Last Updated: March 2026
Vadma LLC ("we," "us," "our," or "the Institute") is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, share, and protect your information when you visit vadma.org, participate in our neuro-somatic training or sessions, or communicate with us.
By using our services, you acknowledge that you have read and understood this Privacy Policy.
Data Controller: Vadma LLC 447 Broadway, 2nd Floor, 1312 New York, NY 10013, USA
Privacy Contact: [email protected]
For any questions about this Privacy Policy or to exercise your data protection rights, please contact us at the email address above.
We collect the following categories of personal data:
Identity & Contact Data: Full name, email address, phone number, physical address, country of residence, date of birth, passport/ID number (for practitioner certification purposes), and WhatsApp contact details.
Health & Wellness Data: Information provided via health screening and intake forms regarding your physical and mental health, including cardiac history, vasovagal history, and other contraindication screening. This is classified as special category data (sensitive data) and is processed only with your explicit consent (see Section 4).
Transaction & Financial Data: Payment amounts, dates, invoice details, and transaction records processed via Stripe, PayPal, or bank transfer. We do not store your full credit card numbers or financial account details.
Training & Certification Data: Enrollment records, certification status, training attendance, mentorship participation, session logs, and progression through certification levels.
Communication Data: Records of your interactions with us via email, SMS, WhatsApp (via Wazzap integration), and our GoHighLevel platform, including support inquiries and scheduling communications.
Technical Data: IP address, browser type, device information, operating system, and website usage data collected via cookies and tracking technologies (see Section 9).
We use your personal data for the following purposes:
Service Delivery: To provide and manage sessions (1:1 and group), practitioner trainings, certifications, and mentorship programs. Legal basis: Performance of a contract.
Payment Processing: To process payments, issue invoices, and prevent fraudulent transactions. Legal basis: Performance of a contract and legal obligation.
Health & Safety Screening: To assess your fitness to participate in sessions and trainings involving physical touch and intense somatic work. Legal basis: Explicit consent (special category data).
Certification Management: To manage practitioner certification records, directory listings, and certification status verification. Legal basis: Performance of a contract and legitimate interest.
Communications: To send session reminders, training updates, mentorship scheduling, and operational communications directly related to services you have enrolled in. Legal basis: Performance of a contract.
Marketing Communications: To send information about future trainings, events, and offerings via email, SMS, or WhatsApp. Legal basis: Consent. You may withdraw consent at any time (see Section 7).
Website Improvement: To analyze website traffic and usage patterns to improve our services and user experience. Legal basis: Legitimate interest (with consent for non-essential cookies — see Section 9).
Legal & Compliance: To comply with applicable laws, enforce our Terms of Service and Practitioner Agreement, and protect our legal rights. Legal basis: Legal obligation and legitimate interest.
Health and wellness data collected through intake forms and screening questionnaires is classified as special category data under the EU General Data Protection Regulation (GDPR) and equivalent laws.
We process this data only with your explicit consent, which is obtained through the intake and screening process before any session or training.
Health data is:
Used solely for the purpose of assessing your fitness to participate and ensuring your safety;
Accessible only to authorized personnel directly involved in your session or training;
Not used for marketing purposes or shared with third parties (except where required by law or in a medical emergency);
Retained for a maximum of three (3) years after your last interaction with us, unless a longer retention period is required by law; and
Deletable upon request, subject to any overriding legal obligations.
You may withdraw your consent to the processing of health data at any time by contacting [email protected]. Withdrawal of consent may result in your inability to participate in sessions or trainings, as health screening is a mandatory safety requirement.
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Our standard retention periods are:
Training & certification records: Duration of your certification plus seven (7) years (for legal and compliance purposes).
Payment and transaction records: Seven (7) years from the date of the transaction (for tax and accounting compliance).
Health & screening data: Three (3) years after your last session or training participation.
Communication records: Three (3) years after your last interaction with us.
Marketing preferences: Until you withdraw consent or unsubscribe.
Website analytics data: Twenty-six (26) months (in accordance with Google Analytics default settings).
After the applicable retention period expires, your data will be securely deleted or anonymized. If deletion is not immediately possible (for example, because data is stored in backup systems), we will securely isolate the data and cease all active processing until deletion is possible.
We do not sell your personal data to third parties. We share your data only with the following categories of recipients, all of whom are bound by data processing agreements and/or equivalent contractual protections:
Service Providers:
GoHighLevel (CRM, email, SMS, training portal) — United States
Wazzap (WhatsApp business integration) — processes messages on our behalf
Stripe (payment processing) — United States / Global
PayPal (payment processing) — United States / Global
Google Analytics (website analytics) — United States
Meta / Facebook (advertising pixel) — United States
Professional Advisors: Legal counsel, accountants, and auditors as necessary for business operations and compliance.
Legal & Regulatory: Government authorities or law enforcement where required by law, regulation, or valid legal process.
We require all third-party service providers to process your data only on our instructions and in compliance with applicable data protection laws. We maintain data processing agreements with our key service providers in accordance with GDPR Article 28.
We may send you marketing communications about future trainings, events, and offerings via email, SMS, or WhatsApp. We will only do so where we have your consent or, for existing clients, where we have a legitimate interest and you have not opted out.
You can opt out of marketing communications at any time by:
Clicking the "unsubscribe" link in any marketing email;
Replying "STOP" to any SMS marketing message;
Replying "STOP" to any WhatsApp marketing message;
Contacting us at [email protected].
Opting out of marketing communications does not affect operational communications related to your active enrollment, certification, or session bookings.
WhatsApp Communications: We use WhatsApp for business communications only where you have explicitly opted in to receive messages via WhatsApp. Your WhatsApp opt-in data and consent will not be shared with any third parties under any circumstances.
SMS Communications: No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. SMS originator opt-in data and consent will not be shared with any third parties.
Your personal data may be transferred to, stored in, and processed in the United States and other countries where we or our service providers operate. These countries may have data protection laws that differ from the laws of your country of residence.
Where we transfer personal data from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we rely on the following safeguards:
Standard Contractual Clauses (SCCs) approved by the European Commission;
Data Processing Agreements with all service providers; and
Where applicable, the service provider's participation in recognized data transfer frameworks.
By participating in Vadma activities, you acknowledge that your data may be processed in the United States and other jurisdictions as described above.
Our website uses cookies and similar tracking technologies to improve your browsing experience and to analyze website traffic.
Essential Cookies: Required for the website to function properly (e.g., session management, security). These do not require consent.
Analytics Cookies: Used to understand how visitors interact with our website (Google Analytics). These collect anonymized usage data including pages visited, time on site, and referring URLs.
Marketing Cookies: Used to deliver relevant advertising and track the effectiveness of our marketing campaigns (Meta/Facebook Pixel).
For visitors from the EEA, UK, and other jurisdictions requiring prior consent: Non-essential cookies (analytics and marketing) are only activated after you have provided your consent through our cookie consent banner. You may withdraw your consent or modify your cookie preferences at any time through the cookie settings on our website.
For all visitors: You can control cookies through your browser settings. Disabling certain cookies may affect website functionality.
Our services are intended for individuals aged eighteen (18) years and older. We do not knowingly collect personal data from anyone under the age of 18.
If we become aware that we have inadvertently collected personal data from a person under 18, we will take prompt steps to delete such data. If you believe that a minor's data has been collected by us, please contact us immediately at [email protected].
We implement reasonable technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, loss, or destruction. These measures include:
Encrypted data transmission (SSL/TLS) on our website;
Access controls limiting data access to authorized personnel;
Secure third-party service providers with data processing agreements; and
Regular review of our data handling practices.
No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
In the event of a personal data breach that poses a high risk to your rights and freedoms, we will:
Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required by applicable law; and
Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
Notification will include the nature of the breach, the likely consequences, and the measures taken or proposed to address the breach.
Depending on your jurisdiction, you may have the following rights regarding your personal data:
For all users:
Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your personal data, subject to legal retention requirements.
Opt-out: Opt out of marketing communications at any time.
Additional rights for EEA, UK, and Swiss residents (GDPR / UK GDPR):
Data Portability: Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
Restriction: Request restriction of processing in certain circumstances (e.g., while we verify accuracy of disputed data).
Objection: Object to processing based on legitimate interest, including profiling.
Withdraw Consent: Where processing is based on consent, withdraw consent at any time without affecting the lawfulness of prior processing.
Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
Additional rights for California residents (CCPA / CPRA):
Right to Know: Request disclosure of the categories and specific pieces of personal information collected about you.
Right to Delete: Request deletion of your personal information, subject to certain exceptions.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
Do Not Sell: We do not sell your personal information.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. The "Last Updated" date at the top of this page indicates the most recent revision.
For material changes, we will use reasonable efforts to notify active participants via email or platform notification. Continued use of our services after the posting of an updated Privacy Policy constitutes your acknowledgment of the changes.
For any questions, concerns, or requests regarding this Privacy Policy or your personal data:
Privacy Contact: [email protected]
Mail: Vadma LLC 447 Broadway, 2nd Floor, 1312 New York, NY 10013, USA