Privacy Policy

Effective date: August 20, 2025
Website: https://summit40.org/
Controller/Owner: Spinach & Yoga Inc. (Florida Profit Corporation, Document No. P17000055919)
Principal address: 50 South Pointe Drive, Unit 1201, Miami Beach, FL 33139, USA
Privacy contact: info@summit40.org
This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit summit40.org, register for our events, join our communications, or interact with our services (collectively, the “Services”). If you do not agree with this Policy, please do not use the Services.

1) Who we are & scope

Spinach & Yoga Inc. operates summit40.org and related pages, forms, and event experiences (live and recorded). This Policy applies to information collected online through the site and any linked forms or integrations we control. It does not cover third-party websites we link to or pages operated by speakers/sponsors.
We are not a HIPAA-covered entity. Do not submit protected health information (PHI). If you voluntarily share health-related details (e.g., symptoms or goals), we process them as ordinary personal data under applicable privacy laws.

2) Age

Our Services are intended for adults (18+). We do not knowingly collect personal data from children.

3) What we collect

Information you provide

  • Identity & contact: name, email, telephone.
  • Registration & transactions: chosen ticket/product, billing name, email, and limited payment metadata. We do not store full card numbers; payments are processed by a third-party processor (e.g., Stripe/PayPal).
  • Communications: messages you send us; support requests; survey responses; testimonials (with your consent).
  • Community/event data (if used): your username and activity in our Telegram group or webinar chats/Q&A.
  • Content preferences/consents: marketing opt-in choices; cookie preferences.

Information collected automatically

  • Usage & device data: pages viewed, links clicked, referrers, approximate location (city/country), browser, device, OS, IP address (with GA4 IP truncation where available).
  • Cookies & similar technologies: analytics (e.g., Google Analytics 4), advertising/retargeting (e.g., Meta Pixel), functional cookies, and consent-management cookies. See Cookies below.

Information from third parties

  • Payment processors (e.g., Stripe/PayPal) return payment status and limited fraud signals.
  • Ad/analytics partners provide aggregated audience and campaign metrics.
  • Email/CRM tools (e.g., a common ESP) provide delivery/open/click statistics.


We do not intentionally collect sensitive categories (e.g., race, precise geolocation, government IDs). Please avoid sharing such data.

4) Why we use your information (purposes & legal bases)

We use your data to:

  • Provide Services (process registrations/orders, grant access to live sessions and replays, send transactional notices).
  • Communicate (respond to inquiries; send educational content, updates, and promotional emails if you opt-in).
  • Improve & secure the site (analytics, debugging, fraud prevention).
  • Marketing & retargeting (only with appropriate consent where required, and with opt-out options).
  • Comply with law (tax, accounting, record keeping; respond to lawful requests).


GDPR/UK GDPR legal bases: performance of a contract; legitimate interests (site security, core analytics, simple audience measurement); consent (marketing emails in some regions, non-essential cookies, retargeting); legal obligation.

5) Cookies, pixels & preference center

We use cookies and similar technologies for:

  • Essential functions (security, load balancing, consent logging).
  • Analytics/measurement (e.g., GA4).
  • Advertising/retargeting (e.g., Meta Pixel).


EU/UK: We obtain prior consent for non-essential cookies.
US/other regions: We rely on consent/opt-out as required by state law.
You can manage preferences at any time via our Cookie Settings link (footer) or your browser settings. Where supported, we honor Global Privacy Control (GPC) signals for applicable jurisdictions.
Examples of cookies (non-exhaustive): _ga, _gid (analytics); _fbp (advertising); cookie_consent (preference).

6) Sharing & disclosures

We share data with service providers that help us operate the Services, under contracts that limit their use to our instructions:
Hosting/CDN & security (e.g., reputable US/EU providers, Cloudflare-type services).

  • Email/CRM & marketing (common ESP/marketing automation platform).
  • Payments (e.g., Stripe/PayPal) – we don’t store full card details.
  • Webinar/video (e.g., Zoom/Vimeo/YouTube) for live sessions and replays.
  • Analytics & ads (e.g., Google, Meta) for measurement and retargeting.
  • Professional advisors (accountants, legal counsel) and authorities where legally required.
  • We do not sell personal information for money. We may “share” (as defined by the California Privacy Rights Act) identifiers and internet activity data with advertising partners for cross-context behavioral advertising only with consent where required. You can opt out via Your Privacy Choices (see California section).


If we reorganize or sell part of our business, your data may transfer to the successor subject to this Policy.

7) International data transfers

We are US-based and may transfer data internationally. For EEA/UK residents, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) for transfers to service providers outside your region.

8) Retention

We keep personal data only as long as necessary for the purposes above:

  • Marketing contacts: typically 24 months after your last interaction (unsubscribe sooner at any time).
  • Customer/order records: at least 7 years to meet tax/accounting requirements.
  • Event assets (recordings/chat logs): typically 24 months, unless you request removal and it’s feasible without degrading the product.
  • Cookie consent logs: up to 24 months or as required by law.


We delete or anonymize data when it is no longer needed.

9) Security

We use administrative, technical, and physical safeguards, including TLS encryption in transit, role-based access, least-privilege principles, and multi-factor authentication for admin tools where available. No method is 100% secure; please use strong, unique passwords and keep them confidential.

10) Your rights

Your rights depend on your location but may include:

  • Access, correction, deletion, portability
  • Restrict or object to certain processing
  • Withdraw consent (e.g., marketing; non-essential cookies)
  • Appeal a decision (where required by state law)
  • Complain to a regulator


To exercise rights, email info@summit40.org. We may verify your identity before responding.

11) California privacy notice (CPRA)

Categories collected: identifiers (e.g., name, email, IP), internet activity (usage data, device info), commercial info (orders), geolocation (coarse), inferences (audience segments).

Sources: you; your device; service providers; partners.

Purposes: as described above.

Disclosures for business purposes: service providers and contractors listed in Sharing & disclosures.

Sale/Share: we do not sell for money. We may share for cross-context behavioral advertising with partners like Meta/Google with opt-out rights.

Your California rights: access/know, correct, delete, portability, opt-out of sale/share, limit use of sensitive personal info (we do not use SPI for purposes requiring a “Limit Use” link).

To opt out of sale/share, use Your Privacy Choices in the footer or email info@summit40.org and adjust cookie settings (including GPC signals).
Authorized agents may submit requests with appropriate proof. We will not discriminate for exercising rights.

12) EU/UK residents (GDPR/UK GDPR)

You have the rights of access, rectification, erasure, restriction, portability, and objection, and to withdraw consent at any time (without affecting prior lawful processing). You may lodge a complaint with your local supervisory authority. Our primary contact for GDPR matters is info@summit40.org.

13) Communications & marketing

  • Transactional emails (e.g., receipts, event access) are necessary to deliver your purchase.
  • Marketing emails are sent only with consent where required and always include an unsubscribe link.
  • SMS/Telegram (if offered) are opt-in and may be stopped at any time using provided instructions.

14) Community & events

If you join our Telegram group or attend live sessions, your username, profile image, chat messages, Q&A entries, and reactions may be visible to other participants. We may record sessions for later replay. By submitting questions or testimonials, you grant us permission to use them in the event context; we seek explicit permission before using identifiable testimonials in marketing.

15) Third-party links

Our site may link to external pages (e.g., speakers, sponsors, platforms). We are not responsible for their privacy practices. Review their policies before providing data.

16) Changes to this Policy

We may update this Policy from time to time. The “Effective date” will indicate the latest version. Material changes will be highlighted on the site.

17) Contact

Spinach & Yoga Inc.
50 South Pointe Drive, Unit 1201
Miami Beach, FL 33139, USA
Email: info@summit40.org

18) Region-specific options & links (placeholders to implement on the site)

Cookie Settings / Manage Preferences → /cookie-settings

Your Privacy Choices (Do Not Sell or Share My Personal Information) → /privacy-choices

Data Request Form (optional) → /privacy-request