1. Scope
This policy applies to information collected through our website, retreat registration forms, intake questionnaires, screening calls, email communications, and our mobile-friendly preparation portal. It does not apply to third-party sites we link to.
Ceremonia operates as a 508(c)(1)(a) faith-based organization for ceremonial activities involving sacramental plant medicine, and as a Colorado Natural Medicine Health Act (NMHA) licensee for psilocybin facilitation. Different categories of information are collected depending on which services you engage with.
2. Information We Collect
Information you provide to us:
- Name, email, phone, and mailing address
- Date of birth and emergency contact (for retreat participants)
- Health, medication, and mental health history (intake)
- Payment information (processed by our payment processor, we do not store full card numbers)
- Retreat preferences, intentions, and integration responses
- Free-text messages you send us
Information collected automatically:
- IP address, browser type, device, operating system
- Pages viewed, links clicked, timestamps
- Referrer URL and UTM parameters
- Cookies and similar tracking technologies (see Section 8)
3. How We Use Information
- To screen, prepare, host, and integrate retreat participants safely
- To respond to inquiries and connection-call requests
- To send service emails (registration confirmations, preparation materials, integration prompts)
- To send marketing emails when you opt in (you can unsubscribe at any time)
- To improve our website, programs, and educational materials
- To comply with legal obligations and enforce our terms
- To prevent fraud and protect the safety of participants and staff
4. Health & Sensitive Information
Our intake process collects health information, current medications, mental and physical health history, contraindications, and emergency contacts, to assess eligibility and ensure safety during ceremony. We treat this information with HIPAA-aligned safeguards even though Ceremonia is not a covered entity under HIPAA.
Specifically:
- Health information is stored in access-controlled systems with row-level isolation per participant
- Only facilitators, on-site medical staff, and operations personnel directly involved in your care can access it
- We do not sell, trade, or use health information for marketing
- You may request deletion of your health intake at any time after retreat completion
5. How We Share Information
We share information only when necessary:
- Service providers, payment processors, email delivery, scheduling, analytics, retreat venue staff (limited to what they need to host your visit)
- Medical staff and facilitators, your screening data is shared with the team holding your specific retreat
- Legal obligations, when required by law, court order, or to protect rights and safety
- Business transfers, in the event of merger, acquisition, or sale, with continued protections
We do not sell your personal information. We do not share your health information for advertising.
6. Retention
We keep information only as long as needed:
- Marketing contacts: until you unsubscribe
- Retreat intake (health): 7 years after completion (for safety and continuity), then deleted unless you request earlier removal
- Financial records: 7 years (tax compliance)
- Website analytics: aggregated and anonymized after 26 months
7. Your Rights
Depending on where you live, you may have rights to:
- Access the personal information we hold about you
- Correct inaccurate information
- Delete your information (subject to legal retention requirements)
- Object to or restrict certain processing
- Receive your information in a portable format
- Withdraw consent at any time
- Lodge a complaint with a data protection authority (EEA, UK, California residents)
To exercise any right, email privacy@ceremoniacircle.org. We respond within 30 days.
8. Cookies & Tracking
We use:
- Essential cookies, authentication, session, security (cannot be disabled without breaking the site)
- Analytics cookies, aggregate usage data via privacy-respecting analytics
- Marketing cookies, only when you consent, for retargeting and conversion measurement
Most browsers let you block cookies. Blocking essential cookies will break parts of the site.
9. Security
We use industry-standard safeguards:
- TLS encryption in transit
- Encrypted storage at rest for sensitive fields
- Row-level access isolation per participant
- Role-based access controls for staff
- Audit logging of access to health records
- Regular security review and incident-response procedures
No system is perfectly secure. We will notify affected individuals and regulators of material breaches as required by law.
10. Third-Party Services
We use third-party providers for hosting, payments, scheduling, email, video, analytics, and customer support. Each provider has its own privacy policy. We choose providers with appropriate safeguards and minimize the data shared with them.
11. Children
Our services are not intended for individuals under 18. We do not knowingly collect information from children. Retreat participation requires participants to be 21 or older.
12. International Visitors
Ceremonia is based in the United States. By using our services, you consent to the transfer of your information to the US, which may have different data protection laws than your country.
13. Changes to This Policy
We may update this policy. The “Last updated” date at the top will reflect changes. Material changes will be communicated via email to active participants and prominent notice on the site for at least 30 days.
14. Contact
Privacy questions, complaints, or requests:
- Email: privacy@ceremoniacircle.org
- General: hello@ceremoniacircle.org
See also our Terms of Service.