Privacy-first practices for entrepreneurs

Overview

This Privacy Policy explains how Solthira (wsotira.club) collects, uses, discloses and protects personal data of participants, visitors and clients in our spiritual leadership offerings. The policy focuses on practical scenarios: sign-ups for workshops, case-study participation, client coaching records, and community interactions. Our approach emphasizes transparency and practical examples so entrepreneurs and business owners can understand how their information supports program delivery, community safety and administrative needs.

16-03-2026 Solthira, wsotira.club — Saint George Street, Lindsay ON K9V, Canada — Business ID 044374749 — Phone +14169733026 Saint George Street, Lindsay ON K9V, Canada [email protected]
01

Definitions

To make the policy clear in real-world terms, this section defines common terms used throughout. Each definition is illustrated with a short example relevant to entrepreneurs: e.g., when you register for a cohort or submit a case study for review.

Personal data means any information that identifies or can identify an individual. Example: name, email, phone number and business details you provide when enrolling in a workshop or submitting a leadership case for group review. Processing refers to any operation performed on personal data, such as collection, recording, organization, consultation in mentoring sessions, analysis for program improvement, secure storage and deletion when no longer required. User is any visitor, participant, or client who interacts with Solthira services on wsotira.club. Example users include founders joining a monthly cohort, business owners submitting scenario worksheets, and newsletter subscribers. Service means the programs, workshops, online content and community offerings provided by Solthira, including case-study sessions, coaching, downloadable toolkits and email communications. Cookies are small data files placed on your device to enable core site functions, remember preferences and measure engagement with pages describing case studies, schedules and program materials.
02

What data we collect

We collect data to operate programs, safely host case discussions, and to evaluate and improve our offerings. The following items are examples of data collected directly from users, automatically, and via trusted third parties.

Data you provide directly

When you register, contact us, submit a case or join a cohort, you may provide the following types of information. Each item includes a short practical example of use.

  • Contact information: full name and email for account creation and workshop access.
  • Business details: company name, role and industry to tailor scenarios and group matches.
  • Payment information: billing name and transaction details processed by our payment provider to enroll in paid programs (we do not store full card details on our systems).
  • Submitted materials: case studies, strategic worksheets and reflective exercises shared for coaching and group feedback.
  • Communication preferences: newsletter opt-in choices and event reminders used to send relevant program updates.
  • Support requests and correspondence: messages platform with our team to resolve scheduling, technical or content issues.

Automatically collected data

We collect technical data automatically to operate the site, secure accounts, and understand how participants use program resources. Examples illustrate typical automatic data collection scenarios.

  • Log data: access times and pages visited when you view a case study or download a toolkit.
  • Device and browser information: device type and browser to ensure workshop platforms and materials display correctly.
  • IP address and approximate location: used for fraud prevention and to schedule live sessions within appropriate time zones.
  • Usage analytics: aggregated metrics on lesson completion and engagement with scenario exercises to improve content.
  • Cookies and similar technologies: session cookies to keep you logged in during workshops and preference cookies for language or layout.
  • Error and performance data: crash reports when a webinar tool fails so we can troubleshoot technical issues.

Third-party sources

We may receive information about you from trusted partners to provide better service. Examples are listed below to show typical data flows and their practical role in program delivery.

  • Payment processors: transaction confirmation and limited billing details needed to manage enrollment.
  • Email service providers: delivery status and engagement metrics to manage newsletters and event reminders.
  • Analytics providers: aggregated site usage statistics that help improve case materials and workshop structure.
03

Why we collect data

We use personal data for operational, legal and improvement purposes. Below are concrete use-cases tied to our programs and business services.

  • Program delivery: register participants, grant access to cohort sessions and distribute case-study materials.
  • Customer support: respond to scheduling requests, troubleshoot access issues and manage refunds or rescheduling.
  • Content improvement: analyze engagement with workshops and scenarios to refine exercises and tools.
  • Billing and records: process subscriptions, invoices and maintain transactional records for accounting and tax purposes.
  • Security and fraud prevention: monitor logins and transactions to detect suspicious activity and protect community integrity.
  • Legal compliance: respond to lawful requests from authorities and maintain records required by applicable law.
  • Community management: moderate forums, manage participant consent for case-study use and handle reports of policy violations.
  • Research and aggregated insights: produce anonymized summaries of leadership trends for internal curriculum planning and non-identifying publications.

Legal basis for processing

Where applicable under privacy laws, we rely on specific legal bases to process personal data. Below are typical bases tied to program scenarios.

  • Contractual necessity: processing required to fulfill enrollment, deliver services and manage billing.
  • Consent: for marketing communications, event recordings and optional uses of submitted case material.
  • Legitimate interests: to secure services, prevent fraud and analyze non-identifiable usage patterns for program improvement.
  • Compliance with legal obligations: processing required to meet regulatory or tax obligations.

GDPR and rights for European residents

For individuals in the European Economic Area, we describe rights and practical steps to exercise them. Examples include requesting copies of coaching notes or asking that community posts not be used in future materials.

  • Right of access: you can request a copy of personal data we hold, such as your registration details and submitted case materials.
  • Right to rectification: if your contact or business details are incorrect we will correct them upon request.
  • Right to erasure: you may request deletion of your account and associated personal data where retention is not required for legal reasons; we will explain practical implications for program continuity.
  • Right to restrict processing: you can ask us to limit certain uses of your data, for example pausing marketing communications while retaining service access.
  • Right to data portability: where feasible, we will provide a machine-readable copy of data you supplied, such as case submissions and profile details.
  • Right to object: you may object to direct marketing or processing based on legitimate interests; we will evaluate and respond with practical steps.
04

Cookies and tracking

Cookies support site functionality and user experience. Below we explain cookie types, categories and how to manage them with examples tailored to workshop interactions.

Typical cookie types include session cookies (keep you logged into a cohort), persistent cookies (remember language/preferences), and analytics cookies (measure page visits for case-study content).

Categories: strictly necessary cookies for site operation; performance and analytics cookies to improve materials; and optional marketing cookies used only with consent for event promotion.

Manage cookies via your browser settings or the preferences control on wsotira.club. For example, disabling analytics cookies will not prevent access to core workshop pages but may limit personalized recommendations.

Detailed cookie settings and policy

When we share data

We share personal data only as necessary to deliver services, comply with law, or with your consent. Each sharing scenario below includes a use-case to clarify purpose.

  • Service providers: to process payments, host webinars, and send emails (e.g., payment gateways and webinar platforms).
  • Professional advisors: accountants or legal advisors who support business operations under confidentiality.
  • Event partners: when co-hosting sessions, limited data (name, email) is shared with explicit consent to coordinate logistics.
  • Legal authorities: where required to comply with court orders or legal obligations, with disclosure kept to the minimum necessary.
  • Aggregated reports: anonymized summaries of participant outcomes or engagement used for curriculum development and non-identifying publications.
  • Successor organizations: in the event of a merger or sale, data necessary for continuity of service may be transferred under confidentiality terms.

International transfers

Some service providers we use may process data outside Canada. When that happens we apply contractual safeguards and assess transfer risks. Example: webinar hosting may employ servers in another country to deliver live sessions.

Safeguards include standard contractual clauses, relying on providers with recognized privacy frameworks, and limiting transfers to the minimum data required to deliver services.

Data retention

Retention periods depend on the type of data and the purpose. Below are practical retention rules tied to program scenarios like account maintenance and coaching records.

Account information is retained for as long as your account is active. Inactive accounts are subject to review and potential deletion after a reasonable period unless retention is required for legal or administrative reasons.

Support tickets and correspondence are kept for up to two years to ensure continuity in case of follow-up issues and to learn from support patterns.

System logs and analytics are retained in aggregated or pseudonymized form for up to 24 months to improve workshop design and platform stability.

When you request deletion, we remove personal identifiers from active systems and retain only the minimum records necessary for legal or tax obligations, informing you of any practical effects on program access.

Security

We apply practical technical and organizational measures to protect data, balancing usability and safety for small business owners and entrepreneurs. Examples include encrypted backups for case files and access controls for coaching notes. Our security posture is reviewed periodically and adjusted to operational realities.

  • Access controls: role-based permissions for team members who manage cohorts and content.
  • Encryption: encryption in transit (TLS) and encrypted backups for stored materials and sensitive records.
  • Operational reviews: periodic audits and incident response procedures tailored to protect participant data and community trust.
05

Your rights

You have rights to manage your personal data, and we provide practical steps to exercise them. Below are typical actions and what to expect when you request them.

  • Access and portability: request copies of your data (profile, submitted case studies, transaction history) and receive them in a machine-readable format where feasible.
  • Rectification and update: notify us of changes to your contact details or business information so program materials and communication remain accurate.
  • Erasure and restriction: request deletion or restriction of processing; we will explain implications such as losing access to paid cohorts or archived case feedback.
  • Opt-out and withdraw consent: opt out of marketing communications or withdraw consent for optional uses of your materials; core service processing required for program delivery may continue under contractual necessity.
  • Right to restriction of processing — you may request that we limit how we use specific personal data while a dispute about accuracy or lawfulness is resolved; we will evaluate and respond based on the nature of the request and applicable law.
  • Right to data portability — where technically feasible and applicable, you can request a copy of personal data you provided to Solthira in a structured, commonly used, machine-readable format for transfer to another service provider.
  • Right to object to processing — you can object to certain processing activities such as direct marketing or processing based on legitimate interests; we describe how objections are handled and the practical steps in the request process.
  • Right to withdraw consent — when processing is based on consent, you may withdraw that consent at any time; withdrawal does not affect processing that occurred prior to the withdrawal.

How to exercise your privacy rights

To make a request to access, correct, delete, restrict, or obtain a portable copy of your personal information, contact Solthira by email at [email protected] or by mail to Saint George Street, Lindsay ON K9V, Canada. In practice: example case — an entrepreneur requests a data export to move coaching history to another provider; we verify identity, prepare a structured export, and outline any records we cannot export for legal reasons. Provide a clear description of your request and any supporting details to help us locate records. We may ask for additional information to confirm your identity before fulfilling requests.

[email protected]

We aim to acknowledge requests within 5 business days and typically provide a substantive response within 30 calendar days of verification. For complex requests or where additional information is required, we will inform you of a reasonable extension and the reason for it.

Marketing communications and preferences

Solthira sends marketing updates about workshops, case-study webinars, and new coaching modules only with explicit consent or where we have another lawful basis. Marketing messages include practical scenarios and case-based invitations tailored for entrepreneurs and business owners. When a user subscribes, we record consent and preferred topics to improve relevance.

Every marketing message includes an unsubscribe link. You can also change preferences by emailing [email protected] or using the account settings on wsotira.club. Example scenario: a business owner unsubscribes from event notices but keeps receiving leadership case study briefings — we update the preference within a few business days.

Children and personal data

Solthira does not direct services to children nor knowingly collect personal data from individuals under 16. If a parent or guardian believes we have collected data about a child in error, contact [email protected] with details and we will take reasonable steps to verify and remove such data. Example case: a minor signs up for a free webinar using a parent’s account — we will coordinate with the account holder to correct or remove the record.

Third-party links and services

Our site and services may contain links to third-party platforms (payment processors, analytics, content hosts). Clicking those links may send data directly to the third party. Example scenario: a client registers for a paid retreat and pays through a third-party processor; payment details are handled by the processor according to its privacy policy. Solthira is not responsible for third-party practices; we recommend reviewing their privacy terms before providing personal data.

Changes to this privacy policy

Solthira may update this privacy policy to reflect new practices, technologies, or legal requirements. The policy version effective date is shown at the top. Example: an update on 25-04-2026 added clearer procedures for data portability requests. Significant changes will be communicated by email to account holders or via a notice on wsotira.club.