Privacy Policy
At The Calm Circus, we believe that trust is the foundation of every retreat we host. This Privacy Policy explains what personal information we collect when you use our website (thecalmcircus.com), why we collect it, how we use it, and your rights in relation to it. It is written in compliance with the Information Technology Act, 2000, the IT (Amendment) Act, 2008, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and is aligned with the Digital Personal Data Protection Act, 2023 (“DPDP Act”).
1. Who We Are
The Calm Circus is a wellness brand based in Bangalore, India, offering nature-based day retreats. We operate this website to provide information about our retreats and to enable booking.
For any privacy-related questions, you can reach us at:
- Email: romeo@thecalmcircus.com
- WhatsApp: +91 98452 71737
If you have a complaint, concern, or request about how we handle your personal data, our Grievance Officer (details in Section 9) will respond within 30 days.
2. Information We Collect
We collect the minimum information needed to manage your booking and communicate with you.
When you make a booking
- Full name
- Email address
- Mobile phone number
- Preferred retreat date and number of attendees
- Any message you choose to include
When you create an account or sign in
If you sign in with Google or Facebook, those platforms share your name and email address with us. We do not receive your password from these providers, nor do we receive your social media posts, friends lists, or any other profile data beyond name and email.
What we do not collect
- Payment card numbers or net banking credentials. Payments are made directly via UPI — you initiate the transfer from your own UPI app to our UPI ID. We do not see or store your bank or UPI account details.
- Aadhaar number, PAN, or any government-issued ID.
- Health or medical information.
- Location data beyond the city (Bangalore) you are booking a retreat in.
3. Why We Collect It
| Data | Purpose |
|---|---|
| Name | Identify your booking; address you personally in communications |
| Send booking confirmation, retreat details, payment reminder, and important updates | |
| Phone | WhatsApp confirmation message; emergency contact on retreat day |
| Retreat date & headcount | Reserve your slot; plan retreat capacity |
| Google / Facebook account link | Let you sign in without a password; associate your booking history with your account |
We do not use your personal data for automated profiling, behavioural advertising, or sale to third parties.
4. How We Share Your Information
We share your information only to the extent needed to provide the service.
Google LLC — If you choose to sign in with Google, we receive your name and email via Google's OAuth 2.0 service. Google's own Privacy Policy governs their handling of data during this process.
Meta Platforms, Inc. — If you choose to sign in with Facebook, we receive your name and email via Facebook's OAuth service. Meta's own Data Policy governs their handling.
No other third-party sharing. We do not sell, rent, or trade your personal information to marketers, data brokers, or any other party. We do not use third-party analytics tools (such as Google Analytics) that track individual users across sessions.
Legal disclosure. We may disclose your information if required by a court order, government authority, or applicable Indian law.
5. How We Store and Protect Your Data
Your data is stored in MongoDB Atlas, a cloud database service hosted in secure data centres. We apply the following measures:
- Access to the database is restricted to authorised personnel only, via IP-whitelisted connections.
- Passwords are hashed using bcrypt and never stored in plain text.
- All data in transit is encrypted via HTTPS/TLS.
- Our session tokens are stored in HTTP-only cookies, inaccessible to browser scripts.
We follow the "reasonable security practices and procedures" standard prescribed under Rule 8 of the IT Rules, 2011.
No method of transmission or storage is 100% secure. If you have reason to believe your interaction with us is no longer secure, please contact us immediately at romeo@thecalmcircus.com.
6. How Long We Keep Your Data
We retain your booking information for a period of three years from your last retreat date. This is to maintain booking history, respond to disputes, and comply with financial record-keeping requirements. After this period, your records are permanently deleted.
If you request deletion before this period, we will delete your data unless we are legally required to retain specific records (for example, a payment audit trail).
7. Your Rights
Under the IT Rules, 2011 and the DPDP Act, 2023, you have the following rights:
- Right to access — You may request a copy of the personal data we hold about you.
- Right to correction — You may ask us to correct inaccurate or incomplete information.
- Right to erasure — You may ask us to delete your personal data. We will comply within 30 days except where retention is required by law.
- Right to withdraw consent — You may withdraw your consent to receive marketing communications at any time by emailing us or clicking "Unsubscribe" in any email we send.
- Right to grievance redressal — You have the right to raise a complaint with our Grievance Officer (Section 9).
To exercise any of these rights, email romeo@thecalmcircus.com with the subject line "Privacy Request" and describe your request. We will respond within 30 days.
8. Cookies
Our website uses a single essential cookie: cc_token, an HTTP-only session cookie that keeps you logged in. It is set only when you sign in and expires when you log out or after 7 days, whichever comes first.
We do not use advertising cookies, tracking pixels, or cross-site cookies.
9. Grievance Officer
As required under the Information Technology (Amendment) Act, 2008, we have designated a Grievance Officer for privacy-related complaints:
Name: Romeo Mahato
Designation: Founder, The Calm Circus
Email: romeo@thecalmcircus.com
Phone: +91 98452 71737
Response time: Within 30 days of receipt of complaint
10. Changes to This Policy
We may update this policy when our practices change or when the law requires it. The "Last Updated" date at the top of this page will reflect any changes. For material changes, we will notify you by email if you have an account with us.
Your continued use of the website after an update constitutes acceptance of the revised policy.
11. Governing Law
This Privacy Policy is governed by and construed in accordance with the laws of India. Any disputes arising in relation to this policy shall be subject to the exclusive jurisdiction of the courts in Bangalore, Karnataka, India.