Site Policies

Privacy Policy

Last updated: 12/4/2025

This Website Privacy & Cookies Policy explains how TheOmegaCollective (“we”, “us”, or “our”) uses personal data when you visit our website and interact with our services.

We aim to keep data collection to an absolute minimum. Our website:

  • uses only basic, essential cookies;
  • does not provide user logins or accounts; and
  • does not use third-party advertising cookies or behavioral tracking pixels.

This policy is intended to comply with the EU/UK General Data Protection Regulation (“GDPR”) and similar data-protection laws, where applicable.

1. Data Controller

The data controller responsible for your personal data is:

TheOmegaCollective
Email: support@omegacollective.net
Santee, CA 92071, United States of America

2. Personal Data We Collect

We only collect personal data that you choose to provide or that is technically necessary to operate the website and our services.

a) Data you provide directly
  • Contact inquiries – If you contact us by email, contact form, or text message, we collect the information you provide (such as your name, email address, phone number, and the content of your message).
  • Newsletter / email list sign-ups – If you subscribe to our newsletter or email list (e.g. via Beehiiv), we collect your email address and any other details you provide at sign-up.
  • Bookings and purchases – If you book a call (e.g. via Calendly) or purchase services/products (e.g. via Stripe), we receive basic booking or transaction details (such as your name, contact details, and what you purchased). We do not receive or store your full payment card details.
b) Technical data & basic cookies

When you visit our website, our hosting provider automatically collects limited technical data required for the site to function and remain secure, such as:

  • IP address
  • browser type and version
  • operating system
  • date and time of access
  • pages visited and basic request metadata
  • Google Analytics data

We do not currently use tracking pixels (such as Facebook/Meta Pixel) on the website.

3. Cookies

Our website uses only basic, essential cookies to:

  • enable core site functionality (for example, navigation, basic security, or load balancing);
  • support embedded or integrated third-party services, such as payment processing (Stripe) or booking tools (Calendly), where used.

We do not use cookies for:

  • behavioral advertising;
  • detailed analytics or profiling.

Where third-party services place their own cookies (for example, Stripe or Calendly), those cookies are governed by the privacy and cookie policies of those providers. You can usually control cookies through your browser settings.

We process your personal data only when we have a lawful basis to do so under the GDPR, for example:

  • Performance of a contract – To provide consulting services, handle bookings, fulfill purchases, and communicate about your order or engagement with us.
  • Legitimate interests – To operate and secure our website, prevent abuse, respond to general enquiries, and maintain basic business records.
  • Consent – Where required by law (for example, when you subscribe to our email list or choose to receive marketing communications). You may withdraw your consent at any time by using the unsubscribe link in our emails or contacting us.
5. Sharing Your Data

We do not sell your personal data.

We may share your data only with trusted third-party service providers who support our business operations, such as:

  • Website hosting provider (for site hosting and security);
  • Email and newsletter provider (e.g. Beehiiv, for sending emails and managing our mailing list);
  • Scheduling tools (e.g. Calendly, for booking calls);
  • Payment processors (e.g. Stripe, for securely processing payments – we do not store full card details ourselves).

These third parties are permitted to process your personal data only as necessary to provide their services to us and must handle your data in accordance with applicable data-protection laws and our instructions.

We may also disclose personal data if required to do so by law or to protect our rights or the rights of others.

6. International Transfers

Some of our service providers may be located outside your country, including outside the European Economic Area (EEA) or UK. Where we transfer personal data internationally, we will do so in accordance with applicable data-protection laws (for example, using appropriate safeguards such as standard contractual clauses, where required).

7. Data Retention

We keep personal data only for as long as necessary to fulfill the purposes described in this policy or to comply with legal, accounting, or reporting obligations.

For example:

  • contact enquiries are retained for as long as needed to handle your request and maintain business records;
  • newsletter subscriber data is retained while you remain subscribed;
  • transaction records are retained as required by tax and accounting laws.

When data is no longer needed, we will delete or anonymize it.

8. Your Rights (GDPR)

Where the GDPR or similar laws apply, you may have the following rights in relation to your personal data:

  • Right of access – to obtain confirmation of whether we process your data and a copy of that data.
  • Right to rectification – to correct inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data in certain circumstances.
  • Right to restriction – to request that we limit processing of your data in certain cases.
  • Right to data portability – to receive your data in a structured, commonly used format and have it transmitted to another controller where technically feasible.
  • Right to object – to object to processing based on our legitimate interests or to direct marketing.
  • Right to withdraw consent – where processing is based on your consent, you may withdraw that consent at any time.

To exercise these rights, please contact us using the details in Section 9 below. You may also have the right to lodge a complaint with your local data-protection supervisory authority.

9. Contact Us

If you have any questions about this policy or how we handle personal data, or if you wish to exercise your data-protection rights, please contact us at:

Email: support@omegacollective.net

10. Changes to This Policy

We may update this Website Privacy & Cookies Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date. We encourage you to review this policy periodically.

PCI Compliance Policy

Last updated: 12/4/2025

This PCI Compliance Policy describes how TheOmegaCollective (“we”, “us”, or “our”) handles payment card information in connection with purchases of our services and products.

We aim to minimize our exposure to cardholder data and rely on trusted, PCI DSS–compliant third-party providers for all payment processing.

1. Scope

This policy applies to:

  • all payment transactions initiated through our website or invoicing links; and
  • all systems and processes we control that relate to payment processing and cardholder data.

It covers card payments made by clients using Stripe-hosted checkout pages or payment links, or similar PCI DSS–compliant payment processors we may use from time to time.

2. Use of Third-Party Payment Processors

We do not directly process or store full payment card numbers, CVV codes, or magnetic stripe data on our own servers or systems.

Instead:

  • All card payments are processed by Stripe, a third-party payment processor that is certified as compliant with the Payment Card Industry Data Security Standard (PCI DSS).
  • When you make a payment, you are redirected to or interact with a Stripe-hosted payment page or embedded form, and your card details are submitted directly to Stripe.
  • We receive from Stripe only limited information necessary to identify your transaction (for example, your name, contact details, and the last four digits of your card number).
3. Cardholder Data Handling

To reduce risk and maintain PCI DSS alignment:

  • We do not collect, transmit, or store full card numbers, CVV codes, or PIN data on our website, servers, or local systems.
  • We do not request card details by email, text message, chat, or any other unencrypted channel.
  • Access to payment-related data we do receive from Stripe (e.g. customer name, email, billing details, last four digits of card) is restricted to authorized personnel who need it for business purposes such as billing, accounting, and customer support.
4. Technical and Organizational Security Measures

Although we do not store full cardholder data, we implement appropriate technical and organizational measures to protect related customer information, including:

  • Using HTTPS/TLS encryption on our website for any pages that collect or display customer information.
  • Maintaining secure access controls (unique logins, strong passwords, role-based access, and where appropriate multi-factor authentication) for systems used to access Stripe and related business tools.
  • Applying security updates to our website platform, plugins, themes, and hosting environment on a regular basis.
  • Limiting access to Stripe accounts and dashboards to authorized individuals and revoking access when no longer required.
5. Employee Awareness and Training

Individuals who have access to payment-related information are made aware that:

  • Full card numbers, CVV codes, and other sensitive authentication data must never be requested, written down, stored, or transmitted outside of Stripe’s secure environment.
  • Any suspected compromise of payment information must be reported immediately so that appropriate action can be taken.
6. Incident Response

If we become aware of a potential or actual security incident involving payment information:

  1. We will promptly investigate the incident, including working with Stripe and our hosting provider as needed.
  2. We will take appropriate steps to contain and remediate the issue.
  3. Where required by law or by Stripe, we will notify affected individuals and/or relevant authorities.

We retain only the minimum payment-related information necessary for:

  • maintaining accurate business and accounting records;
  • handling customer enquiries; and
  • complying with legal, tax, and regulatory obligations.

Such data may include your name, contact details, transaction dates and amounts, and the last four digits of your card number. We do not store full card numbers or CVV codes.

8. Changes to This Policy

We may update or modify this PCI Compliance Policy from time to time. Any changes will be effective when posted on this page with an updated “Last updated” date. We encourage you to review this policy periodically.

9. Contact Us

If you have any questions about this PCI Compliance Policy or how we handle payment-related information, please contact us at:

Email: support@omegacollective.net