Janki Yoga

Privacy Policy

Effective Date: May 18, 2026  ·  Last Updated: May 18, 2026

This Privacy Policy (“Policy”) describes how Janki Yoga (“Janki Yoga,” “we,” “us,” or “our”), a sole proprietorship organized under the laws of the State of Illinois, collects, uses, discloses, and otherwise processes Personal Information in connection with the website located at jankiyoga.com (the “Site”) and the related yoga instruction, consultation, and scheduling services offered through the Site (collectively, the “Services”). By accessing the Site or using the Services, you acknowledge that you have read and understood this Policy.

1. Introduction and Scope

This Policy applies to Personal Information that we collect from or about visitors to the Site, prospective and current students who book sessions through the Site, and other individuals who interact with the Services. It does not apply to information collected by third parties through their own websites, applications, or services, even where those services are embedded within the Site or accessed by means of links from the Site. The privacy practices of such third parties are governed by their respective policies, as further described in Section 16 (Third-Party Links and Embedded Services).

This Policy does not create a contract or other legal rights on behalf of any party, except to the extent that applicable law requires. We may make available supplemental notices or terms in connection with specific Services; in the event of a conflict between this Policy and any such supplemental notice, the supplemental notice will control with respect to the Services to which it pertains.

2. Definitions

For purposes of this Policy:

  • Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household, as defined under applicable privacy laws including the California Consumer Privacy Act, as amended (“CCPA”), and the European Union General Data Protection Regulation (“GDPR”). Personal Information does not include de-identified, aggregated, or publicly available information.
  • Processing” means any operation performed on Personal Information, whether by automated means or otherwise, including collection, recording, organization, structuring, storage, retrieval, use, disclosure, transmission, restriction, erasure, or destruction.
  • Service Providers” means third-party vendors that Process Personal Information on our behalf for the purposes described in this Policy and pursuant to written terms restricting their use of such information.
  • Sensitive Personal Information” has the meaning given in the CCPA and analogous categories under other applicable laws, including precise geolocation, government identifiers, health and biometric information, and account credentials.
  • You” or “your” refers to the individual to whom Personal Information pertains.

3. Information We Collect

We collect a limited set of Personal Information. The categories enumerated below correspond to those identified under the CCPA, provided to satisfy notice-at-collection requirements:

  • Identifiers. Name and email address, collected when you submit a booking request.
  • Customer Records Information (Cal. Civ. Code § 1798.80(e)). Booking date and time, session type, and any optional notes or scheduling preferences you provide.
  • Internet or Other Electronic Network Activity Information. Internet Protocol (IP) address, user-agent string, referring URL, request timestamp, and similar technical information transmitted by your browser when you access the Site. This information is logged by our hosting and security infrastructure provider for the purposes set forth in Section 5.
  • Communications Content. The contents of any email, contact form, or other written communication you direct to us, including any Personal Information you choose to include therein.

We do not knowingly collect Sensitive Personal Information, biometric identifiers, precise geolocation, government identifiers, financial account numbers, payment card information, or information concerning racial or ethnic origin, religious beliefs, sexual orientation, health, or trade union membership. Payments, if any, are processed outside the Site and any associated financial information is handled by the relevant payment processor, not by us.

4. Sources of Information

We obtain Personal Information from the following sources:

  1. Directly from you, when you complete a booking, contact us by email, or otherwise communicate with us;
  2. Automatically, through standard server logging and security telemetry generated when you access the Site; and
  3. From Service Providers and embedded third parties, including our scheduling provider, which transmits booking details to us after you complete a reservation, and our hosting and content-delivery providers, which generate technical information about Site access.

5. How We Use Personal Information

We Process Personal Information for the following purposes:

  • To schedule, confirm, deliver, and follow up with respect to yoga instruction and related Services you have requested;
  • To communicate with you in response to inquiries, requests, or feedback;
  • To operate, maintain, secure, and improve the Site, including detecting, preventing, and responding to fraud, abuse, security incidents, and unlawful activity;
  • To comply with applicable laws, regulations, court orders, and other legal process, and to establish, exercise, or defend legal claims;
  • To maintain records required for tax, accounting, and other business-administration purposes; and
  • For such other purposes as you may direct or to which you may consent at the time of collection.

We do not Process Personal Information for purposes of targeted advertising, cross-context behavioral advertising, profiling that produces legal or similarly significant effects, or the sale of Personal Information.

6. Legal Bases for Processing (EEA, United Kingdom, and Switzerland)

Where the GDPR, the United Kingdom GDPR, or the Swiss Federal Act on Data Protection applies to our Processing, we rely on the following legal bases under Article 6 of the GDPR (or the equivalent provisions):

  • Performance of a contract or pre-contractual steps (Art. 6(1)(b)), for Processing necessary to schedule and deliver Services you have requested;
  • Consent (Art. 6(1)(a)), where you affirmatively submit information to us or otherwise consent to Processing for a specified purpose. You may withdraw consent at any time without affecting the lawfulness of Processing carried out prior to withdrawal;
  • Legitimate interests (Art. 6(1)(f)), for Processing necessary to secure and administer the Site, prevent abuse, and maintain ordinary business records, except where such interests are overridden by your fundamental rights and freedoms; and
  • Compliance with a legal obligation (Art. 6(1)(c)), for Processing required by applicable law.

Where we rely on legitimate interests, you may object to such Processing as described in Section 12.

7. How We Disclose Personal Information

We disclose Personal Information only as follows:

  • Service Providers. We engage the following Service Providers in connection with the operation of the Site and the Services. Each Service Provider is contractually limited to Processing Personal Information for purposes specified by us, consistent with applicable law:
    • Cal.com, Inc. (“Cal.com”) provides the scheduling functionality embedded on the booking page of the Site. When you complete a booking, Cal.com receives and Processes your name, email address, requested session time, and any notes you submit. Cal.com’s processing is governed by its privacy policy, available at https://cal.com/privacy.
    • Cloudflare, Inc. (“Cloudflare”) provides hosting, content delivery, and security services for the Site. Cloudflare Processes technical information described in Section 3, including IP address and user-agent, to deliver the Site and to detect and mitigate abusive or malicious traffic. Cloudflare’s processing is governed by its privacy policy, available at https://www.cloudflare.com/privacypolicy/.
    • Curator LLC (“Curator.io”) provides the social-media aggregation widget embedded on the feed page of the Site. When you visit that page, Curator.io’s script loads in your browser and may set cookies or similar identifiers on its own domain to deliver and measure the widget. Curator.io’s processing is governed by its privacy policy, available at https://curator.io/privacy-policy.
  • Professional Advisors. We may disclose Personal Information to our legal, accounting, tax, insurance, and similar professional advisors as reasonably necessary in the conduct of our business.
  • Legal and Safety Disclosures. We may disclose Personal Information where we believe in good faith that disclosure is necessary to comply with applicable law, respond to lawful requests from public authorities, enforce our terms, protect the rights, property, or safety of Janki Yoga or others, or as otherwise permitted or required by law.
  • Business Transfers. In the event of a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction, Personal Information may be transferred to a successor entity as part of that transaction, subject to customary confidentiality obligations.

We do not disclose Personal Information to third parties for those parties’ own direct marketing or advertising purposes.

8. Sale and Sharing of Personal Information

We do not “sell” Personal Information, and we do not “share” Personal Information for purposes of cross-context behavioral advertising, in each case as those terms are defined under the CCPA and analogous laws of other United States jurisdictions. We have not engaged in any such sale or sharing in the preceding twelve (12) months and do not anticipate doing so. We do not sell or share the Personal Information of any individual, including minors under sixteen (16) years of age.

9. International Data Transfers

Janki Yoga is located in the United States, and our Service Providers operate infrastructure primarily in the United States. Where you access the Site or use the Services from outside the United States, Personal Information you submit will be transferred to, stored, and Processed in the United States and in such other jurisdictions as our Service Providers may operate. These jurisdictions may have data-protection laws that differ from those of your country of residence.

Where Personal Information of individuals located in the European Economic Area, the United Kingdom, or Switzerland is transferred to a country that has not received an adequacy decision, the relevant Service Provider implements appropriate safeguards, which may include the European Commission’s Standard Contractual Clauses, the United Kingdom International Data Transfer Addendum, or equivalent mechanisms. A copy of the safeguards relied upon in respect of any particular transfer may be requested using the contact details in Section 19.

10. Data Retention

We retain Personal Information for so long as is reasonably necessary to fulfill the purposes for which it was collected, including to deliver the Services you have requested, to maintain ordinary business and tax records, to comply with our legal obligations, and to establish, exercise, or defend legal claims. In determining retention periods, we consider the nature, sensitivity, and volume of the Personal Information; the purposes for which it is Processed; the potential risk of harm from unauthorized use or disclosure; whether those purposes can be achieved through other means; and applicable legal, regulatory, tax, and accounting requirements. When Personal Information is no longer required, we will delete it or render it de-identified in a manner that prevents reassociation with you.

11. Information Security

We maintain reasonable administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, disclosure, alteration, and destruction. The Site is transmitted exclusively over Transport Layer Security (HTTPS). Our Service Providers maintain their own security programs, which are described in their respective privacy and security documentation. No method of transmission over the Internet or method of electronic storage is fully secure, however, and we cannot guarantee the absolute security of Personal Information.

12. Your Privacy Rights

Depending on the jurisdiction in which you reside and subject to applicable exceptions, you may have some or all of the following rights with respect to your Personal Information.

12.1 General Rights

Subject to verification of your identity and to any applicable exemptions, you may request to (a) confirm whether we Process Personal Information about you and obtain access to such information; (b) correct inaccurate Personal Information; (c) delete Personal Information; (d) obtain a portable copy of Personal Information you have provided to us; and (e) restrict or object to certain Processing.

12.2 Residents of the European Economic Area, United Kingdom, and Switzerland

If you are located in the EEA, the United Kingdom, or Switzerland, you have the rights set forth in Articles 15 through 22 of the GDPR (or equivalent provisions), including the rights of access, rectification, erasure, restriction of Processing, data portability, and objection, as well as the right to withdraw consent at any time without affecting the lawfulness of Processing carried out prior to withdrawal. You also have the right to lodge a complaint with the supervisory authority in the Member State of your habitual residence, place of work, or alleged infringement. A list of EEA supervisory authorities is available from the European Data Protection Board. United Kingdom residents may contact the Information Commissioner’s Office (ico.org.uk).

12.3 Residents of California

If you are a California resident, you have the following rights under the CCPA: (a) the right to know the categories and specific pieces of Personal Information we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties to whom Personal Information is disclosed; (b) the right to delete Personal Information, subject to statutory exceptions; (c) the right to correct inaccurate Personal Information; (d) the right to opt out of the sale or sharing of Personal Information (which we do not engage in, as stated in Section 8); (e) the right to limit the use and disclosure of Sensitive Personal Information (which we do not knowingly collect, as stated in Section 3); and (f) the right not to receive discriminatory treatment for the exercise of any CCPA right. We do not use or disclose Sensitive Personal Information for purposes that would trigger the right to limit under CCPA § 1798.121.

12.4 Residents of Other United States Jurisdictions

Residents of Virginia (Virginia Consumer Data Protection Act), Colorado (Colorado Privacy Act), Connecticut (Connecticut Data Privacy Act), Utah (Utah Consumer Privacy Act), Texas (Texas Data Privacy and Security Act), Oregon (Oregon Consumer Privacy Act), Montana (Montana Consumer Data Privacy Act), Delaware, Iowa, Indiana, Tennessee, New Jersey, New Hampshire, Nebraska, Minnesota, Maryland, Kentucky, Rhode Island, and other states with comparable comprehensive consumer privacy laws have rights substantially similar to those described in Section 12.1, including, as applicable under the relevant statute, the right to access, correct, delete, and obtain a portable copy of Personal Information, the right to opt out of targeted advertising, sale, and certain profiling, and the right to appeal an adverse decision regarding a privacy request. As stated in Section 8 and Section 5, we do not engage in the sale of Personal Information, targeted advertising, or profiling that produces legal or similarly significant effects.

12.5 Authorized Agents

You may designate an authorized agent to submit a privacy request on your behalf. We may require the agent to provide proof of authorization signed by you, and we may require you to verify your identity directly with us before fulfilling the request, except as prohibited by applicable law.

12.6 Submitting a Request; Verification; Response Time

To exercise any of the rights set forth in this Section 12, please contact us at [email protected] with the subject line “Privacy Request” and a description of the right you wish to exercise. We may request information reasonably necessary to verify that you are the individual to whom the Personal Information pertains or an authorized agent thereof. We will acknowledge receipt of verifiable requests within ten (10) business days and respond substantively within forty-five (45) days, subject to one extension of up to forty-five (45) additional days where reasonably necessary and permitted by applicable law. Where a request is manifestly unfounded or excessive, we may decline the request or charge a reasonable fee, in each case as permitted by applicable law. If we decline a request, you may appeal that decision by replying to our written response.

13. Cookies and Similar Tracking Technologies

We do not set first-party cookies, pixels, tags, beacons, or similar tracking technologies on the Site. We do not use first- or third-party analytics, advertising, or audience-measurement services. Certain pages of the Site include embedded content from Service Providers identified in Section 7. When those pages load, the embedded content may set cookies or use similar technologies on the respective Service Provider’s own domain (for example, cal.com or curator.io). Such cookies are subject to the Service Provider’s privacy practices and are not accessible to Janki Yoga. You may block or restrict cookies through your browser settings, although doing so may affect the functionality of the embedded content.

14. Do Not Track and Global Privacy Control

The Site does not respond to “Do Not Track” signals transmitted by web browsers, as there is no consensus industry or legal standard governing such signals. Where required by applicable law, we treat a Global Privacy Control (“GPC”) signal transmitted by your browser as a valid request to opt out of the sale or sharing of Personal Information; because we do not sell or share Personal Information as described in Section 8, however, no further action is required upon receipt of a GPC signal.

15. Children’s Privacy

The Site and the Services are not directed to, and we do not knowingly collect Personal Information from, children under the age of thirteen (13) within the meaning of the United States Children’s Online Privacy Protection Act (“COPPA”), or children under the age of sixteen (16) within the meaning of Article 8 of the GDPR. If we become aware that we have collected Personal Information from a child without appropriate parental or guardian consent, we will delete such information promptly. A parent or legal guardian who believes that a child has provided Personal Information to us may contact us at [email protected] to request deletion.

16. Third-Party Links and Embedded Services

The Site may contain links to, or embed content from, third-party websites and services that are not owned or controlled by Janki Yoga. We do not endorse, and are not responsible for, the privacy practices, content, or accuracy of any such third party. The collection, use, and disclosure of Personal Information by third parties is governed by their respective privacy policies and terms, and we encourage you to review them before providing Personal Information through their services.

17. Changes to This Privacy Policy

We may update this Policy from time to time to reflect changes in our practices, the Services, or applicable law. When we do, we will revise the “Last Updated” date at the top of this Policy. Where changes are material, we will provide additional notice on the Site, by email where reasonably practicable, or by such other means as may be required by applicable law. Your continued use of the Site or the Services after the effective date of any revised Policy constitutes acceptance of the revised Policy to the extent permitted by applicable law. Prior versions of this Policy are available upon written request.

18. Governing Law

This Policy and any dispute arising out of or relating to it shall be governed by and construed in accordance with the laws of the State of Illinois, United States of America, without regard to its conflict-of-laws principles. This Section 18 does not deprive you of any mandatory consumer protections available to you under the laws of your jurisdiction of residence.

19. Contact Us

Questions, comments, or requests concerning this Policy or our Processing of Personal Information may be directed to:

Janki Yoga
Attn: Privacy
Email: [email protected]

For requests submitted by email, please include “Privacy Request” in the subject line and provide sufficient detail to allow us to identify and respond to your request.