Privacy Policy

Last Updated: March 29th, 2026

1. Introduction

This Privacy Policy describes how Body-Led Living LLC (“I,” “me,” or “my”) collects, uses, discloses, and protects the personal data of individuals (“you” or “consumers”) who visit my website, use my booking platform, or engage my somatic healing services. I am committed to protecting your privacy in compliance with applicable laws, including the Colorado Privacy Act (CPA), C.R.S. § 6-1-1301 et seq., and its implementing rules (4 CCR 904-3).

Body-Led Living LLC is a Colorado limited liability company offering somatic healing services — body-oriented support designed to help regulate and support the nervous system. I am a trauma-trained somatic practitioner and a managing member of Body-Led Living LLC. I am not a licensed therapist, psychologist, counselor, or medical professional. My services do not constitute therapy, psychotherapy, medical advice, diagnosis, or treatment of any kind.

By using my website, booking platform, or services, you acknowledge that you have read and understood this Privacy Policy.

2. Who I Am (Data Controller Information)

Alyssa Hill, Owner

Body-Led Living LLC

Contact Email: alyssa@bodyledliving.com

As the data controller, I determine the purposes and means of processing your personal data. If you have questions about this policy or my data practices, please contact me using the information above.

3. Personal Data I Collect

I collect various categories of personal data depending on how you interact with me and my business. Below is a detailed description of the data I collect, the sources, and the purposes for collection.

3.1 Information You Provide Directly

  • Identity and Contact Information: Full name, email address, phone number, mailing address, and preferred pronouns.
  • Booking and Scheduling Information: Appointment dates, times, session preferences, time zone, and scheduling history collected through my booking platform.
  • Intake and Session-Related Information: Responses to intake questionnaires, session goals, areas of concern, relevant personal history you voluntarily share, session notes, and progress observations. This may include information related to your physical or emotional wellbeing that you choose to disclose.
  • Payment and Billing Information: Credit or debit card details, billing address, transaction records, and payment history. Note: Payment card data is processed by my third-party payment processor and is not stored on my servers.
  • Communications: Emails, messages sent through my booking platform, and any other written correspondence between you and me.
  • Feedback and Testimonials: Reviews, testimonials, or feedback you voluntarily provide, including any consent to publish such content.

3.2 Information Collected Automatically

  • Device and Browser Information: IP address, browser type and version, operating system, device type, screen resolution, and unique device identifiers.
  • Usage Data: Pages visited, time spent on pages, links clicked, referring URLs, and navigation patterns on my website and booking platform.
  • Cookies and Tracking Technologies: I use cookies, pixels, and similar technologies to facilitate website functionality, remember preferences, and analyze site traffic. See Section 9 (Cookies and Tracking Technologies) for more details.
  • Log Data: Server logs that record access times, error logs, and request data.

3.3 Information from Third Parties

  • Zoom: If you attend sessions via Zoom, Zoom may share usage data, connection quality metrics, and meeting metadata with me. I do not record sessions unless you provide explicit written consent.
  • Payment Processors: My payment processor may share transaction confirmation data, billing address verification, and fraud detection information.
  • Analytics Providers: Third-party analytics services may provide aggregated and de-identified data about website visitors.

You may withdraw your consent at any time by contacting me. Withdrawal of consent does not affect the lawfulness of processing performed prior to withdrawal, and may limit my ability to continue providing services.

3.4 Sensitive Data

Certain information you share with me through intake forms or during sessions may constitute "sensitive data" under the Colorado Privacy Act. This primarily includes information related to your physical and mental health, such as current or past health conditions, previous injuries or accidents, and any relevant medical history that helps me tailor my somatic healing work to your needs.

4. How I Use Your Personal Data

I process your personal data for the following purposes:

4.1 To Provide My Services

  • Scheduling and managing your somatic healing sessions via my booking platform
  • Conducting body-oriented support sessions via Zoom video conferencing
  • Maintaining session notes and tracking your progress toward session goals
  • Communicating with you about appointments, session preparation, and follow-up

4.2 To Process Payments

  • Processing session fees and issuing receipts or invoices
  • Managing refunds, cancellations, and payment disputes

4.3 To Improve My Services

  • Analyzing usage patterns on my website and booking platform to improve user experience
  • Gathering feedback to enhance the quality of my services
  • Troubleshooting technical issues

4.4 To Communicate with You

  • Responding to your inquiries and support requests
  • Sending appointment reminders and confirmations
  • Providing updates about changes to my services, policies, or terms
  • Sending marketing communications (only with your prior opt-in consent)

4.5 To Comply with Legal Obligations

  • Fulfilling tax reporting and record-keeping requirements
  • Responding to lawful requests from law enforcement or regulatory authorities
  • Establishing, exercising, or defending legal claims

4.6 To Protect Safety and Security

  • Detecting, preventing, and responding to fraud, security threats, or illegal activity
  • Ensuring the safety and integrity of my website and booking platform

5. Legal Bases for Processing

I process your personal data under the following legal bases:

  • Consent: For processing sensitive data, sending marketing communications, and any optional data collection activities. You may withdraw consent at any time.
  • Contractual Necessity: To perform my obligations under my service agreement with you, including scheduling sessions, processing payments, and providing somatic healing services.
  • Legitimate Interest: To improve my services, maintain the security of my platform, and communicate with you about your sessions, where such interests are not overridden by your fundamental rights and freedoms.
  • Legal Obligation: To comply with applicable laws, tax requirements, and regulatory obligations.

6. Your Rights Under the Colorado Privacy Act

If you are a Colorado resident, you have the following rights under the CPA:

6.1 Right to Access

You have the right to confirm whether I am processing your personal data and to access the specific personal data I hold about you.

6.2 Right to Correction

You may request that I correct inaccurate personal data, taking into account the nature of the data and the purposes for processing.

6.3 Right to Deletion

You may request that I delete personal data I have collected from or about you, subject to certain legal exceptions (such as data required for legal compliance or to complete a transaction you requested).

6.4 Right to Data Portability

You have the right to obtain a copy of the personal data you previously provided to me in a portable, readily usable format that allows you to transmit the data to another entity.

6.5 Right to Opt Out

You may opt out of the processing of your personal data for purposes of:

  • Targeted advertising
  • The sale of personal data
  • Profiling in furtherance of decisions that produce legal or similarly significant effects

6.6 Universal Opt-Out Mechanism

I honor universal opt-out mechanisms, including Global Privacy Control (GPC) signals, as required by the CPA. If I detect a recognized universal opt-out signal from your browser or device, I will treat it as a valid opt-out request for targeted advertising and the sale of personal data.

6.7 How to Exercise Your Rights

To exercise any of these rights, please contact me at alyssa@bodyledliving.com. I will respond to your request within forty-five (45) days. If I need additional time, I will notify you of an extension of up to an additional forty-five (45) days. I will verify your identity before fulfilling your request. If I decline your request, you have the right to appeal my decision by contacting me at alyssa@bodyledliving.com, and I will respond to your appeal within forty-five (45) days.

6.8 Non-Discrimination

I will not discriminate against you for exercising your privacy rights. I will not deny you services, charge different prices, or provide a different level or quality of service because you exercised your rights under the CPA.

7. Rights for International Clients

Because I provide services to clients worldwide via Zoom, you may have additional rights under your local data protection laws. This may include rights under the European Union General Data Protection Regulation (GDPR), the UK Data Protection Act, Canada’s PIPEDA, Australia’s Privacy Act, or other applicable frameworks. I endeavor to honor the privacy rights of all clients regardless of location. If you are located outside of the United States, please contact me to discuss your specific rights.

International Data Transfers: If you are located outside of the United States, please be aware that your personal data will be transferred to and processed in the United States, where my business is based. I take reasonable steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which I process it.

8. Data Sharing and Disclosure

I do not sell your personal data. I share personal data only as described below:

  • Service Providers and Processors: I share data with trusted third-party service providers who assist me in operating my business, including my payment processor, email service provider, website hosting provider, and analytics services. These providers are contractually bound to use your data only for the purposes I specify and to maintain adequate security measures.
  • Zoom Video Communications: Session data (video, audio, chat during sessions) is transmitted through Zoom’s platform. Zoom’s processing of your data is governed by Zoom’s own privacy policy. I encourage you to review Zoom’s privacy practices.
  • Legal Requirements: I may disclose your personal data if required by law, court order, subpoena, or other legal process, or if I believe in good faith that disclosure is necessary to protect my rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
  • Professional Consultation: In limited circumstances, I may consult with other professionals (such as supervisors or peer consultants) about my work in a way that uses de-identified information only, meaning no personally identifiable details about you are shared.
  • Business Transfers: If my business is sold, merged, or otherwise transferred, your personal data may be part of that transaction. I will notify you of any change in ownership or control of your personal data.
  • With Your Consent: I may share your data in other circumstances if you have given explicit consent.

9. Cookies and Tracking Technologies

9.1 Types of Cookies I Use

  • Essential Cookies: Required for the basic functionality of my website and booking platform, such as maintaining your session while booking an appointment. These cannot be disabled.
  • Analytics Cookies: Help me understand how visitors interact with my website by collecting information about pages visited, time on site, and navigation paths. These are used only with your consent.
  • Functional Cookies: Remember your preferences (such as language or time zone) to enhance your experience. These are used only with your consent.

9.2 Managing Your Cookie Preferences

You can manage your cookie preferences through the cookie consent banner displayed when you first visit my website. You can also adjust your browser settings to refuse or delete cookies. Please note that disabling essential cookies may impact the functionality of my website and booking platform.

10. Data Retention

I retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Session and Client Records: Retained for a period of 7 years after the conclusion of our professional relationship, consistent with applicable record-keeping requirements.
  • Payment Records: Retained as required by tax and financial reporting laws (generally 7 years).
  • Website Analytics Data: Retained in aggregated or de-identified form for up to 26 months.
  • Marketing Consent Records: Retained for as long as you remain subscribed, plus a reasonable period thereafter to document your consent history.

When personal data is no longer needed, I securely delete or de-identify it.

11. Data Security

I implement reasonable administrative, technical, and physical safeguards to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest where applicable
  • Secure access controls and authentication for my booking platform
  • Regular security assessments of my systems
  • Limited access to personal data on a need-to-know basis
  • Use of reputable, security-certified third-party service providers

While I strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. I cannot guarantee absolute security, but I am committed to promptly addressing any data security incident in accordance with Colorado law.

12. Children’s Privacy

My services are not directed to individuals under the age of eighteen (18). I do not knowingly collect personal data from minors. If I become aware that I have collected personal data from a minor without appropriate consent, I will take steps to delete that information promptly. If you believe I may have collected data from a minor, please contact me immediately.

In accordance with the CPA’s enhanced protections for minors (effective October 1, 2025), if I know or have reason to believe that a consumer is a minor, I will use reasonable care to avoid any heightened risk of harm and will not process their data for targeted advertising, sale, or profiling without opt-in consent.

13. Third-Party Links and Services

My website and communications may contain links to third-party websites, platforms, or services (including Zoom, payment processors, and social media platforms). This Privacy Policy does not apply to those third parties. I encourage you to review the privacy policies of any third-party services you use in connection with my services.

14. Data Protection Assessment

As required by the CPA, I conduct data protection assessments for processing activities that present a heightened risk of harm to consumers. These assessments evaluate the benefits and risks of processing, including risks to consumer rights, and identify safeguards to mitigate those risks. Documentation of these assessments is maintained internally and may be submitted to the Colorado Attorney General upon request.

15. Changes to This Privacy Policy

I may update this Privacy Policy from time to time to reflect changes in my practices, technology, legal requirements, or other factors. When I make material changes, I will:

  • Post the updated policy on my website with a revised “Last Updated” date
  • Notify you via email or through my booking platform if the changes materially affect how I handle your personal data
  • Obtain your consent for any new processing activities that require consent under applicable law

I encourage you to review this Privacy Policy periodically.

16. Contact Me

If you have questions, concerns, or requests regarding this Privacy Policy or my data practices, please contact me:

Alyssa Hill, Owner

Body-Led Living LLC

Contact Email: alyssa@bodyledliving.com

This Privacy Policy is provided for informational purposes and is intended to help you understand my data practices. This document is not a substitute for legal advice. I strongly recommend consulting with a qualified attorney to ensure this policy complies with all applicable laws and regulations specific to your business.