Privacy Policy

Last updated: 14.05.2026

This policy explains what information Kaaluna collects when you visit our website or sign up to our founding member program, why we collect it, who we share it with, and what your rights are. We have tried to keep it plain. If anything is unclear, please write to us at [email protected].

If there is any inconsistency between translated versions of this policy, the German version available at /datenschutz shall prevail for users located in German-speaking jurisdictions.

Kaaluna is currently operated jointly by:

Lena Reichwein, Elbestraße 15, 65604 Elz, Germany

Sumesh Peringeth, 55 Quach Giai, Ho Chi Minh City, Vietnam

For the purposes of the General Data Protection Regulation (GDPR), Lena and Sumesh act as joint controllers under Article 26 GDPR. They have agreed on their respective responsibilities for the protection of your personal data and have designated a single point of contact for you to exercise your rights.

For all privacy-related requests, please contact [email protected].

The essence of the joint controller arrangement is available on request.

We have not appointed a Data Protection Officer (Datenschutzbeauftragter), as the conditions requiring one under § 38 BDSG do not currently apply.

Kaaluna is presently in a pre-launch phase. At this stage, the website offers information, a waitlist, and founding member signup. No payments are processed and no marketplace, booking, or messaging features are active. As Kaaluna evolves, this policy will be updated to reflect any new processing activities, and material changes will be notified to you in advance.

When you sign up to our founding member program through the form on this website, we collect the information you provide:

• Your first name and, optionally, your last name
• Your email address
• Whether you are signing up as a Professional or as a Seeker
• For Professionals: your role categories (such as Facilitator, Healer, Coach, Host, or Speaker), your offerings (such as healing sessions, workshops, retreats, products, or speaking), and what you are looking for from Kaaluna (such as marketing support, new clients, community, venues, trainings, or speaking opportunities)
• For Seekers: your interests (such as finding a practitioner, retreats, events, community, or wellness products)
• Any additional information you choose to share in the optional “Other” field
• Whether you opted in to be featured as a founding member
• A record of your consent, including the time and method of confirmation

If you contact us by email, we hold the content of your message and your email address in order to reply.

When you visit the website, our hosting provider also automatically processes standard server data such as your IP address, the browser and device you use, the page you accessed, and the date and time of access. This is necessary to deliver the website to you and to protect it from abuse.

We do not currently use website analytics. If we add analytics in future, we will update this policy and ask for your consent before any non-essential data collection begins. Please see our Cookie Policy for more on the technologies we use on the site.

We use the information you provide to:

• Send you a confirmation email to verify your address (double opt-in)
• Keep you informed about Kaaluna’s development, launch milestones, and founding member matters
• Maintain records relating to founding member status and the associated benefits described at the time of signup
• For Professionals, evaluate whether your background and offerings fit the founding cohort
• Reply to any direct messages you send us

We do not use your information for any other purpose. We do not sell or share your personal data for marketing.

Under Article 6 GDPR, we process your personal data on the following bases:

• Your explicit consent, given by submitting the signup form and confirming your email address through the double opt-in link (Art. 6(1)(a) GDPR)
• Our legitimate interest in operating a secure, functional website (Art. 6(1)(f) GDPR), which applies to server log data
• Our legitimate interest in responding to you when you contact us (Art. 6(1)(f) GDPR)

If we ever rely on a different legal basis, for example to process a future paid transaction, we will tell you before that processing begins.

Your information is accessed by Lena and Sumesh in their roles as joint controllers, and by a small number of service providers we use to run Kaaluna. These act as processors under Article 28 GDPR, only on our instructions:

• [HOSTING PROVIDER, country] for website hosting
• [EMAIL / SMTP PROVIDER, country] for sending transactional and waitlist emails
• Baserow [self-hosted on our infrastructure / cloud-hosted, region] for storing signup records
• WordPress (self-hosted content management system)
• [Any other plugins or automation tools used to receive and process signups]

We have data processing agreements (Auftragsverarbeitungsverträge) in place with these providers where required by Article 28 GDPR.

Sumesh, as one of the joint controllers, accesses signup data from Vietnam. Some of our processors may also be based outside the European Economic Area, including in the United States.

Where personal data is transferred to a country that does not have an adequacy decision from the European Commission, the transfer is based on the EU Standard Contractual Clauses, together with any additional safeguards required by Chapter V GDPR. You can request a copy of the safeguards in place by writing to [email protected].

We keep your signup information until one of the following happens:

• You withdraw your consent, by writing to [email protected] or by replying to any of our emails
• Two years pass without any interaction with our emails or services
• You request deletion under Article 17 GDPR

After that, your record is deleted, subject to any limited retention required for legal or security purposes.

Server log data is held for a maximum of seven days, unless retention is needed to investigate a security incident.

The website uses a small number of technical cookies necessary for it to function. We do not currently use cookies for advertising, cross-site tracking, or analytics. For details, and for how to manage your preferences if and when we introduce any non-essential cookies, please see our Cookie Policy.

Under GDPR, you have the right to:

• Access the personal data we hold about you (Article 15)
• Have inaccurate data corrected (Article 16)
• Have your data deleted (Article 17)
• Restrict how we process your data (Article 18)
• Receive your data in a portable format (Article 20)
• Object to processing (Article 21)
• Withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal (Article 7(3))

To exercise any of these rights, please write to [email protected]. We aim to respond within thirty days.

If you believe we have handled your personal data improperly, you have the right to file a complaint with a supervisory authority. For Germany, the responsible authority depends on the state where the controller is based. A list of supervisory authorities is available at https://www.bfdi.bund.de.

If we change how we handle your information, we will update this page and revise the date at the top. Material changes will be communicated to existing founding members by email before they take effect.

For any questions about this policy or about how we handle your personal data, please write to [email protected].