Skip to content

Legal

Privacy Policy

Last updated: April 27, 2026

Arkanic Healing Studio (“we,” “our,” or “the Studio”) is committed to protecting your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Nova Scotia privacy legislation. This policy explains what we collect, why, and how you can exercise your rights.

1. Who We Are

Arkanic Healing Studio
1976 Sackville Drive, Middle Sackville, NS B4E 3B5
contact@arkanichealing.ca · (902) 478-6344

Privacy enquiries and data subject requests may be directed to the same address or emailed to contact@arkanichealing.ca with subject line “Privacy Request.”

2. What We Collect

We collect only what is necessary to deliver our services:

  • Contact information: name, email address, phone number.
  • Booking and scheduling data: appointment dates, session type, attendance history — managed via WellnessLiving.
  • Account credentials: password hash (argon2id). We never store plaintext passwords.
  • Bio-Well® scan data: biofield scan results, session dates, practitioner notes, and any uploaded PDF reports — stored only when you have an account and a session has occurred.
  • Communications: messages you send us via the contact form.
  • Technical data: IP address (rate-limiting only, not retained beyond the rate-limit window), browser type, and session identifiers (HttpOnly cookies).
  • Analytics (with your consent): page views and interaction events via Google Analytics 4. Only collected if you accept analytics cookies.

We do not collect sensitive health information beyond what is described above. Bio-Well® is a wellness assessment tool, not a medical diagnostic.

3. Why We Collect It

We process your personal information for these purposes:

  • Service delivery: booking management, session records, client portal access.
  • Client portal: displaying your Bio-Well® reports and enabling the AI report assistant.
  • AI report assistant: your scan data is sent to Anthropic's API to generate plain-language explanations. No data is used to train Anthropic's models (covered by our data processing agreement). The assistant answers only Bio-Well® report questions.
  • Communications: responding to your contact form messages and sending booking confirmations.
  • Security: detecting and preventing abuse, brute-force login attempts, and fraud.
  • Analytics (consent-based): understanding how the public site is used so we can improve it.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We share it only with:

  • WellnessLiving: our booking and scheduling platform. Governed by WellnessLiving's privacy policy.
  • Anthropic (Claude AI): scan context sent to generate report explanations. Data processed under a data processing agreement; not used for model training.
  • Vercel: our hosting provider. Infrastructure-level access only.
  • Neon (PostgreSQL) and Cloudflare R2: database and file storage, encrypted at rest.
  • Google Analytics (if you consent): anonymized usage data.

All third-party processors are bound by data processing agreements and are permitted to use your information only as instructed.

5. Retention

  • Account data: retained while your account is active. Deleted within 30 days of a verified account deletion request.
  • Bio-Well® PDFs: retained until you delete your account or request removal.
  • Security audit logs: retained for 90 days.
  • Analytics data: subject to Google Analytics' standard retention settings (default 14 months).
  • Rate-limit counters: cleared automatically after the rate-limit window (15 minutes to 1 hour depending on endpoint).

6. Your Rights (DSAR)

Under PIPEDA you have the right to:

  • Access: request a copy of the personal information we hold about you.
  • Correction: ask us to correct inaccurate information.
  • Deletion: request that we delete your account and personal data.
  • Withdraw consent: withdraw consent for analytics at any time (click "Decline" in the cookie banner or clear your browser storage).
  • Portability: request your data in a machine-readable format.

To exercise any right, email contact@arkanichealing.ca with subject line “Privacy Request.” We will respond within 30 days. We may ask you to verify your identity before processing the request.

7. Cookies and Local Storage

We use the browser's localStorage (not cookies) for two things:

  • Theme preference (theme): stores your dark/light mode preference. No expiry. Required for a consistent experience. No consent required as it contains no identifying information.
  • Analytics consent (ak_analytics): records whether you accepted or declined Google Analytics. Set only when you interact with the cookie banner.

We also use an HttpOnly session cookie (payload-token) for authentication when you are logged in. This cookie is required for the client portal and cannot be disabled without logging out.

8. Security

We use industry-standard security measures: HTTPS with HSTS preload, encrypted databases, argon2id password hashing, HttpOnly/Secure/SameSite=Strict session cookies, a strict Content Security Policy, and automatic account lockout after failed login attempts. No system is perfectly secure — if you discover a vulnerability, please report it to contact@arkanichealing.ca.

9. Changes to This Policy

We may update this policy as our services evolve. We will post the revised policy on this page with an updated date. For material changes, we will notify you by email or by a prominent notice on the site.

10. Contact

Questions or concerns about this policy or our privacy practices: contact@arkanichealing.ca

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.

© 2026 Arkanic Healing StudioNova Scotia, CanadaPrivacyTerms

We use cookies to remember your theme preference. With your permission, we also use Google Analytics to understand how the site is used. Privacy Policy.