Privacy Policy

Effective Date: September 25, 2025

Please read this Privacy Policy to understand our policies and practices regarding your personal data and how we will handle it. If you do not agree with our policies and practices, do not use our Services. By accessing or using our websites (lovethelifeyoulive.ca, mytimeline.health), including all subpages and subdomains, course and community platforms, and related coaching and online course services (collectively, “Services”), you agree and consent to this Privacy Policy. Love the Life You Live Integrative Coaching and MyTimeline Health (“we,” “us,” “our,” or “Service Provider”) is dedicated to safeguarding your privacy and ensuring the security of your personal data.

We may revise this policy to reflect changes in our operations, technology, or legal requirements. Material changes will be posted on our websites with an updated Effective Date. Your continued use of the Services signifies acceptance of the revised policy.

1. PERSONAL DATA WE COLLECT 

We process your personal data to provide and enhance our Services, ensuring a personalized and effective experience. Specifically, we use your data to deliver group coaching, online courses, and MyTimeline Health assessment results; provide tailored content, such as weekly resources, worksheets, and tools; process payments securely through Stripe; communicate with you, including responding to inquiries and sending marketing emails (with your consent); analyze usage trends, such as purchase history, website/assessment interactions, and email engagement, to improve our Services; promote our Services through email campaigns and retargeting advertisements (e.g., Google, Facebook); and comply with legal, regulatory, tax, and accounting obligations

2. HOW WE USE YOUR PERSONAL DATA 

We process your personal data to provide and enhance our Services, ensuring a personalized and effective experience. Specifically, we use your data for the following purposes:

  • Service Delivery and Functionality: To deliver group coaching, online courses, and MyTimeline Health assessment results; provide tailored content, such as weekly resources, worksheets, and tools; and process payments securely through Stripe.
  • Business Operations and Development: To analyze usage trends, such as purchase history, website/assessment interactions, and email engagement, to improve our Services and develop new features or offerings.
  • Marketing and Promotion: To send marketing emails (with your consent), deliver co-branded promotional emails with affiliates (with prior disclosure), and support retargeting advertisements (e.g., Google, Facebook).
  • Customer Support and Communication: To respond to your inquiries, provide support, and communicate about your account or Services.
  • Protection and Security of the Services: To detect and prevent fraud, secure user accounts, and ensure the integrity of our platforms through access controls and encryption.
  • Legal, Regulatory, and Compliance Purposes: To comply with legal, regulatory, tax, and accounting obligations, including to protect our legal rights or to respond to legal requests (e.g., subpoenas, court orders).

3. LEGAL BASIS FOR PROCESSING 

Certain data protection laws, such as those in the European Economic Area (EEA) and the United Kingdom, require us to identify a valid legal reason (called a “legal basis”) before we collect, use, share, or otherwise process your personal data. Our legal basis depends on the data and context in which we collect it. These bases include:

  • Consent: For marketing communications, MyTimeline assessment responses, and coaching session notes, where you have explicitly agreed.
  • Contractual Necessity: To fulfill our obligations under the Services, such as delivering courses, coaching, or assessment results.
  • Legal Obligations: To comply with tax, legal, accounting, or other regulatory requirements.
  • Legitimate Interests: For activities like website analytics, fraud prevention, administrative purposes, direct marketing, or improving our Services, provided these interests do not override your data protection rights or freedoms.  If we collect data to meet legal or contractual obligations, we will clearly indicate this at the time of collection, noting whether providing the data is mandatory and the consequences of not providing it. If processing is based on legitimate interests, we will provide clear notice of those interests. We act as the Data Controller for all personal data collected through our Services, except where specified otherwise. If you have questions about the legal basis on which we collect and use your Personal Information for any specific processing activity, contact details are in the “Contact Information” section below.

4. DATA SHARING

We do not sell your personal data. We may share your data as follows to support our Services:

Third-Party Vendors: We share data with trusted vendors, including:

  • Stripe: Processes names, emails, and payment information for transactions.
  • HIPAA-Compliant Coaching and Membership Platform: Manages course delivery, email campaigns, and group coaching session notes.
  • Zoom: Supports group coaching sessions, processing names, emails, and video/audio data.
  • Microsoft 365 (via GoDaddy): Handles inquiry communications, processing names and emails.
  • Google Analytics: Tracks anonymized website usage data for analytics.

These vendors are authorized to process data solely for the purposes specified by us and are subject to confidentiality obligations through applicable agreements (e.g., GDPR Data Processing Agreements for Stripe and the coaching platform, HIPAA Business Associate Agreements for the coaching platform, Zoom, and Microsoft 365) or their privacy practices. For GDPR, we rely on signed Data Processing Agreements where available. For CCPA and PIPEDA, we rely on vendors’ privacy practices and implement additional safeguards, such as consent management, data retention policies, and anonymization settings (e.g., for Google Analytics), to ensure compliance. 

Community Platform: Information you voluntarily share in the community platform (e.g., health details) is not systematically shared or processed by us beyond facilitating the platform, and such disclosures are at your own risk.

Affiliates and Marketing: We may share your name and email with affiliates for co-branded promotional emails (where it was previously disclosed that you would receive emails from Our affiliate or “partner”) or to add you to suppression lists to prevent unwanted marketing.

Legal Requirements: We may disclose data if required by law, such as in response to subpoenas, court orders, or to prevent fraud, harm, or violations of our Terms of Use.  

5. COOKIES AND TRACKING TECHNOLOGY 

We use cookies and web beacons to enhance functionality, personalize your experience, and analyze usage. Essential cookies enable core functionality, such as login for course platforms and assessment security. Performance cookies track usage, including website statistics, funnel tracking, and assessment analytics. Web beacons are used in emails and on our websites/assessment to track engagement (e.g., open rates, page visits). You can manage cookies through our consent banner or browser settings (Chrome, Firefox, Safari, Edge). If you opt out of certain cookies, a generic “opt-out” cookie will be placed to prevent us from associating non-personal information with your browser. You may need to opt out again if you delete cookies, block cookies (including third-party cookies), switch browsers, change computers, or upgrade your browser. Some browsers offer “Do Not Track” signals, but our websites do not currently respond to these, as there is no established industry standard. Blocking cookies may limit Service functionality.

6. HOW WE PROTECT YOUR INFORMATION

We implement robust administrative, managerial, technical, and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: Personal data, including MyTimeline Health assessment responses (e.g., behavioral and satisfaction ratings), is encrypted in transit using TLS 1.2 or higher and at rest using AES-256 encryption. Group coaching session notes, which may contain sensitive health information, are stored in our HIPAA-compliant coaching and membership platform with enhanced encryption to meet HIPAA standards.
  • Access Controls: Access to personal data is restricted to authorized personnel only, using role-based access controls and multi-factor authentication where applicable.
  • Data Segregation: Sensitive data, such as group coaching session notes, is stored separately from other personal data to ensure enhanced protection, in compliance with HIPAA requirements where applicable.
  • Internal Policies and Training: We maintain strict internal standards for handling personal data, including controls to protect information collected online. Our employees receive regular training on these standards, and our privacy policy, practices, and guidelines are communicated to them to ensure compliance.
  • Vendor Security: Our vendors (e.g., Stripe, Zoom, Microsoft 365, ScoreApp) are required to implement comparable security measures, verified through contractual agreements (e.g., GDPR Data Processing Agreements, HIPAA Business Associate Agreements) or their privacy practices.
  • Monitoring and Audits: We conduct regular security monitoring and periodic audits to detect and address potential vulnerabilities in our systems and vendor processes.
  • Incident Response: We maintain an incident response plan to address potential data breaches, with a commitment to notify affected users within 72 hours of confirming a breach, as required by GDPR.

YOU ARE RESPONSIBLE for safeguarding your account credentials and promptly notifying us at dpo@lovethelifeyoulive.ca if you suspect unauthorized access. While we strive to protect your data, no system is 100% secure, and we cannot guarantee absolute security.

7. INTERNAL DATA ACCESS RESTRICTIONS

Within our organization, personal data is classified according to its level of sensitivity and restricted accordingly. Our employees only have access to the appropriate level of information needed to provide services, fulfill your orders, communicate with you, and respond to your inquiries.

8. YOUR DATA PROTECTION RIGHTS 

Depending on where you live, you may have the following rights regarding your personal data:

  • Access: Request access to the personal data we hold about you.
  • Correction: Request correction or updating of inaccurate or incomplete personal data.
  • Deletion: Request deletion of your personal data. Note that deleting your account may result in loss of access to our Services or programs in which you are enrolled.
  • Objection to Processing: Object to the processing of your personal data for specific purposes (e.g., direct marketing), where applicable under GDPR.
  • Restriction of Processing: Request restriction of processing in certain circumstances, where applicable under GDPR.
  • Data Portability: Request a copy of your personal data in a structured, commonly used, and machine-readable format, where applicable under GDPR.
  • Opt-Out of Marketing: Opt out of marketing communications at any time by using unsubscribe links in our emails or updating your account settings.
  • Withdraw Consent: Withdraw your consent for data collection and processing at any time, without affecting the lawfulness of processing conducted prior to withdrawal or processing based on other lawful grounds.
  • Non-Discrimination (CCPA): Exercise your rights without discrimination, such as denial of services or different pricing, as per California law.
  • File a Complaint: File a complaint with your local data protection authority, such as the Office of the Privacy Commissioner of Canada (for Canadian residents) or an EU Supervisory Authority (for EU/UK residents), regarding our data practices.
  • For California residents, you may opt out of data sharing via our “Do Not Sell/Share” link or by contacting us at dpo@lovethelifeyoulive.ca.

To exercise these rights, contact us at dpo@lovethelifeyoulive.ca or via our web form at lovethelifeyoulive.ca/contact. We will respond within applicable legal timeframes (e.g., 30 days for GDPR, 45 days for CCPA).

9. CHILDREN’S PRIVACY 

Our Services are intended strictly for individuals aged 16 and older. The MyTimeline Health assessment requires users to confirm they are 16 or older. We do not knowingly collect data from individuals under 16. If we discover such data, we will delete it promptly.

If you are a parent or guardian who has discovered that your child under 16 has submitted personal data without your permission, you may request removal by contacting us at dpo@lovethelifeyoulive.ca, providing the child’s name and email address submitted.

 10. THIRD PARTY LINKS AND SERVICES 

Our websites may feature links to external websites and provide access to products or services from third-party entities whose privacy policies are not controlled by us. When accessing these external sites or products, any information you provide is governed by the operator’s or provider’s privacy policy.

11. INTERNATIONAL DATA TRANSFERS

Your data may be processed in countries with adequate data protection safeguards, including Canada and the US, where our vendors operate. We use safeguards, such as GDPR Standard Contractual Clauses, to ensure compliance with applicable data protection laws.

12. CAN-SPAM COMPLIANCE

Our emails include clear unsubscribe links. You may opt out of marketing communications at any time via these links or by updating your account preferences.

13 DATA RETENTION

We retain personal data for a minimum of 7 years to comply with legal obligations, such as Canadian tax requirements, and for legitimate business purposes, such as customer support and analytics. Once there is no legitimate business need to store your information, we will delete or anonymize it, unless a longer retention period is required by law. You may request deletion of your data as outlined in Section 8.

14. POLICY UPDATES

We reserve the right to revise this policy. Updates will be posted on our websites with a new Effective Date. Your continued use of the Services signifies acceptance of the revised policy.

15. CONTACT INFORMATION

For questions or to exercise your rights, contact:
Data Controller: Heather Budd
Address: 2 Bloor Street East, Suite 3500, Toronto, Ontario, M4W 1A8, Canada
Email: dpo@lovethelifeyoulive.ca
EU Data Protection Officer: Contact via dpo@lovethelifeyoulive.ca