Mystika School is an online mystery school offering spiritual education, initiatory programmes, and transformational practices. We are incorporated in Hong Kong and serve participants globally.

For the purposes of data protection law — including the EU General Data Protection Regulation (GDPR) and the UK GDPR — we act as the data controller for personal data collected through our website and programmes.

Personal Data You Provide

• Identity data: name, username
• Contact data: email address, billing address
• Financial data: payment details (processed securely via Stripe — we do not store raw card numbers)
• Account data: login credentials, purchase history, course progress
• Application data: responses to programme application forms
• Communications data: enquiries, support messages, feedback

Technical & Usage Data (Collected Automatically)

• IP address and approximate location
• Browser type and version, device type
• Pages visited, time spent, referral source
• Interaction with emails (opens, clicks)
• Advertising interaction data (via Meta Pixel, Google Analytics)

Special Category Data

Our application forms may ask about health conditions or personal circumstances relevant to participation in breathwork or somatic practices. This information is collected under your explicit consent and is used solely to assess suitability and ensure your safety. It is not shared with third parties except where required by law.

• When you place an order or create an account
• When you complete a programme application form
• When you subscribe to our email list
• When you book a call via Calendly
• Through cookies, pixels, and tracking technologies (see Section 5)
• Through advertising platforms (Meta, Google)
• When you contact us by email or through our website

We only process your data where we have a lawful basis to do so. The table below sets this out clearly:

We use cookies and similar technologies on our website. You can manage your cookie preferences via our cookie consent banner when you first visit the site.

Types of Cookies We Use

• Essential cookies: Required for the website and shop to function. Cannot be disabled.
• Analytics cookies: Google Analytics — helps us understand how visitors use our site. Only active with your consent.
• Marketing cookies: Meta Pixel and Google Ads — used for advertising, retargeting, and conversion tracking. Only active with your consent.
• Functional cookies: Remember your preferences, login state, and cart contents.

Meta (Facebook) Pixel & Conversions API

We use the Meta Pixel and Meta Conversions API (via PixelYourSite Pro) to measure the performance of our advertising and improve ad relevance. This may transmit data including IP address, browser information, purchase events, and page views to Meta Platforms, Inc.

Meta processes this data in accordance with its own Privacy Policy. You can manage your Meta ad preferences at facebook.com/ads/preferences.

Google Analytics & Google Ads

We use Google Analytics to understand website behaviour and improve user experience, and Google Ads for advertising and remarketing. You can opt out via the Google Analytics Opt-out Browser Add-on.

Managing Cookies

You can withdraw your consent for non-essential cookies at any time via our cookie banner or by adjusting your browser settings. Note that disabling certain cookies may affect the functionality of our website.

We do not sell your personal data. We may share data with the following trusted service providers who process data on our behalf under contractual safeguards:

As Mystika School operates globally and uses international service providers, your data may be transferred to and processed in countries outside your country of residence, including the United States.

Where transfers occur from the European Economic Area (EEA) or the United Kingdom to countries not deemed adequate by the relevant authority, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms to protect your data.

We retain your personal data only for as long as necessary for the purposes it was collected. Our general retention periods are:

• Customer & order data: 7 years from the date of purchase (required for tax and accounting compliance)
• Programme participation records: Duration of the programme + 3 years
• Marketing consent records: Until you unsubscribe, then 3 years for compliance records
• Application form data (health-related): 12 months from submission, unless enrolment proceeds
• Website analytics data: 26 months (Google Analytics default)
• Support communications: 3 years from resolution

When data is no longer required, it is securely deleted or anonymised.

Depending on your location, you have the following rights regarding your personal data. We will respond to all requests within 30 days.

To exercise any of these rights, email support@mystikaschool.com with your request. We may need to verify your identity before processing the request.

Our programmes are intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under 18. If you believe a minor has provided us with personal data, please contact us immediately at support@mystikaschool.com and we will delete it.

Some of our programme application forms ask about health conditions, mental health history, or personal circumstances relevant to participating in breathwork, somatic, or energetic practices. This is for your safety.

This data is classified as special category data under GDPR and equivalent laws. We process it only with your explicit consent, which you can withdraw at any time. It is stored securely, accessed only by relevant programme staff, and is never used for marketing or shared with third parties except where required by law.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect, use, and disclose
• The right to delete your personal information
• The right to opt out of the “sale” of personal information
• The right to non-discrimination for exercising your rights

To submit a CCPA request, email support@mystikaschool.com with “CCPA Request” in the subject line.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or by posting a prominent notice on our website, with an updated effective date at the top of this page.

We encourage you to review this policy periodically. Continued use of our website or programmes after changes constitutes acceptance of the updated policy.

For any questions, requests, or concerns about this Privacy Policy or how we handle your data:

We aim to respond to all privacy-related enquiries within 5 business days and to resolve requests within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority:

• UK: Information Commissioner’s Office (ico.org.uk)
• EU: Contact your national Data Protection Authority (a list is available at edpb.europa.eu)
• Australia: Office of the Australian Information Commissioner