Privacy Policy

The Nashville Healing Community A directory by Ohm Academy of Spiritual Healing

Effective Date: May 18, 2026 Last Updated: May 18, 2026

1. Introduction

This Privacy Policy explains how Timeless RN, PLLC, a Tennessee professional limited liability company doing business as Ohm Academy of Spiritual Healing and The Nashville Healing Community ("we," "us," "our"), collects, uses, shares, and protects information when you use The Nashville Healing Community website and services (the "Service"). By using the Service, you consent to the practices described in this Policy.

We respect the sensitivity of the healing community we serve. We do not sell your personal information. We do not run advertising. We collect the minimum we need to operate the directory.

If you have questions, contact us at OhmAcademy432@gmail.com or (615) 970-2015.

2. Information We Collect

2.1 Information You Provide

When you create a listing, we collect:

• Business name and practitioner name
• Modalities and self-selected practitioner badges
• Bio and description of services
• Contact information you choose to publish: email, phone, website, Instagram handle, Nashville neighborhood
• Payment information (handled by Stripe — see Section 4)

When you post a review, we collect:

• The name or initials you provide
• Your star rating, the service you reference, and your written review

When you post an event (paid practitioners only), we collect:

• Event title, description, date, time, location, and your associated listing

When you sign in as admin, we collect:

• Your email address for magic-link authentication
• Sign-in timestamps and session metadata

When you contact us, we collect:

• The content of your message and any contact info you share

2.2 Information Collected Automatically

When you visit the Service, our hosting provider and analytics tools may automatically collect:

• IP address and approximate geographic region
• Browser type, operating system, device type
• Pages visited, referring URL, session duration
• Date and time of your visits

We use this information for security, analytics, and to improve the Service. We do not use it to build advertising profiles.

2.3 Cookies & Similar Technologies

We use a minimal number of cookies, including:

• Essential cookies for session management, authentication, and security
• Analytics cookies (if used) to understand site usage in aggregate

We do not use cross-site tracking cookies or third-party advertising cookies. You can configure your browser to refuse cookies, but doing so may limit the functionality of the Service.

3. How We Use Information

We use the information we collect to:

• Operate, maintain, and improve the Service
• Publish listings, reviews, and events as part of the directory
• Process payments for listings
• Communicate with you about your listing (approval, expiration, renewal, moderation)
• Send service-related notifications (we do not send marketing emails without consent)
• Moderate content and enforce our Terms of Service and Community Guidelines
• Detect, prevent, and address fraud, abuse, and security issues
• Comply with our legal obligations

4. Payment Information

Payments are processed by Stripe, Inc. ("Stripe"). When you pay for a listing, you provide your payment information directly to Stripe. We do not see, store, or have access to your full credit/debit card number, CVC, or bank account details.

We receive only limited information from Stripe, such as:

• Confirmation of successful payment
• The last 4 digits of your card (for our records)
• Your Stripe customer ID
• Your name and email as you entered them at checkout

Stripe's handling of your payment data is governed by Stripe's Privacy Policy: https://stripe.com/privacy.

5. How We Share Information

We do not sell your personal information. We share information only as follows:

5.1 Publicly Visible Information

Any information you publish to your listing, review, or event is public by design. Anyone with internet access can see it. This includes:

• Your business name, practitioner name, bio, services, badges, modalities, neighborhood, and any contact methods you chose to publish
• Your reviews (name/initials as provided, rating, text)
• Your events (title, date, location, description)

Be intentional about what you publish. If you do not want your phone number, email, or social handles publicly visible, do not include them in your listing.

5.2 Service Providers

We share limited information with vendors that help us operate the Service:

• Stripe — payment processing
• Supabase — database and authentication hosting
• Vercel (or similar) — website hosting
• [Email provider, e.g., Resend] — transactional email (listing approval, renewal reminders)
• [Analytics provider, if used] — aggregate site analytics

These vendors are contractually bound to protect your information and to use it only to provide their services to us.

5.3 Legal Requirements

We may disclose information if required by law, subpoena, court order, or government request, or if we believe in good faith that disclosure is necessary to:

• Comply with legal process
• Protect the rights, property, or safety of us, our users, or the public
• Investigate suspected fraud or violation of our Terms

5.4 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you (e.g., by a notice on the Service) if such a transfer occurs and your information becomes subject to a different privacy policy.

6. Data Retention

• Active listings are retained for as long as the listing is active plus a reasonable period thereafter for business records and to handle disputes.
• Expired or rejected listings may be retained in our archives indefinitely for record-keeping, fraud prevention, and legal compliance, but are removed from public view.
• Reviews remain on the Service as long as the associated listing is published. If a listing is removed, its reviews may be removed with it.
• Payment records are retained as required by tax and accounting laws (typically 7 years).
• Server logs are typically retained for 30–90 days.

If you want your data deleted, see Section 8 below.

7. Security

We take reasonable measures to protect your information, including:

• HTTPS encryption for all traffic to and from the Service
• Database access secured via Supabase with Row-Level Security policies
• Admin access protected by magic-link authentication and an authorized-email allowlist
• Payment data handled exclusively by Stripe, which is PCI-DSS compliant

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security. If we become aware of a data breach affecting your personal information, we will notify you as required by Tennessee law and applicable federal law.

8. Your Choices & Rights

You can:

• Update your listing by contacting us at OhmAcademy432@gmail.com. Self-edit functionality may be added in future versions of the Service.
• Remove your listing at any time by contacting us. Listing fees are non-refundable per the Terms of Service.
• Request a copy of the personal information we hold about you by emailing OhmAcademy432@gmail.com.
• Request deletion of your personal information, subject to our legal record-keeping obligations.
• Opt out of non-essential emails by replying to any email or contacting us. Service-related emails (renewal reminders, security notices) cannot be opted out of as long as you have an active listing.

We will respond to verifiable requests within thirty (30) days.

State-Specific Rights

Depending on where you live, you may have additional rights under state privacy laws (e.g., California's CCPA/CPRA, Virginia's CDPA, Colorado's CPA). If you believe you have rights under such a law and we are subject to it, please contact us. We will determine whether the law applies and respond accordingly. Note: We are a small Tennessee-based service and may not be subject to all state privacy laws, but we honor reasonable requests where possible.

9. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, contact us and we will delete it.

Practitioners may not market their services to minors through the Service, and may not list services targeted at minors.

10. International Visitors

The Service is operated from the United States. If you access it from outside the U.S., be aware that your information will be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your country.

11. Do Not Track

Some browsers offer a "Do Not Track" signal. Because there is no industry-standard interpretation of this signal, we do not currently respond to it. We do not use cross-site tracking regardless.

12. Health & Wellness Information Disclaimer

When you write a review or send us a message, please do not include sensitive health information (such as specific medical diagnoses, mental health crisis details, or other protected health information). We are not a healthcare provider operating in that capacity here, and we are not a "covered entity" under HIPAA. Information you share with us is not protected by HIPAA.

If you need to share sensitive health information with a practitioner, do so directly with that practitioner — not through the public Service.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this page indicates when the latest changes were made. Material changes will be communicated by email to Listed Practitioners where reasonably possible. Continued use of the Service after changes are posted constitutes acceptance.

14. Contact Us

For privacy questions, requests, or concerns:

Timeless RN, PLLC d/b/a Ohm Academy of Spiritual Healing Attn: Privacy 4909 Alabama Avenue Nashville, Tennessee 37209 Email: OhmAcademy432@gmail.com Phone: (615) 970-2015

⚠️ Attorney Review Recommended Before Launch. This draft is tailored to The Nashville Healing Community but is not a substitute for legal counsel. Before publishing, have a licensed Tennessee attorney review it with attention to: (1) the Tennessee Information Protection Act (effective July 2025) and whether any of its provisions apply to your data volume; (2) any required disclosures for residents of other states (California CCPA/CPRA, Virginia CDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA) if your traffic suggests broader applicability; (3) cookie consent banner requirements if you serve EU visitors (GDPR); (4) data retention periods in light of your bookkeeping practices and Tennessee law; (5) breach notification procedures; and (6) the exact list of subprocessors named in Section 5.2 once vendors are finalized.