All Within Logo

Privacy Policy

Things you need to know.

Privacy Policy

Last Updated: November 1, 2025

Welcome to All Within

At All Within, we exist to support the healing of all. We take your privacy seriously and are committed to transparency about how we collect, use, and protect your information. This Privacy Policy explains our practices in clear, straightforward language.

Our Core Promise: We will never sell your personal information. We collect only what we need to provide you with a safe, supportive community for exploring holistic healing.

QUICK SUMMARY

What We Collect:

  • Phone number (for secure login only)
  • Email address (for account notifications and newsletters)
  • Name and location (for your profile)
  • Healing experiences you choose to share
  • Basic usage data to improve our platform

How We Use It:

  • Authenticate your account securely
  • Send you important updates and newsletters you opt into
  • Display your healing experiences to help others
  • Improve our platform and services

What We Don't Do:

  • Sell or rent your personal information
  • Share your phone number with third parties for marketing
  • Use your data for purposes you haven't agreed to
  • Send unwanted marketing messages

TABLE OF CONTENTS

  1. Information We Collect
  2. Phone Number & SMS Communications
  3. How We Use Your Information
  4. How We Share Information
  5. Your Rights & Choices
  6. California Privacy Rights
  7. Data Security
  8. Data Retention
  9. Children's Privacy
  10. Cookies & Tracking
  11. Third-Party Services
  12. International Users
  13. Changes to This Policy
  14. Contact Us

1. INFORMATION WE COLLECT

Information You Provide Directly:

ACCOUNT INFORMATION (REQUIRED):

  • Phone number (for authentication)
  • Email address (for notifications and newsletters)
  • Full name
  • Location (city/state or general area)
  • Profile picture (optional)

HEALING EXPERIENCES & CONTENT:

  • Healing stories and experiences you share
  • Titles and descriptions you write
  • Practitioner recommendations (optional)
  • Comments and community interactions
  • Whether you choose to post anonymously (we still store your location for context)

COMMUNICATION WITH US:

  • Messages you send us
  • Feedback and survey responses
  • Support requests

Information We Collect Automatically:

USAGE INFORMATION:

  • Pages you visit on All Within
  • Time spent on our platform
  • Device type and browser information
  • IP address and general location
  • Referring websites

TECHNICAL INFORMATION:

  • Log data about your use of our services
  • Error reports and performance data
  • Cookies and similar technologies (see Section 10)

Information We DO NOT Collect:

  • Health diagnoses or medical conditions
  • Social Security numbers
  • Financial information (at this time)
  • Precise geolocation data (GPS)
  • Information from children under 18

2. PHONE NUMBER COLLECTION & SMS COMMUNICATIONS

How We Use Your Phone Number:

All Within collects your phone number SOLELY for account authentication and security purposes. We use SMS text messages to:

  • Verify your identity when you create an account
  • Send one-time passcodes (OTP) for secure login
  • Protect your account from unauthorized access
  • Provide account security notifications if suspicious activity is detected

What We DON'T Do with Your Phone Number:

  • WE DO NOT use your phone number for marketing or promotional messages
  • WE DO NOT share, sell, or rent your mobile information to third parties or affiliates for any marketing purposes
  • WE DO NOT send unsolicited messages beyond authentication requests that you initiate
  • WE DO NOT contact you by phone unless you explicitly request support

Message Frequency & Charges:

  • You will only receive SMS messages when you actively request authentication (logging in or signing up)
  • We do not send recurring marketing messages
  • Standard message and data rates may apply based on your mobile carrier's plan

SMS Service Provider:

We use Twilio as our SMS service provider to deliver authentication messages. Twilio is a secure, industry-leading communications platform that complies with stringent security standards.

  • Transmitted securely using encryption
  • Not used by Twilio for their own marketing purposes
  • Handled in accordance with Twilio's privacy practices and our agreement with them

Your Phone Number Rights:

  • You can delete your account at any time through your account settings, which will remove your phone number from our active systems (retained for 30 days, see Section 8)
  • You control when authentication messages are sent by choosing when to log in
  • For questions about your phone number, contact us at admin@allwithin.com

Data Security:

Your phone number is:

  • Encrypted in transit using TLS 1.3
  • Encrypted at rest in our Supabase database
  • Stored securely in our US East (Virginia) servers
  • Accessible only to authorized All Within team members
  • Permanently deleted 30 days after account deletion

3. HOW WE USE YOUR INFORMATION

We use your information for the following purposes:

Platform Operations:

  • Create and manage your account
  • Authenticate your identity securely
  • Provide access to healing experiences and community features
  • Display your name and location on your profile and content (unless posted anonymously)
  • Enable you to share and discover healing stories

Communications:

  • Send transactional emails (account verification, password resets, important updates)
  • Deliver newsletters and community updates (you can opt out anytime)
  • Respond to your questions and support requests
  • Notify you of changes to our services or policies

Platform Improvement:

  • Analyze usage patterns to improve user experience
  • Troubleshoot technical issues
  • Develop new features and services
  • Conduct research on healing practices and community engagement (using aggregated, anonymized data only)

Safety & Security:

  • Prevent fraud, abuse, and unauthorized access
  • Enforce our Terms of Service
  • Comply with legal obligations
  • Protect the rights and safety of our users

Aggregated Insights:

  • Create anonymized, aggregated statistics about healing experiences (e.g., "12 people reported reduced anxiety with Reiki")
  • Share public insights about healing modality trends
  • NOTE: These insights contain no personally identifiable information

4. HOW WE SHARE YOUR INFORMATION

We DO NOT:

  • Sell your personal information to anyone
  • Rent or lease your contact information
  • Share your phone number with third parties for marketing purposes
  • Share your email address with third parties for their marketing purposes

We DO Share Information In These Limited Situations:

PUBLIC CONTENT YOU CHOOSE TO SHARE:

  • Healing experiences and stories you publish (even if anonymous, we display your general location)
  • Your profile information (name, location, profile picture) when you post non-anonymously
  • Comments and community interactions

SERVICE PROVIDERS WE TRUST:

  • Twilio - SMS authentication (phone numbers only)
  • MailerLite - Email newsletters and notifications (email addresses only)
  • Supabase - Secure database hosting (all account data)
  • Vercel - Website hosting (usage data)
  • Railway/Strapi - Content management (story content)
  • Google Analytics - Usage analytics (anonymized data)

These service providers are contractually obligated to protect your data and use it only for providing services to All Within.

LEGAL REQUIREMENTS:

  • When required by law, court order, or government request
  • To protect our rights, property, or safety, or that of our users
  • In connection with a business transfer (merger, acquisition, etc.) - we will notify you if this occurs

WITH YOUR CONSENT:

Any other sharing will only occur with your explicit permission

5. YOUR RIGHTS & CHOICES

You have control over your information:

Account Management:

  • ACCESS: View your account information in your profile settings
  • UPDATE: Edit your name, location, and profile picture anytime
  • DELETE: Permanently delete your account through account settings
  • EXPORT: Contact us at admin@allwithin.com to request a copy of your data

Content Control:

  • DELETE STORIES: Remove any healing experience you've posted
  • ANONYMOUS POSTING: Choose to share experiences without your name attached
  • NOTE: You cannot edit stories after publishing, but you can delete and repost

Email Preferences:

  • OPT OUT OF NEWSLETTERS: Unsubscribe via the link in any newsletter or through your account settings
  • TRANSACTIONAL EMAILS: Required for account security (authentication, password resets) - cannot be disabled
  • UPDATE EMAIL: Change your email address in account settings

Data Deletion:

When you delete your account:

  • Your account becomes immediately inaccessible
  • Your phone number and email are removed from active use
  • Your data is retained for 30 days for security and legal compliance, then permanently deleted
  • Healing experiences you posted may remain visible anonymously or be removed based on your preferences

6. CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Your CCPA Rights:

  • RIGHT TO KNOW: Request details about the personal information we've collected about you in the last 12 months
  • RIGHT TO DELETE: Request deletion of your personal information (with certain exceptions)
  • RIGHT TO OPT-OUT: Opt out of the sale of your personal information (NOTE: We do not sell personal information)
  • RIGHT TO NON-DISCRIMINATION: We will not discriminate against you for exercising your CCPA rights

Personal Information Categories We Collect:

CATEGORY | EXAMPLES | COLLECTED?

  • Identifiers | Name, email, phone number | ✓ Yes
  • California Customer Records | Name, contact information | ✓ Yes
  • Protected Classification | Age (18+ verification) | ✓ Yes
  • Commercial Information | Transaction history (future feature) | ✗ Not yet
  • Internet Activity | Browsing history, interactions | ✓ Yes
  • Geolocation | General location (city/state) | ✓ Yes
  • Sensory Data | Profile pictures | ✓ Yes (optional)
  • Professional Information | Practitioner recommendations in stories | ✓ Yes (optional)
  • Inferences | Preferences, interests | ✓ Yes (minimal)

How to Exercise Your Rights:

Email us at admin@allwithin.com with "California Privacy Rights" in the subject line. Include:

  • Your full name
  • Phone number or email associated with your account
  • Description of your request
  • Verification information to confirm your identity

We will respond within 45 days.

Authorized Agents:

You may designate an authorized agent to make requests on your behalf. The agent must provide written authorization from you.

7. DATA SECURITY

We take security seriously and implement industry-standard measures to protect your information:

Technical Safeguards:

ENCRYPTION:

  • IN TRANSIT: All data transmitted between your device and our servers is encrypted using TLS 1.3 (Transport Layer Security)
  • AT REST: All data stored in our databases is encrypted using industry-standard encryption protocols

INFRASTRUCTURE:

  • DATABASE: Supabase secure infrastructure in US East (Virginia) region
  • HOSTING: Vercel's secure hosting platform
  • BACKUPS: Automated daily backups retained for 30 days
  • ACCESS CONTROLS: Limited access to authorized All Within team members only

Administrative Safeguards:

  • Regular security assessments
  • Employee training on data protection
  • Strict internal policies for data handling
  • Secure authentication systems

Your Responsibility:

  • Keep your phone secure (authentication codes)
  • Use a strong, unique password if we add password features
  • Log out on shared devices
  • Report suspicious activity immediately

No Guarantee:

While we use reasonable security measures, no internet transmission is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data to the best of our ability.

8. DATA RETENTION

How Long We Keep Your Information:

ACTIVE ACCOUNTS:

  • We retain your information as long as your account is active
  • We retain healing experiences you post indefinitely (unless you delete them)

DELETED ACCOUNTS:

  • When you delete your account, we retain your data for 30 DAYS

This 30-day period allows for:

  • Account recovery if you change your mind
  • Legal compliance and fraud prevention
  • System cleanup and backup cycles

After 30 days, your personal information is permanently deleted

BACKUPS:

  • Daily backups are retained for 30 days
  • Your data in backups is deleted when backups expire

LEGAL REQUIREMENTS:

We may retain certain data longer if required by law or for legitimate legal purposes (e.g., disputes, investigations)

ANONYMOUS CONTENT:

Healing experiences posted anonymously may remain on the platform even after account deletion, as they contain no personally identifiable information

9. CHILDREN'S PRIVACY

All Within is intended for adults only. We do not knowingly collect information from anyone under 18 years of age.

Age Verification:

  • We verify that users are 18 or older during the signup process
  • If you are under 18, do not use All Within or provide any information to us

If We Learn of Under-18 Use:

  • We will immediately delete the account and all associated data
  • We will notify the account holder that their account has been removed

Parents & Guardians:

If you believe your child under 18 has created an account, please contact us immediately at admin@allwithin.com, and we will delete the account.

10. COOKIES & TRACKING TECHNOLOGIES

What Are Cookies?

Cookies are small text files stored on your device that help websites remember information about your visit.

How We Use Cookies:

ESSENTIAL COOKIES (REQUIRED):

  • Authentication and account access
  • Security features
  • Basic site functionality

YOU CANNOT opt out of these while using our services

ANALYTICS COOKIES (GOOGLE ANALYTICS):

  • Understand how users interact with our platform
  • Measure website performance
  • Improve user experience
  • These are anonymized and aggregated

Your Cookie Choices:

  • Most browsers allow you to control cookies through settings
  • Blocking essential cookies may prevent you from using All Within
  • You can opt out of Google Analytics using the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout

Do Not Track:

We do not currently respond to "Do Not Track" browser signals, as there is no industry standard for how to respond to them.

11. THIRD-PARTY SERVICES

We use trusted third-party services to operate All Within. These services have their own privacy policies:

Our Service Providers:

TWILIO (SMS AUTHENTICATION):

  • Purpose: Send authentication codes
  • Data Shared: Phone numbers only
  • Privacy Policy: https://www.twilio.com/legal/privacy

MAILERLITE (EMAIL COMMUNICATIONS):

  • Purpose: Newsletters and transactional emails
  • Data Shared: Email addresses, names
  • Privacy Policy: https://www.mailerlite.com/legal/privacy-policy

SUPABASE (DATABASE & AUTHENTICATION):

  • Purpose: Secure data storage
  • Data Shared: All account and user data
  • Privacy Policy: https://supabase.com/privacy

VERCEL (WEBSITE HOSTING):

  • Purpose: Platform hosting and delivery
  • Data Shared: Usage data, IP addresses
  • Privacy Policy: https://vercel.com/legal/privacy-policy

GOOGLE ANALYTICS:

  • Purpose: Website analytics
  • Data Shared: Anonymized usage data
  • Privacy Policy: https://policies.google.com/privacy

Links to Other Websites:

All Within may contain links to external websites (practitioner websites, resource pages, etc.). We are not responsible for the privacy practices of these external sites. Please review their privacy policies before providing any information.

12. INTERNATIONAL USERS

US-Based Service:

All Within is based in the United States and primarily serves US users. Our servers are located in the United States (Virginia).

If You're Outside the US:

By using All Within, you consent to the transfer of your information to the United States, which may have different data protection laws than your country.

Future International Expansion:

If we expand to serve international users (particularly in the EU/UK), we will update this policy to address GDPR and other international privacy regulations.

13. CHANGES TO THIS PRIVACY POLICY

We May Update This Policy:

As All Within grows and adds new features, we may need to update this Privacy Policy to reflect:

  • New data collection practices
  • Additional services or features
  • Legal or regulatory changes
  • User feedback and best practices

How We'll Notify You:

  • We will post the updated policy on this page with a new "Last Updated" date
  • For material changes, we will email you at your registered email address
  • We may also display a notice on our platform

Your Continued Use:

By continuing to use All Within after changes take effect, you accept the updated Privacy Policy.

Review Regularly:

We encourage you to review this policy periodically to stay informed about how we protect your information.

14. CONTACT US

We're here to answer your privacy questions and address your concerns.

ALL WITHIN LLC

Address:

2175 W Forest Hill Ct

Eagle, Idaho 83616

United States

Email: admin@allwithin.com

For Privacy-Specific Inquiries:

Email us with "Privacy Request" in the subject line

Response Time:

We aim to respond to all inquiries within 5 business days, and to California privacy rights requests within 45 days.

ADDITIONAL LEGAL INFORMATION

Content Ownership & License

YOU RETAIN OWNERSHIP:

You retain all ownership rights to content you submit (healing stories, experiences, comments).

LICENSE YOU GRANT US:

By submitting content, you grant All Within a non-exclusive, royalty-free, worldwide license to use, display, reproduce, and distribute your content on our platform. This allows us to show your stories to other users and operate our services.

YOUR REPRESENTATIONS:

You represent that you own or have permission to share all content you submit and that it does not violate any third-party rights (copyright, privacy, publicity, etc.).

Copyright Infringement (DMCA)

All Within respects intellectual property rights. If you believe content on our platform infringes your copyright, please contact us at admin@allwithin.com with:

  • Your contact information
  • Description of the copyrighted work you believe is infringed
  • Location of the allegedly infringing content on All Within
  • Statement that you have a good faith belief the use is unauthorized
  • Statement under penalty of perjury that the information you provide is accurate and you are the copyright owner or authorized to act on their behalf
  • Your physical or electronic signature

We will investigate and remove infringing content as required by the Digital Millennium Copyright Act (DMCA).

Reporting Inappropriate Content

Users can report inappropriate content through our platform. We review reports and take appropriate action, which may include:

  • Removing content that violates our Terms of Service
  • Suspending or terminating user accounts
  • Reporting illegal activity to authorities when required

Our commitment to you.

At All Within, we're building a platform grounded in integrity, transparency, and respect. We navigate our work through the compass of energy and intention, always acting in accordance with the Highest Good.

Your privacy is part of that commitment.

We collect only what we need, protect what we have, and give you control over your information. We're here to support your healing journey, not exploit your data.

Thank you for trusting us with your information as you explore holistic healing.

Questions? We're here to help: admin@allwithin.com

This Privacy Policy is effective as of November 1, 2025 and applies to all users of the All Within platform.