Privacy Policy

Last Updated: October 2, 2025

At ARGO Holistic, we are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

This policy complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

Quick Navigation

1. Information We Collect

1.1 Information You Provide Directly

  • Contact Forms: Name, email address, subject line, and message content
  • Enneagram Test: Name, email address, test responses, and personality assessment data
  • Newsletter Subscription: Email address and subscription preferences
  • Payment Information: Processed securely through Stripe (we do not store credit card details)
  • Booking Information: Name, contact details, and appointment preferences (via Setmore)

1.2 Information Collected Automatically

  • IP Address: Collected for security, rate limiting, and analytics
  • Device Information: Browser type, operating system, device identifiers
  • Usage Data: Pages visited, time spent on pages, referring websites
  • Cookies: Session cookies, rate-limiting cookies, and functional cookies (see Section 4)
  • Geolocation: Approximate location based on IP address

1.3 Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Consent: For newsletter subscriptions and non-essential cookies
  • Contract Performance: To provide services you've requested (tests, coaching)
  • Legitimate Interest: For security, fraud prevention, and service improvement
  • Legal Obligation: To comply with applicable laws and regulations

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our website and services
  • Process and deliver your Enneagram test results via email
  • Respond to your inquiries and provide customer support
  • Send you newsletters and marketing communications (with your consent)
  • Process payments and fulfill service bookings
  • Prevent fraud, spam, and abuse through rate limiting and security measures
  • Analyze aggregated usage patterns to improve our services
  • Conduct research on Enneagram types (using anonymized, aggregated data only)
  • Comply with legal obligations and protect our legal rights

Important: We will never sell, rent, or share your personal information with third parties for their marketing purposes. Your data remains strictly confidential.

3. Third-Party Services

We use the following third-party service providers to operate our website and deliver services:

πŸ” Cloudflare (Hosting & Security)

Purpose: Website hosting, CDN, DDoS protection, rate limiting
Data Shared: IP address, browser information, cookies
Privacy Policy: cloudflare.com/privacypolicy

πŸ€– Cloudflare Turnstile (CAPTCHA)

Purpose: Bot detection and spam prevention on forms
Data Shared: Browser fingerprint, behavioral data
Privacy Policy: cloudflare.com/privacypolicy

πŸ“§ Resend (Email Delivery)

Purpose: Sending test results, wing results, and transactional emails
Data Shared: Email address, name, email content
Privacy Policy: resend.com/legal/privacy-policy

πŸ’³ Stripe (Payment Processing)

Purpose: Secure payment processing for premium services
Data Shared: Name, email, payment information (processed directly by Stripe)
Privacy Policy: stripe.com/privacy

πŸ“… Setmore (Appointment Booking)

Purpose: Scheduling 1:1 coaching sessions
Data Shared: Name, email, phone number, appointment details
Privacy Policy: setmore.com/privacy

πŸ—„οΈ Upstash Redis (Rate Limiting)

Purpose: Temporary storage for rate limiting and abuse prevention
Data Shared: Hashed IP addresses, device fingerprints (automatically expires)
Privacy Policy: upstash.com/privacy

πŸ”€ Google Fonts

Purpose: Web fonts for typography
Data Shared: IP address (when fonts are loaded)
Privacy Policy: policies.google.com/privacy

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and protect our services.

Types of Cookies We Use:

βœ… Essential Cookies (Required)

  • Session Cookies: Maintain your session state during test-taking and payment flows
  • Security Cookies: Rate limiting, bot detection, and fraud prevention
  • Turnstile Tokens: Validate form submissions and prevent spam

βš™οΈ Functional Cookies

  • Preference Cookies: Remember your language and display settings
  • Progress Cookies: Save your test progress (stored locally in your browser)

Local Storage

We use browser localStorage to temporarily save your Enneagram test progress. This data never leaves your device until you submit the test. You can clear this data at any time through your browser settings.

Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may limit functionality of our website and services.

5. Data Storage and Security

Where Your Data is Stored

  • Cloudflare D1 Database: Test results, email subscriptions, payment records (encrypted at rest)
  • Upstash Redis: Temporary rate-limiting data (auto-expires within 24 hours)
  • Resend: Email delivery logs (retained per their policy)
  • Stripe: Payment records (retained per their policy and PCI-DSS requirements)

Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption: All data transmitted via HTTPS/TLS 1.3, database encryption at rest
  • Algorithm Protection: Proprietary Enneagram algorithms are encrypted using AES-256-GCM
  • Access Controls: Strict authentication and authorization for administrative access
  • Rate Limiting: Prevents brute-force attacks and abuse
  • Regular Security Audits: Ongoing monitoring and vulnerability assessments
  • DDoS Protection: Cloudflare's enterprise-grade protection

Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify affected users within 72 hours in compliance with GDPR requirements and applicable laws.

6. Your Privacy Rights

Depending on your location, you have the following rights regarding your personal data:

πŸ‡ͺπŸ‡Ί GDPR Rights (EU/UK/EEA Residents)

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time
  • Right to Lodge a Complaint: Contact your local data protection authority

πŸ‡ΊπŸ‡Έ CCPA Rights (California Residents)

  • Right to Know: What personal information we collect and how we use it
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (note: we do not sell data)
  • Right to Non-Discrimination: Equal service regardless of exercising your rights

πŸ‡¨πŸ‡¦ PIPEDA Rights (Canadian Residents)

  • Right to Access: Request access to your personal information
  • Right to Correction: Correct errors in your personal data
  • Right to Withdraw Consent: Withdraw consent for data processing
  • Right to Lodge a Complaint: Contact the Office of the Privacy Commissioner of Canada

πŸ“§ Email Marketing Rights

Unsubscribe Anytime: Every marketing email includes an unsubscribe link. You can opt-out at any time, and we will process your request within 48 hours.

How to Exercise Your Rights

To exercise any of these rights, please contact us through our contact form. We will respond to your request within 30 days.

7. International Data Transfers

ARGO Holistic is based in Canada πŸ‡¨πŸ‡¦. Your data may be transferred to and processed in countries outside your country of residence, including the United States and European Union.

We ensure appropriate safeguards are in place for international data transfers, including:

  • Standard Contractual Clauses (SCCs) with service providers
  • Compliance with GDPR Chapter V for EU data transfers
  • Use of service providers certified under applicable data protection frameworks

8. Children's Privacy (COPPA Compliance)

Our services are not directed to children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will delete such information from our systems within 48 hours.

9. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

  • Test Results: Retained indefinitely to provide access to your results and for research (anonymized)
  • Email Subscriptions: Until you unsubscribe or request deletion
  • Contact Form Messages: Processed immediately, not stored long-term
  • Payment Records: Retained for 7 years for tax and legal compliance
  • Rate Limiting Data: Automatically expires within 24 hours
  • Session Cookies: Expire when you close your browser

You may request deletion of your data at any time by contacting us (see Section 6).

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

What we'll do: We will post the updated policy on this page with a new "Last Updated" date. For material changes, we will notify you via email or a prominent notice on our website at least 30 days before the changes take effect.

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

ARGO Holistic
Based in Canada πŸ‡¨πŸ‡¦

Contact Form: argoholistic.com/contact.html

Response Time: We respond to all privacy-related inquiries within 30 days (or sooner when required by law).

Additional Disclosures

  • No Sale of Data: We do not sell, rent, or trade your personal information to third parties.
  • Aggregated Research: We may use anonymized, aggregated test data for Enneagram research. Individual responses are never identifiable.
  • Legal Requests: We may disclose your information if required by law, court order, or to protect our legal rights.
  • Business Transfers: In the event of a merger or acquisition, your data may be transferred to the new entity (you will be notified).

Thank you for trusting ARGO Holistic with your wellness journey. Your privacy matters to us. πŸ™