1. Who We Are

This website, breatheherenow.io, is operated by Breath Point OÜ, a company registered in Estonia (company no. 17418554) ("we", "us", "our"). This is the business through which Sean Paul provides breathwork facilitation, sessions, programmes, and content under the name Breathe Here Now — both online and in person.

For the purposes of the EU/EEA General Data Protection Regulation (GDPR), Breath Point OÜ is the data controller for the personal data described in this policy.

Contact:

Email: hi@breatheherenow.io
Breath Point OÜ · c/o Digireport Services OÜ, Tornimäe 5, 10145 Tallinn, Estonia
Company no.: 17418554

2. The Personal Data We Collect

We only collect what we need to run the practice and respond to you. Depending on how you interact with us, this may include:

Newsletter sign-up — your email address (and first name, if you give it) when you subscribe to One Breath through the form on this site.

Bookings and sessions — your name, email, and any details you provide when you book a session or call, including answers to intake questions (which may include health information you choose to share — see §3).

The Diamond application — the information you submit in the application form, sent to us by email.

Payments — online payments are handled by Stripe and in-person card payments by Revolut. We receive confirmation of payment and basic order details, but we do not collect or store your full card details — those are handled directly by the payment provider.

Client records — if we work together, we keep contact and relationship records (enquiries, bookings, correspondence, session history) in our customer management system to manage our work with you.

Email and messages — the contents of emails or messages you send us.

Website usage — basic technical data standard to website hosting, and any analytics or cookies described in §8.

3. Health Information (Special Category Data)

Breathwork involves some physical and psychological considerations, so you may choose to share health information with us — for example in an intake or health declaration form, or in conversation before a session — such as pregnancy, cardiovascular conditions, epilepsy, or relevant psychiatric history.

This is special category data under GDPR. We use it for one reason only: to keep you safe and to decide together whether a session or practice is appropriate for you. We process it on the basis of your explicit consent, and where relevant for reasons of health and safety. We do not use it for marketing, and we do not share it except as needed to deliver your session safely. This applies equally to online and in-person sessions.

You are never obliged to share health information — but withholding something relevant may mean we can't safely offer you a particular session.

4. Why We Use Your Data, and Our Legal Basis

What we do: Send the One Breath newsletter
Why: You asked to receive it
Legal basis (GDPR Art. 6): Consent

What we do: Deliver sessions, programmes, calls you've booked
Why: To provide the service you requested
Legal basis (GDPR Art. 6): Contract

What we do: Take and confirm payment
Why: To complete your purchase
Legal basis (GDPR Art. 6): Contract

What we do: Respond to your enquiries and applications
Why: To communicate with you
Legal basis (GDPR Art. 6): Legitimate interests / pre-contract steps

What we do: Keep client and booking records
Why: To manage our work with you
Legal basis (GDPR Art. 6): Contract / legitimate interests

What we do: Keep payment and accounting records
Why: Admin and legal obligations
Legal basis (GDPR Art. 6): Legal obligation / legitimate interests

What we do: Keep the website running and secure
Why: To operate the site
Legal basis (GDPR Art. 6): Legitimate interests

You can withdraw consent (for example, unsubscribe from the newsletter) at any time — see §7.

5. Who We Share Your Data With

We don't sell your data. We share it only with the service providers ("processors") that help us run the practice, and only as far as needed. These currently include:

Kit (email/newsletter platform) — stores subscriber details and sends emails.

Make.com (automation) — passes your sign-up details from the website form to Kit.

Capsule (customer management / CRM) — stores contact and client-relationship records to manage enquiries, bookings, and our ongoing work with you.

Cal.com (booking) — manages session and call bookings.

Stripe (online payments) — processes online card payments securely.

Revolut (in-person payments) — processes in-person card payments.

Framer (website hosting) — hosts and serves this website.

Google (email/workspace) — we use Google to receive and manage email.

Each of these providers has its own privacy policy governing how they handle data. We may also disclose data if required by law.

6. International Transfers

Some of our providers are based outside the EU/EEA (for example, in the United States or the United Kingdom). Where data is transferred outside the EEA, it is protected by appropriate safeguards — such as an adequacy decision, the European Commission's Standard Contractual Clauses, or an equivalent approved mechanism — so that your data keeps a comparable level of protection.

7. Your Rights

Under GDPR you have the right to:

access the personal data we hold about you;

ask us to correct inaccurate data;

ask us to delete your data ("right to be forgotten");

restrict or object to how we use it;

withdraw consent at any time (e.g. unsubscribe — every newsletter has an unsubscribe link);

request portability of data you provided to us.

To exercise any of these, email hi@breatheherenow.io. We'll respond within the timeframe the law requires (normally one month).

If you believe we've handled your data improperly, you have the right to lodge a complaint with a data protection supervisory authority. As our company is established in Estonia, the relevant lead authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee). You may also contact the supervisory authority in your own EU/EEA country of residence.

8. Cookies

This website uses only a small number of cookies that are necessary for the site to function. For visitor statistics we use Framer's built-in analytics, which is privacy-friendly and does not use cookies to track you — so we don't display a cookie-consent banner, because we set no non-essential cookies.

Some embedded third-party services (such as our booking and payment tools) may set their own cookies if and when you choose to use them; those are governed by the providers' own privacy policies.

You can control or delete cookies through your browser settings at any time.

9. Children

Our services are open to minors only with the written consent of a parent or guardian, in line with our professional code of practice. Where we work with a minor, a parent or guardian provides consent and the relevant health and booking information on their behalf. If you believe a minor has provided us with personal data without the required guardian consent, please contact us and we will delete it.

10. How Long We Keep Your Data

We keep personal data only as long as we need it:

Newsletter: until you unsubscribe or ask us to remove you.

Bookings and client records: for the duration of our work together and a reasonable period afterwards.

Payment and accounting records: for as long as required by law (tax and accounting rules typically require several years).

Health information: only as long as needed for your safe participation, then deleted or anonymised.

11. Security

We take reasonable measures to keep your data secure, and we work with established providers that maintain their own security standards. No method of transmission over the internet is completely secure, but we take care to protect your information.

12. Changes to This Policy

We may update this policy from time to time. When we do, we'll change the "last updated" date above. Significant changes will be made clear on this page.

13. Contact

Questions about this policy or your data:
hi@breatheherenow.io