Privacy Policy

Effective Date: November 15, 2025
Website: www.pranara.me
Contact: support@pranara.me

1. INTRODUCTION

This Privacy & Data Protection Policy (“Policy”) explains how Pranara.me (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit our website, create an account, or use our marketplace platform connecting wellness professionals (“Sellers”) and clients (“Buyers”).

Pranara.me is committed to complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the UK Data Protection Act, and relevant Payment Services Directive 2 (PSD2) and Strong Customer Authentication (SCA) standards.

By using the Platform, you consent to the collection and use of your personal data in accordance with this Policy.

2. DATA CONTROLLER

Pranara.me is the data controller responsible for determining the purposes and means of processing your personal data.

Contact: support@pranara.me

If you reside in the EU/EEA or UK, you may contact us regarding any GDPR-related concerns or data access requests.

3. DATA WE COLLECT

We collect personal and non-personal information to operate the Platform effectively:

3.1 Information You Provide

• Account details: name, email address, phone number, profile photo.
• Payment data: processed securely by third-party payment processors (we do not store full card details).
• Service data: service descriptions, reviews, messages, and session information.
• Communication: correspondence with us or with other users through the Platform.

3.2 Automatically Collected Information

• Device and browser data.
• IP address, location (approximate), and session logs.
• Cookies and similar tracking technologies (see Cookies Policy).

4. PURPOSES OF DATA PROCESSING

We process your personal data for the following purposes:

• To operate, maintain, and improve the Platform.
• To create and manage user accounts.
• To process payments and ensure SCA-compliant authentication.
• To match Buyers with Sellers.
• To provide customer support and resolve disputes.
• To comply with legal obligations, including PSD2 anti-fraud measures.
• To send administrative or promotional communications (with your consent).

5. LEGAL BASIS FOR PROCESSING (GDPR)

Under Article 6 of the GDPR, we rely on the following lawful bases:

• Contractual necessity: to provide services you request.
• Legitimate interest: to improve the Platform and ensure security.
• Legal obligation: to comply with applicable laws and payment regulations.
• Consent: where required (e.g., newsletters, marketing cookies).

6. PAYMENT SECURITY (PSD2 & SCA)

Pranara.me complies with Payment Services Directive 2 (PSD2) and Strong Customer Authentication (SCA) to ensure safe online transactions.

• All payments are processed via secure, PCI-DSS-compliant third-party providers.
• Two-factor authentication (2FA) or equivalent SCA mechanisms are implemented where required.
• Sensitive payment information (e.g., card numbers) is never stored on our servers.
• We perform anti-fraud and risk monitoring in accordance with PSD2 obligations.

7. DATA SHARING & THIRD PARTIES

We may share limited data with:

• Payment processors: to complete transactions securely.
• Analytics providers: (e.g., Google Analytics) to analyze site performance.
• Service providers: hosting, communication, and technical partners.
• Authorities: when required by law or to protect our legal rights.

We do not sell or rent personal data to third parties.

8. INTERNATIONAL DATA TRANSFERS

If your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) or transfers to countries with adequate protection levels recognized by the European Commission.

9. DATA RETENTION

We retain your data only as long as necessary:

• Account data: while your account is active.
• Transaction records: up to 7 years to comply with accounting and tax laws.
• Communications: as long as required for legitimate business interests.

Afterward, your data is securely deleted or anonymized.

10. YOUR RIGHTS UNDER GDPR

You have the following rights under the GDPR:

• Access: request a copy of your personal data.
• Rectification: correct inaccurate or incomplete information.
• Erasure (“Right to be Forgotten”): request deletion of your data.
• Restriction: limit certain types of processing.
• Portability: receive your data in a structured, machine-readable format.
• Objection: opt out of processing for legitimate interest or marketing.
• Withdraw consent: at any time, if processing is based on consent.

To exercise these rights, contact us at support@pranara.me.

11. DATA SECURITY

We use industry-standard technical and organizational measures to protect personal data, including:

• SSL encryption for data transmission.
• Secure password storage (hashed and salted).
• Access control and regular security audits.
• Continuous monitoring against unauthorized access or breaches.

In the unlikely event of a data breach, we will notify affected users and relevant authorities within 72 hours, as required by GDPR.

12. CHILDREN’S PRIVACY

Our Platform is not intended for children under 18. We do not knowingly collect data from minors. If you believe a child has provided us information, please contact us immediately.

13. UPDATES TO THIS POLICY

We may update this Policy periodically to reflect changes in technology, law, or our operations. Updates will be posted on this page with a revised “Effective Date.”

14. CONTACT INFORMATION

If you have any questions, complaints, or data protection requests, please contact our Data Protection Officer (DPO):
support@pranara.me
www.pranara.me