top of page

Privacy Policy

Last updated: January 19, 2026

Jessica Pearl Herman, with registered office in Milan, Italy, P.IVA: 12149510963 (“we,” “us,” “our”), operates the website jpherman.com (the “Site”).
We are committed to protecting your privacy and personal data in compliance with Regulation (EU) 2016/679 (“GDPR”), Italian Legislative Decree 196/2003 as amended (Privacy Code), and applicable EU ePrivacy rules.

This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you visit our Site, use our Services (including spiritual guidance, personal development content, sessions, and memberships), or contact us.

1. Data Controller and Contact

The data controller is Jessica Pearl Herman, P.IVA: 12149510963.


For any privacy-related questions or to exercise your rights under GDPR, you may contact us at: one@jpherman.com

No Data Protection Officer (DPO) has been appointed, as we are not subject to mandatory DPO designation under Article 37 GDPR.

2. Categories of Personal Data We Collect

We collect only data that are necessary to provide and manage our Services:

  • Identity and contact data: name, email address, billing address (for purchases or sessions);

  • Account data: username, encrypted/hashed password, purchase and membership history;

  • Communication data: messages sent via email or contact forms;

  • Usage and technical data: IP address, browser type, device information, pages visited, collected through cookies or similar technologies;

  • Payment data: payment status and transaction identifiers processed by third-party payment providers (we do not store full credit card details);

  • Session-related data: notes, audio and video or summaries generated in the context of 1:1 sessions (e.g., spiritual guidance, coaching, Human Design), stored securely and accessed only as necessary. This data is shared only with express verbal consent.

Where, in the context of 1:1 sessions, you voluntarily share information that may qualify as special category data under Article 9 GDPR (including health-related information), such data are processed only with your explicit consent and solely for the purpose of providing the requested Services.

3. How We Collect Personal Data

Personal data are collected:
 

  • Directly from you (e.g., forms, purchases, account creation, email communications, audio/video recording of sessions or podcast interviews);

  • Automatically through cookies and similar technologies (see Section 6);

  • From trusted third parties necessary to provide Services (e.g., payment processors or scheduling tools).

4. Legal Bases and Purposes of Processing

We process personal data only where a lawful basis applies:
 

  • Performance of a contract (Art. 6(1)(b) GDPR):
    to create and manage user accounts, deliver Services and sessions, process orders, and provide customer support and transactional communications;

  • Legal obligation (Art. 6(1)(c) GDPR):
    to comply with accounting, tax, and regulatory obligations (e.g., invoice retention);

  • Consent (Art. 6(1)(a) GDPR):
    to send newsletters, marketing communications, or promotional content (opt-in only), and to process any special category data voluntarily provided during sessions;

  • Legitimate interest (Art. 6(1)(f) GDPR):
    to ensure Site security, prevent abuse, and analyze anonymized usage data in order to improve the Site and Services, where such interests are not overridden by your rights.

You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

5. Data Sharing and International Transfers

We share personal data only where strictly necessary or with express verbal consent, including with:
 

  • Service providers such as payment processors, hosting providers, email services, analytics providers, and scheduling tools, all acting as data processors under written agreements;

  • Public authorities or regulators where required by law.

  • Clips or sessions for public viewing (YouTube, course, events) with express verbal consent
     

We do not sell personal data or share them for third-party marketing purposes without your explicit consent.

Where data are transferred outside the European Economic Area (e.g., to service providers in the United States), we rely on adequacy decisions, Standard Contractual Clauses, and, where appropriate, additional technical and organizational safeguards in accordance with applicable data protection guidance.

6. Cookies and Tracking Technologies

The Site uses cookies and similar technologies to ensure proper functionality, improve user experience, and analyze site performance.
 

  • Essential cookies are always enabled;

  • Analytics or non-essential cookies are used only with your consent.
     

You can manage or withdraw your consent at any time through the cookie consent banner or browser settings. Further details are provided in our Terms of Service.

7. Data Retention

We retain personal data only for as long as necessary for the purposes described:
 

  • Account and purchase data: for the duration of the contractual relationship and up to 10 years thereafter for tax and accounting compliance;

  • Session-related data: until completion of the service and for up to 2 years, unless a shorter period is requested;

  • Marketing data: until consent is withdrawn;

  • Cookies: generally 12–24 months, depending on type.
     

Data are securely deleted or anonymized once retention periods expire.

8. Your Rights Under GDPR

As a data subject, you have the rights set out in Articles 15–22 GDPR, including:
 

  • Access to your personal data;

  • Rectification of inaccurate or incomplete data;

  • Erasure (“right to be forgotten”), subject to legal retention obligations;

  • Restriction of processing;

  • Data portability;

  • Objection to processing based on legitimate interest;

  • Withdrawal of consent at any time.
     

You may exercise these rights by contacting one@jpherman.com. We will respond within one month as required by law.
 

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali): www.garanteprivacy.it

9. Non-EU Users

If you access the Site from outside the EU, your data will still be processed in accordance with GDPR standards. Additional local laws may also apply.

10. Children’s Privacy

The Services are not directed at minors, and we do not knowingly collect personal data from individuals under the age of 16.
If you believe a minor has provided personal data, please contact us to request deletion.

11. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including HTTPS encryption, access controls, and regular security reviews.
In the event of a personal data breach, we will act in accordance with applicable legal requirements.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect legal, technical, or operational changes. The updated version will be published on this page with a revised “Last updated” date.
Where required by law, we will notify you of significant changes.

13. Contact

For any questions regarding this Privacy Policy or the processing of personal data, please contact one@jpherman.com. This Privacy Policy should be read together with our Terms of Service.

bottom of page