Updated Privacy Policy

Privacy Policy
Last Updated: February 9, 2026

Introduction

This Privacy Policy describes how SHREDLY ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website or purchase our retreat experiences. We are committed to protecting your privacy and handling your personal information with care and respect.

SHREDLY (PO Box 1986, Carbondale, CO, 81623, US) is the data controller responsible for your personal information.

By using our website or services, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Information You Provide to Us

We collect information that you voluntarily provide when you:

  • Book a retreat, trip, or experience - name, email address, phone number, mailing address, date of birth, emergency contact information (name, relationship, phone number)

  • Make payments - billing address and payment method information (we do not store full credit card numbers; payment card information is collected and processed directly by our payment processor in accordance with PCI-DSS standards)

  • Contact us - any information you include in correspondence, inquiries, or feedback

  • Complete forms - dietary restrictions, health information, medical conditions, special accommodation needs, preferences for retreat activities

  • Subscribe to communications - email address for newsletters and updates

Health and Medical Information: We collect health information, medical conditions, and dietary restrictions only to the extent necessary to safely accommodate you during retreats and provide appropriate services. This sensitive information is kept confidential and shared only with relevant vendors (catering services, activity providers, medical personnel) on a need-to-know basis to ensure your safety and comfort.

Emergency Contact Information: Emergency contact details are stored securely and accessed only in case of an emergency during your retreat.

Information Collected Automatically

When you visit our website, we automatically collect certain information about your device and browsing activity:

  • Log data - IP address, browser type, operating system, pages visited, time spent on pages, referring website

  • Cookies and tracking technologies - We use cookies and similar technologies to enhance your experience (see Cookie Policy below)

  • Analytics data - Information about how you interact with our website through tools like Google Analytics

Information from Third Parties

We may receive information about you from third-party platforms such as:

  • Social media platforms - If you engage with our social media posts, tag us, or interact with our content, we may see publicly available information from your profile

  • Payment processors - Transaction confirmations and payment status from providers who handle payments on our behalf

  • Marketing partners - Aggregated or de-identified data to help us reach potential customers

Photography and Video from Retreats

During retreats, we may take photographs and videos that include participants:

  • What we collect: Photos and videos of participants during retreat activities, meals, and events

  • How we use it: Marketing materials, website content, social media posts, promotional materials, and newsletters

  • Your rights: You may opt-out of being photographed or filmed by notifying us in writing at hello@shredly.com upon arrival at the retreat start date. If you appear in photos or videos and wish to have them removed from our marketing materials after the retreat, contact us and we will honor your request where feasible.

  • Storage: Photos and videos are stored securely and retained indefinitely for marketing purposes unless you request removal of images containing you.

How We Use Your Information

We use your personal information for the following purposes:

Service Delivery

  • Process and fulfill retreat and experience bookings and reservations

  • Communicate about your booking, including confirmations, updates, and changes

  • Coordinate travel, accommodation, and activity arrangements

  • Accommodate dietary restrictions, health needs, and special requests

  • Provide emergency assistance and contact your emergency contacts if needed

Customer Support

  • Respond to your inquiries, questions, and requests

  • Provide customer service and support

  • Handle complaints and resolve disputes

Business Operations

  • Process payments and prevent fraud

  • Maintain and improve our website functionality

  • Analyze usage patterns to enhance user experience

  • Conduct internal research and development

Marketing and Communications

  • Send newsletters, promotional materials, and updates about retreats (you can opt-in during booking, through our website, or by subscribing to our newsletter)

  • Personalize marketing messages based on your interests and previous interactions

  • Conduct surveys and gather feedback

  • You may unsubscribe from marketing communications at any time using the unsubscribe link in our emails

Legal Compliance

  • Comply with applicable laws and regulations

  • Enforce our terms and conditions

  • Protect our rights and property

  • Respond to legal requests and prevent harm

How We Share Your Information

We do not sell your personal information. We may share your information with:

Service Providers

We share information with trusted third-party service providers who assist us in operating our business, including:

  • Squarespace - Our website hosting platform

  • Payment processors - To process transactions securely (e.g., Stripel)

  • Email service providers - To send communications (e.g., Klaviyo)

  • Analytics providers - To understand website usage (e.g., Google Analytics)

  • Retreat venues and vendors - To coordinate accommodation, meals, activities, and transportation

  • Other service providers - As necessary to deliver our services, such as CRM systems, booking platforms, and communication tools

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

Legal Requirements

We may disclose your information when required by law, such as:

  • In response to subpoenas, court orders, or legal processes

  • To protect our rights, property, or safety, or that of others

  • To investigate fraud or security issues

  • To comply with regulatory obligations

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

With Your Consent

We may share your information with other parties when you give us explicit permission to do so.

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to:

  • Remember your preferences and settings

  • Analyze website traffic and user behavior

  • Deliver personalized content and advertisements

  • Improve website functionality

Types of Cookies We Use

  • Essential cookies - Required for website operation (e.g., shopping cart, security)

  • Functional cookies - Remember your preferences and settings

  • Analytics cookies - Help us understand how visitors use our site (e.g., Google Analytics)

  • Marketing cookies - Used to deliver relevant advertisements and track campaign effectiveness

Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to:

  • View what cookies are stored and delete them individually or all at once

  • Block third-party cookies

  • Block cookies from specific sites

  • Block all cookies

  • Delete all cookies when you close your browser

Note: Disabling cookies may affect website functionality and your user experience. Essential cookies cannot be disabled if you wish to use our booking system.

Browser instructions: For detailed instructions on managing cookies, visit:

  • Chrome: chrome://settings/cookies

  • Firefox: about:preferences#privacy

  • Safari: Preferences > Privacy

  • Edge: edge://settings/privacy

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of sensitive data in transit and at rest (SSL/TLS)

  • Secure servers and databases with access controls

  • Regular security assessments and vulnerability testing

  • Multi-factor authentication for staff access

  • Staff training on data protection and privacy

  • Secure disposal of data when no longer needed

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information using commercially reasonable measures, we cannot guarantee absolute security.

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law. Notifications will be sent to your email address on file and may include information about what data was affected, steps we are taking, and actions you should consider.

Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

  • Booking and transaction information - Retained for at least up to 7 years for legal, accounting, and tax purposes

  • Marketing communications - Retained until you unsubscribe, then removed within 30 days

  • Analytics data - Retained in accordance with our analytics provider's policies, typically 26-38 months

  • Photos and videos - Retained indefinitely for marketing purposes unless you request removal

  • Health and emergency contact information - Retained for the duration of your booking and for up to 1 year after retreat completion, then securely deleted unless longer retention is required

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

Access and Portability

  • Request access to the personal information we hold about you

  • Receive a copy of your data in a portable, machine-readable format

Correction

  • Request correction of inaccurate or incomplete information

Deletion

  • Request deletion of your personal information (subject to legal obligations requiring retention)

Restriction

  • Request limitation of how we process your information in certain circumstances

Objection

  • Object to processing of your information for certain purposes, including marketing

Withdrawal of Consent

  • Withdraw consent for processing based on consent at any time (this will not affect the lawfulness of processing before withdrawal)

Opt-Out of Marketing

  • Unsubscribe from marketing emails at any time using the unsubscribe link in our emails or by contacting us

To exercise these rights, please contact us at hello@shredly.com with your request. We will respond within 30 days and may require verification of your identity before processing your request.

International Data Transfers

If you are located outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

We take appropriate measures to ensure your information receives adequate protection in accordance with this Privacy Policy and applicable law. Where required, we rely on approved transfer mechanisms such as Standard Contractual Clauses or other legal frameworks recognized under applicable data protection laws.

Children's Privacy

Our services are intended for individuals 18 years of age and older. For participants under 18, we collect information only with parental or guardian consent as outlined in our Terms of Service. The parent or guardian is responsible for providing accurate information and making bookings on behalf of minors.

We do not knowingly collect personal information directly from children under 13. If you believe we have collected information from a child under 13 without parental consent, please contact us immediately at hello@shredly.com, and we will take steps to delete such information.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you. All booking decisions and customer interactions involve human review.

Third-Party Links

Our website may contain links to third-party websites, social media platforms, or partner services. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

State-Specific Privacy Rights

California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold

  • Right to delete personal information, subject to certain exceptions

  • Right to opt-out of the sale of personal information (we do not sell personal information)

  • Right to non-discrimination for exercising your CCPA rights

To exercise these rights, contact us at hello@shredly.com or call 888.474.9528.

Colorado Privacy Rights

As a Colorado-based business, Colorado residents have rights under the Colorado Privacy Act (CPA) including:

  • Right to access your personal information

  • Right to correct inaccuracies in your personal information

  • Right to delete personal information

  • Right to opt-out of the sale of personal information (we do not sell personal information), targeted advertising, and certain profiling

To exercise these rights, contact us at hello@shredly.com. We will respond to your request within 45 days.

Other State Privacy Rights

Residents of Virginia, Connecticut, and other states with comprehensive privacy laws have similar rights. Please contact us at hello@shredly.com to exercise your rights under applicable state law.

European Privacy Rights

If you are located in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR), including those listed in the "Your Privacy Rights" section above.

Our Legal Basis for Processing

We process your information based on the following legal grounds:

  • Contract performance - To fulfill our obligations to you under our Terms of Service

  • Consent - When you have given explicit consent (e.g., marketing communications, photography)

  • Legitimate interests - For business operations, fraud prevention, and service improvement (where not overridden by your rights)

  • Legal compliance - To comply with applicable laws and regulations

Your GDPR Rights

In addition to the rights listed above, you have the right to lodge a complaint with your local data protection authority if you believe we have not handled your information properly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes by:

  • Posting the updated policy on our website with a new "Last Updated" date

  • Sending an email notification for material changes (if you have provided your email address)

  • Displaying a prominent notice on our website

Material changes include changes to how we use your information, who we share it with, or your rights. For bookings made before the Privacy Policy is updated, the policy in effect at the time of booking will apply to that booking.

We encourage you to review this policy periodically to stay informed about how we protect your information.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

SHREDLY
Email: hello@shredly.com
Mailing Address: PO Box 1986, Carbondale, CO, 81623, US
Phone: 888.474.9528

Acknowledgment

By using our website and services, you acknowledge that you have read and understood this Privacy Policy.