Privacy Policy

How your information is collected, used, and cared for across this website and every sacred offering.

Your trust is the foundation of every sacred offering. This Privacy Policy explains what information is collected through dianabomeny.com (the "Site"), how that information is used, who it is shared with, and the rights you hold over it. By using the Site or engaging with any sacred offering, you agree to the practices described here. Please read this alongside our Terms of Service.

This Policy is written to meet U.S. federal and Florida state requirements, and to respect the additional rights of participants located in the European Union, the United Kingdom, Switzerland, and California. The Meditation Library is delivered through a separate mobile and web application (the "App") with its own privacy policy; please review that policy when creating an App account.

WHO WE ARE

This Site is owned and operated by Diana Bomeny ("we," "us," "our," or "Diana Bomeny"), based in Miami, Florida, United States, with a healing centre set within an ancient estate in Mallorca, Spain. For privacy inquiries, contact hello@dianabomeny.com.

For participants in the European Economic Area (EEA) and the United Kingdom, Diana Bomeny acts as the data controller for the personal information described in this Policy.

INFORMATION WE COLLECT

Information you provide directly:

- Contact details: name, email address, phone number, and mailing address when relevant.

- Booking information: the sacred offering you have booked, session preferences, date and time, and any notes you share with us.

- Payment information: billing details processed securely through our payment providers. We do not store full card numbers on our own servers.

- Health and wellness disclosures: the information you share on intake forms, health questionnaires, and retreat applications, including conditions, medications, injuries, pregnancy status, and anything you feel is relevant to your practice. This is collected because it is required to safely hold the space for you.

- Account details: username and password where you create an account.

- Communications: messages, emails, replies, and feedback you send to us.

- Testimonials and reviews: any written, audio, or video content you choose to share.

- Photography and video consent: your opt-in preference for each in-person offering.

Information collected automatically:

- Device and browser data: IP address, browser type, operating system, device identifiers, and language settings.

- Usage data: pages viewed, time spent, links clicked, referring sources, and approximate location derived from IP.

- Cookies and similar technologies: small data files that help the Site function and allow us to understand how visitors use it. See the Cookies section below.

Information from third parties:

- Payment confirmation and fraud-prevention data from our payment processors.

- Booking confirmations and calendar data from our scheduling platform.

- Email engagement data from our email service provider.

- Analytics and ad-performance data from platforms such as Google Analytics and, where applicable, Meta.

- Social media handles and public content when you engage with us through Instagram, TikTok, Pinterest, or other platforms.

HOW WE USE YOUR INFORMATION

We use your information to:

- Deliver sacred offerings — confirm bookings, send arrival details, hold space safely, and follow up after a session or retreat.

- Provide the Meditation Library experience through our App partner, where applicable.

- Process payments, issue receipts, and handle refunds.

- Communicate with you — responding to messages, sending appointment reminders, and following up on an enquiry.

- Send newsletters, teachings, offering announcements, and event invitations — only with your consent and always with a clear unsubscribe link.

- Personalise your experience on the Site and improve the content we create.

- Understand performance — which pages resonate, where visitors arrive from, and how to refine the teaching.

- Maintain the integrity and security of the Site — preventing fraud, abuse, and unauthorised access.

- Meet legal, accounting, tax, and regulatory obligations.

- Defend or exercise legal rights where necessary.

LEGAL BASES FOR PROCESSING (EEA / UK PARTICIPANTS)

Where the GDPR or UK GDPR applies, we process personal information on one or more of the following legal bases:

- Contract: to deliver a sacred offering you have booked or a subscription you have purchased.

- Consent: for marketing emails, non-essential cookies, and photography or video that identifies you.

- Legitimate interests: to run and improve the Site, understand engagement, prevent misuse, and communicate with existing participants in a manner they would reasonably expect.

- Legal obligation: to comply with tax, accounting, and regulatory requirements.

- Vital interests: where processing is necessary to protect your health or safety, for example during an emergency at a retreat.

You can withdraw consent at any time, and doing so does not affect the lawfulness of processing carried out before withdrawal.

HEALTH INFORMATION

Health information shared with us — whether on an intake form, a retreat application, or in conversation — is treated with particular care. It is used only to safely prepare for your session, inform the teacher holding your practice, and respond appropriately if something arises during an offering. It is not used for marketing, not sold, and not shared with third parties other than staff directly supporting your offering.

Diana Bomeny is not a HIPAA-covered entity. If you have mental or physical health concerns that require professional care, please consult a licensed clinician. Your health information is stored on access-restricted systems and is retained only for as long as needed for the offering and any related follow-up, after which it is securely deleted or anonymised.

COOKIES AND TRACKING TECHNOLOGIES

The Site uses cookies and similar technologies to function properly and to help us understand how it is used.

- Strictly necessary cookies enable core Site functions such as navigation, secure login, and checkout.

- Preference cookies remember choices you have made, such as language or region.

- Analytics cookies help us understand traffic and content performance, typically through Google Analytics.

- Marketing and advertising cookies, where used, allow us to reach visitors who have shown interest in our offerings — for example, through Meta (Instagram and Facebook) or Pinterest.

On your first visit you will see a cookie banner. You can accept, reject non-essential cookies, or adjust your preferences at any time. You can also control cookies through your browser settings. Blocking some cookies may limit parts of the Site.

THIRD PARTIES WE WORK WITH

We share personal information only with service providers who help us operate the business, and only to the extent needed for that purpose. Current categories include:

- Website hosting and domain (Squarespace or equivalent)

- Payment processing (for example, Stripe, PayPal, or Apple Pay)

- Scheduling and booking (for example, Acuity, Calendly, or Squarespace Scheduling)

- Email marketing (for example, Flodesk, ConvertKit, or Mailchimp)

- Course and membership platforms

- Meditation Library app provider

- Analytics (for example, Google Analytics)

- Advertising platforms (Meta, Pinterest, TikTok), where advertising campaigns are active

- Cloud storage and productivity (for example, Google Workspace)

- Accounting, legal, and professional advisers

Each of these providers is subject to their own privacy practices. Where possible, we select providers that offer strong security, clear data-processing terms, and the ability to honour international transfers lawfully.

We do not sell your personal information, and we do not share it for cross-contextual behavioural advertising in exchange for value.

INTERNATIONAL DATA TRANSFERS

Diana Bomeny operates between Miami, Mallorca, and worldwide. This means your information may be processed in the United States, Spain, the European Union, and in other countries where our service providers operate.

Where we transfer personal information from the EEA, the UK, or Switzerland to a country that does not provide an equivalent level of data protection, we rely on lawful transfer mechanisms such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and additional safeguards where appropriate. You can request more information about these safeguards by emailing hello@dianabomeny.com.

HOW LONG WE KEEP YOUR INFORMATION

We keep personal information only for as long as needed for the purpose for which it was collected and to meet legal, accounting, or regulatory obligations.

- Booking and session records: typically retained for up to 7 years for tax and accounting purposes.

- Health intake forms: retained for the duration of the working relationship and for a reasonable period after, then securely deleted or anonymised.

- Email marketing lists: retained until you unsubscribe or request removal.

- Account information: retained while your account is active, then deleted or anonymised within a reasonable window after closure.

- Testimonials: retained until you request their retirement.

- Analytics data: retained in aggregated or pseudonymised form, typically for up to 26 months.

Where longer retention is required by law — for example, for financial records — we keep the minimum information necessary and protect it accordingly.

YOUR RIGHTS

You have meaningful rights over your personal information. Depending on where you live, these may include:

- The right to access the personal information we hold about you.

- The right to correct inaccurate or incomplete information.

- The right to delete your information, subject to legal and contractual exceptions.

- The right to restrict or object to certain processing.

- The right to data portability — to receive your information in a structured, commonly used format.

- The right to withdraw consent at any time, including for marketing emails and non-essential cookies.

- The right to opt out of the sale or sharing of personal information, even though we do not sell personal information.

- The right not to be discriminated against for exercising a privacy right.

- The right to lodge a complaint with a data protection authority (such as the Information Commissioner's Office in the UK or your local EU supervisory authority).

To exercise any of these rights, email hello@dianabomeny.com. We may ask you to verify your identity before acting on your request, and we will respond within the timeframe required by applicable law — typically within 30 days.

You can unsubscribe from marketing emails at any time through the unsubscribe link in any email, or by emailing us directly. Essential transactional messages — such as booking confirmations and receipts — will continue regardless of marketing preferences.

CALIFORNIA PRIVACY RIGHTS

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including the rights to know, delete, correct, and limit the use of sensitive personal information. We do not sell personal information and do not share it for cross-contextual behavioural advertising in exchange for value. To exercise your California rights, email hello@dianabomeny.com.

SECURITY

We take reasonable and appropriate measures to protect your information from loss, misuse, unauthorised access, disclosure, alteration, and destruction. These measures include encrypted connections, access controls, vetted service providers, and staff training. No system is entirely secure, however, and we cannot guarantee absolute protection. Please help us by using a strong password and notifying us immediately if you suspect unauthorised access to your account.

CHILDREN'S PRIVACY

Sacred offerings are intended for participants aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided personal information to us, please contact hello@dianabomeny.com and we will delete the information promptly.

THIRD-PARTY LINKS

The Site may link to third-party websites and platforms — streaming services for mantra music, social media, scheduling tools, course platforms, or partner venues. This Policy does not apply to those sites. Please review the privacy policy of any third-party service before sharing personal information with it.

AUTOMATED DECISION-MAKING

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page shows when the most recent version took effect. Material changes will be announced on the Site or by email where appropriate. Continued use of the Site after changes take effect means you accept the updated Policy.

CONTACT

Questions about this Privacy Policy, your information, or a request to exercise your rights are welcome.

Email: hello@dianabomeny.com

Postal address available on request.

If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD).

Return to the home page and continue exploring the sacred offerings.

Return Home

Effective Date: January 1, 2026

Privacy Policy

The practice is waiting for you.

Diana Bomeny

The practice is
waiting for you.