EEA, your national authority.

To exercise any of these rights, email us at the address below. We aim to respond within one calendar month.

Children

The Site and our courses are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

Security

We protect your data with HTTPS across the entire Site, hashed passwords, an active firewall (Wordfence), spam protection (reCAPTCHA), encrypted off-site backups and the principle of least privilege for any human access. No system is ever 100% secure, and we encourage you to use a unique password and be cautious of phishing emails that may impersonate us.

Changes to this policy

We will update this policy when we change how we handle data — for example, when we add or remove a third-party processor. The effective date at the top will reflect the latest change. For material changes that affect how we use your data, we will email registered students before the change takes effect.

Contact us

For any privacy question, or to exercise any of the rights above, contact us at info@thevediclife.com.