Carmen LorenzanaMenstrual Cycle Coach

Privacy Policy

Last Updated: January 2026

1. Who We Are

The Data Controller for your information is Carmen Lorenzana, based in Helsinki, Finland. You can contact us at [email protected].

2. What Personal Data We Collect

We collect information to provide our services to you. This includes:

  • Identity Data: Name, username.
  • Contact Data: Email address, billing address.
  • Transaction Data: Details about payments and products you have purchased.
  • Technical Data: IP address, browser type, and cookies (to help the website function).
  • Analytics Data: Pages visited, time spent on pages, referral source, device type, and general geographic location (country/city level, NOT precise location).

3. How We Collect Your Data

We use the following third-party processors to handle your data securely:

  • Podia: We use Podia to host our courses and manage our email list. When you purchase a course or join a waitlist, your data is stored securely on Podia's servers.
  • Stripe / PayPal: We do not store your credit card information. All payment transactions are processed through secure third-party payment gateways.
  • Google Analytics 4 (GA4): With your consent, we use GA4 to understand how visitors interact with our website. See Section 7 for detailed information about cookies and consent.
  • Calendly: We use Calendly to schedule coaching sessions. When you book a session, you interact directly with Calendly's booking system. See Calendly's Privacy Policy.
  • Google Fonts: We load fonts (Fraunces, Nunito) from Google's servers to display our website. This may transmit your IP address to Google. See Google's Privacy Policy.
  • YouTube: We embed videos from YouTube on some pages. Videos only load when you click to play them, at which point YouTube may set cookies on your device. See YouTube's Privacy Policy.
  • Cloudflare Turnstile: We use Cloudflare Turnstile on our contact form to protect against spam and automated abuse. Turnstile is a privacy-preserving alternative to traditional CAPTCHAs — it does NOT set cookies or track you across websites. It only processes minimal data (such as browser signals) to verify you are human. See Cloudflare's Privacy Policy.

4. How We Use Your Data

  • To deliver the course or coaching services you purchased.
  • To send you emails related to your purchase (e.g., login details).
  • To send you our newsletter (only if you have explicitly opted in). You can unsubscribe at any time.
  • To analyze website performance and improve user experience (with your consent for analytics).
  • To comply with legal obligations (e.g., tax laws in Finland).

5. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Ask us to correct wrong data.
  • Erasure ("Right to be Forgotten"): Ask us to delete your data (unless we are required to keep it for tax purposes).
  • Restriction: Ask us to limit how we use your data in certain circumstances.
  • Data Portability: Request your data in a portable, machine-readable format.
  • Withdraw Consent: Unsubscribe from our emails or withdraw cookie consent at any time.
  • Lodge a Complaint: You have the right to lodge a complaint with the Finnish Data Protection Authority (Tietosuojavaltuutetun toimisto) at tietosuoja.fi if you believe your rights have been violated.

To exercise any of these rights, please email [email protected].

6. Legal Basis for Processing

Under GDPR, we must have a lawful basis to process your personal data. We rely on the following:

  • Contract: Processing necessary to deliver courses or coaching services you purchased.
  • Consent: For sending newsletters and using analytics cookies (only with your explicit permission).
  • Legal Obligation: To comply with tax and accounting laws in Finland.
  • Legitimate Interest: To protect the security of our website and prevent fraud.

7. Cookies and Consent

What Are Cookies

Cookies are small text files stored on your device to help websites function and remember your preferences.

Cookies We Use

Cookie/StorageProviderPurposeDuration
_gaGoogleDistinguishes unique users (analytics)2 years
_ga_*GoogleMaintains session state (analytics)2 years
ad_storage, etc.GoogleConsent signals for internal marketing audiences (no external ads shown on site)2 years
YSCYouTubeTracks video views (set when you play a video)Session
VISITOR_INFO1_LIVEYouTubeEstimates bandwidth for video playback6 months
cookie_consentThis siteStores your consent choice (localStorage)Persistent
sb-*-auth-tokenSupabaseAuthentication session (if you create an account)Session

Note: Items marked "localStorage" are stored locally in your browser and are never transmitted to our servers. YouTube cookies are only set when you choose to play an embedded video.

Google Analytics 4 (GA4)

If you consent to analytics cookies, we use Google Analytics 4 to understand website performance. This includes:

  • Data collected: Pages viewed, time on site, device/browser information, general geographic location (country/city level), and referral source.
  • IP Anonymization: IP addresses are anonymized before storage.
  • Data Processor: Data is processed by Google LLC. See Google's Privacy Policy.

Your Consent Choices

When you first visit our website, you will see a consent banner. Analytics cookies are NOT placed until you click "Accept." You can:

  • Accept analytics cookies to help us improve the website
  • Reject analytics cookies (the site still works fully)
  • at any time

Google Consent Mode v2

We use Google Consent Mode v2 to respect your privacy choices. When you decline analytics:

  • No identifying cookies are stored on your device
  • Consent signals are sent to Google to ensure your preferences are respected across Google services
  • Advertising signals (`ad_storage`, `ad_user_data`, `ad_personalization`) are also managed. Even though we do not display third-party ads on our website, these signals allow us to build anonymous audiences (e.g., "course purchasers") for our own future marketing efforts.
  • Basic cookieless measurement may still occur (aggregated, non-identifying data only) to help us understand general traffic patterns

8. Data Retention

We retain your data only as long as necessary for the purposes described:

  • Analytics data: Retained for 14 months, then automatically deleted.
  • Email subscriber data: Kept until you unsubscribe or request deletion.
  • Transaction records: Retained for 6 years to comply with Finnish tax law.
  • Coaching session notes: Deleted upon request or 2 years after service completion.

9. International Data Transfers

Some of our service providers (Google, Podia, Stripe, Cloudflare) may transfer your data outside the European Economic Area (EEA). When this happens, your data is protected by:

  • EU Standard Contractual Clauses (SCCs)
  • EU-US Data Privacy Framework (where applicable)
  • Provider-specific security certifications and compliance measures

For more details about how these providers handle your data, please see their respective privacy policies: Google, Podia, Stripe, Calendly, YouTube, Cloudflare.