Skip to content
Soma

Legal

Privacy Policy

Last updated June 2026

Soma: Wellness & Meditation ("Soma", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our website and services, in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant laws. Use of the Soma app is also covered by our App Privacy Policy.

1. Information We Collect

1.1 Personal Data You Provide. When you contact us, book a course or retreat, subscribe, or create an account, we may collect:

  • Name
  • Email address
  • Phone number (optional)
  • Address (optional)
  • Payment information (processed by trusted third parties: Stripe, Apple, Google)
  • Anything you include in a contact or enquiry form

1.2 Automatically Collected Data

We may automatically collect certain information, including:

  • Device information (type, model, operating system)
  • IP address and device identifiers
  • Usage data (pages viewed, features used, time spent)
  • Crash logs and performance data
  • General location data (if permissions are granted)

1.3 Cookies and Tracking Technologies

We use cookies and similar technologies to improve performance, remember your preferences, and collect analytics. For detail, see our Cookie Policy.

2. How We Use Your Data

We use your data to:

  • Provide, manage, and personalise our website and services
  • Communicate with you about services, updates, and promotions (only if you opt in)
  • Process transactions and manage subscriptions and bookings
  • Respond to your inquiries and support requests
  • Monitor and improve our website and content
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

3. Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

  • Consent – when you have given us permission (e.g. for email/text marketing)
  • Contract – to provide services you've requested or paid for
  • Legal obligation – for regulatory compliance
  • Legitimate interest – to improve our services and ensure security

4. Sharing Your Information

We do not sell your data. We only share data as necessary.

4.1 Trusted Service Providers. Your data may be shared with:

  • Payment processors (Stripe, Apple, Google)
  • Cloud service providers (for secure storage and backups)
  • Email and marketing tools (only if you opt in)
  • Analytics platforms (e.g. Google Analytics)

4.2 Legal Compliance

We may disclose your data if required to:

  • Comply with UK law, legal process, or government requests
  • Prevent or detect fraud, abuse, or security threats
  • Protect Soma's rights, property, or safety of users

4.3 CRM & Customer Support

We use System Scaling as our CRM platform to manage client relationships, support tickets, and service delivery. Personal data stored within System Scaling is limited to what is necessary to provide these services, such as contact information and session history. System Scaling operates under strict contractual and technical safeguards to ensure the secure handling of your data.

4.4 Business Transfers

If Soma is sold, merged, or restructured, your data may be transferred to the new entity, provided it remains under the same privacy commitments.

5. Analytics and Performance Tracking

We use tools like Google Analytics to collect anonymised data about usage patterns. This helps us understand how people use the site, fix bugs and improve performance, and optimise the experience.

You can opt out of Google Analytics with this tool.

6. Data Storage, Transfers & Security

Your data is stored securely within the UK or EEA. If data is transferred outside these regions (e.g., cloud processing), we use safeguards like UK ICO-approved Standard Contractual Clauses and services based in countries with an adequacy decision.

We protect your data through encrypted storage and data transmission (HTTPS, TLS), firewalls and access controls, and regular security reviews. No system is completely secure. Please keep your login credentials confidential.

7. Children's Privacy

Our services are not intended for users under 18. We do not knowingly collect data from minors. If we learn we have done so, we will delete the information. Parents can contact us at sam@soma-meditation.com.

8. Your Rights Under UK GDPR

You have the right to:

  • Request access to your data
  • Correct inaccurate or incomplete information
  • Request data deletion (subject to legal obligations)
  • Object to or restrict processing
  • Withdraw consent at any time
  • Request data portability (if applicable)
  • Lodge a complaint with the Information Commissioner's Office (ICO)

9. Data Retention

We retain your data:

  • As long as your account is active
  • For as long as necessary for the purposes stated in this policy
  • To meet legal, tax, or regulatory obligations

10. Making Requests & Account Deletion

If you make a request, we have one month to respond. To exercise any of your rights, or to request deletion of your account and associated personal data, email us at sam@soma-meditation.com. We will process the request and delete your data unless we are legally required to retain it. If you have a Soma app account, you can also delete it from the app's Settings section.

11. Updates to This Privacy Policy

We may revise this Privacy Policy to reflect changes to our services or legal requirements. The most recent version will always be published on our website. Major changes will be communicated via the website or email.

12. Contact Details

If you have questions about this policy or your data, please contact Sam by email at sam@soma-meditation.com.

Registered Business Name: Soma Meditation Ltd. Address: Hares Farm, Hares Lane, Hook, Hampshire, UK RG27 8UL.