Legal · Privacy

As viewed on:

Privacy Policy

This policy explains who controls personal data, what we collect, the purposes and lawful grounds, how long we keep information, with whom it may be shared, how we protect it, and the rights you may exercise. It is written to align with the EU GDPR, the UK GDPR, Swiss FADP where relevant, and U.S. state consumer privacy law concepts, without waiving any stronger right your jurisdiction grants you.

1. Who and what this policy covers

This document applies to personal data we process when you interact with the public website at chraxelloazlaia.world, when you write to the published email address, and when you use the Contact form. It also applies to the limited data created when you manage cookie choices through the consent interface. A separate order form, invoice, or client agreement, if you ever have one, may add or narrow terms for that project; the contract paper controls conflicts that truly relate only to that project.

We publish general informational content about meal patterns, rest, and calm routines. We do not offer remote diagnosis, and we are not a substitute for a regulated clinician, dietetic treatment plan, or mental health service. That framing matters for privacy because we do not need—and do not want—to collect special category health data through the public site. If a message you send on your own initiative contains clinical detail, we treat it with care, but you should not consider this site a secure channel for ongoing medical care.

What “personal data” means here

Any information that can identify a living person, alone or in combination, including email addresses, an IP address used with logs, and the text of a message you write.

What we are not doing by default

We do not run credit scoring, we do not sell personal data for money, and we do not build advertising profiles on the public pages unless you have activated optional tools through the cookie banner and the vendor can lawfully do so in your area.

2. Data controller and contact

Controller: Chraxelloazlaia, with its principal business address at 3216 N 6th St, Philadelphia, PA 19140, United States of America. The controller is responsible for deciding why and how data is used for the activities described in this policy.

How to reach us for privacy questions: E-mail touch@chraxelloazlaia.world (preferred for written detail), or call +1 215-425-4500 and leave a voicemail with a return address we can use without reading sensitive data aloud in a public recording. We may need to confirm your identity before we disclose or delete data; we ask for the minimum data needed to match you to a record.

We do not require you to create a user account to read the public site. The absence of a password vault on our side also means you should not rely on a “reset password” feature from us if you use the contact form from a shared computer—close the session when you are finished writing.

3. Categories of personal data

Depending on what you do, we may process some or all of the following, always limited to the interaction you started:

  • Identity and contact data: the name and email you type, your organisation name if you volunteer it, and the body of a message, including any attachments the mail system can carry.
  • Technical and usage data: the IP address your provider assigns for a session, date and time, requested URL, HTTP result code, approximate location derived at city or region level, browser family, operating system, and the referral link when your browser supplies one. Some of that data is created even if you do not use the form.
  • Cookie and local storage records: a small record that stores the fact that the consent banner was answered, the categories you approved, a timestamp, and a random or pseudonymous key so the page does not ask every time you open a new tab, until you clear storage or we refresh the key.

4. Purposes and lawful bases

Under the GDPR framework, we rely on a transparent basis for each type of use. In plain order:

Responding to your messages. When you use the Contact form and mark the data-processing box, you consent to us reading and, when appropriate, replying. When you email us without using the form, the lawful ground is a mix of our legitimate interest in running a business mailbox and, where a reply is necessary, taking steps you asked for before any contract. You may withdraw contact consent for future use of your details for marketing-style mailings; it does not erase messages we already had to read to know you had written.

Site security and fraud prevention. We and infrastructure partners process technical records to block abusive request patterns, limit brute force attempts, and support prosecution if a court orders it. The ground is our legitimate interest in a stable service, balanced against a short retention for raw logs and aggregation where that is possible.

Optional analytics and marketing, when enabled. If you opt in through the Cookie Policy flow, we or vendors may set identifiers to see which pages are read, whether email campaigns that link here perform better than a baseline, and how often a mobile layout is used. The ground is your consent, which you can change through the same mechanism or your browser’s controls.

5. Cookies and similar technologies

We separate strictly necessary items from the combined analytics and marketing bucket. Necessary items include a consent memory string and, where the stack requires, a session id for the secure connection. The separate page at Cookie Policy includes examples in everyday language, storage periods at a high level, and how the banner buttons map to the categories.

6. Recipients and reasons for disclosure

We work with a limited set of service providers, each of whom is bound by a contract to use your data only on our instructions, except where a law compels a wider disclosure. Typical categories: hosting, DNS, encrypted transport, email delivery, optional analytics, and back-office accounting if a paid transaction exists. We do not list every subprocessor name in this public file because the ecosystem shifts; you may request the current list by email, and we will point you to the vendor’s own public documentation where it exists.

We will disclose data to a court, regulator, or law enforcement body when a valid, appropriately scoped order arrives. Where the law allows, we will tell you that a request was made unless we are legally forbidden from doing so, or a risk assessment shows that notice would endanger a person or an investigation. We do not build secret “bulk access” back doors for public authorities.

7. International transfers

Our primary processing occurs in the United States. If you are in the EEA, the UK, or Switzerland, the GDPR or equivalent may require a transfer tool when a provider stores data in the U.S. or another country. We use standard contractual clauses, supplementary technical measures, and, where a regulator requires, an impact-style review for higher-risk services. A redacted description of the mechanism in place for your type of data is available on request. You are never asked to “waive” the fundamental protections in those clauses; any click-through you see refers to local law where it is stricter, not where it is weaker.

8. Retention and deletion

Short version: we keep your contact thread only as long as needed to close the request, then for a window that lets us see whether a follow-up is needed, then we delete or reduce it unless another law, such as a tax rule about invoices, compels a longer line item. A practical rule of thumb for unconverted inquiries is a rolling window not exceeding twenty-four months, after which the thread is purged on a schedule, except where a documented dispute, warranty, or open legal claim requires a hold. Server logs in identifiable form are typically cycled in days to a few weeks, with aggregates kept for capacity planning in a de-identified way.

9. Security measures

We expect HTTPS for pages we control, we push updates for content tools when vendors publish them, and we use unique passwords and hardware tokens on administrative accounts. Paper records, if they ever exist, live in a locked file when not in use. We cannot promise perfect security, but we treat confidentiality as a normal part of running a public-facing business.

10. Breach response

If we learn of an incident that is likely to affect your rights, we will notify the supervisory authority where the law requires, and you where the law and the facts support direct notice. A notice will describe the categories involved, the steps we are taking, and a contact for questions. A low-risk, theoretical vulnerability that we patch the same day may not need the same public fanfare as a confirmed disclosure of a mailbox export.

11. Your rights and how to exercise them

Depending on the law in your home jurisdiction, you may be able to access, correct, delete, port, or restrict the processing of your data, and to object to certain processing, including to profiling that has legal or similarly significant effects, where that applies. In the EEA, you may also lodge a complaint with your lead supervisory authority. We respond to verifiable human requests without charging a fee unless the request is manifestly unfounded or excessive; in that rare case we may charge a reasonable admin fee or refuse, with an explanation. Automated-only refusal is not the default—we read what you write.

12. Children and sensitive topics

The public site is aimed at adults who can make their own information choices. We do not knowingly sign up school-age children to mailing lists, and if we learn that a child’s data came through a family computer without a guardian’s awareness, we will work with a responsible adult to remove what is not lawfully required to keep. Please do not send us unnecessary clinical identifiers through a general form.

13. Changes, language, and version record

We will update this page for material changes. The hero section at the top of this file shows a live as viewed on line with the day, month, and year in your local browser’s calendar when the page loads, so you can see when you read it, even if you printed the page. The authoritative language is English; any informal translation a browser offers is a convenience, not a legal rewrite.

Back to top of policy · Return to home · Contact