International Data Transfers

    We are based in Zürich, Switzerland and serve clients internationally. Your personal information may be transferred to and processed in countries outside of your residence, including Switzerland and the United States (where many of our service providers are located such as Google, Zoom, MemberVault, and others).

    These countries may have different data protection laws than your country of residence. However, we ensure that appropriate safeguards are in place for international data transfers through:

    • Standard Contractual Clauses (SCCs) where applicable
    • Adequacy decisions by relevant data protection authorities
    • Service provider contractual commitments to data protection standards

    By using our services, you acknowledge and consent to the international transfer of your personal information as described above.

    Automated Decision-Making

    We use automated systems, primarily through Zapier integrations, to provide you with personalized experiences including:

    • Course recommendations based on your interests and previous purchases
    • Masterclass suggestions tailored to your profile
    • Service recommendations aligned with your needs
    • Customized email content and timing

    These automated processes are designed to enhance your experience and are based on information you provide and your interactions with our services. You have the right to request human review of any automated decisions that significantly affect you.

    Data Retention

    We retain your personal information as follows:

    • Account and Contact Information: Retained indefinitely to maintain our ongoing relationship and provide continued service
    • Course Materials and Progress: Retained indefinitely to allow you lifetime access to purchased courses and track your educational journey
    • Email Communications: Retained indefinitely to maintain communication history and provide consistent service
    • Comments and User Data: Comments and metadata retained indefinitely to enable automatic approval of follow-up comments and maintain discussion continuity
    • User Accounts: Personal information in user profiles retained indefinitely while account is active; you can edit or delete this information at any time
    • Payment Information: Retained as required by applicable tax and accounting laws (typically 7-10 years)
    • Marketing Materials: Photos, testimonials, and social proof materials are retained indefinitely for ongoing marketing purposes
    • Technical Data: Website analytics and usage data retained for up to 3 years

    You may request deletion of your personal information at any time, though this may affect our ability to provide certain services. Some information may be retained longer where required by law or for legitimate business purposes.

    Data Security# Privacy Policy for NightshadeSanctum.com, ZelaFeraco.com, and SkyGardenTarot.com

    Effective Date: July 29, 2025
    Last Updated: July 29, 2025

    Introduction

    Welcome to NightshadeSanctum.com, ZelaFeraco.com, and SkyGardenTarot.com (“we,” “our,” “us,” or “the websites”). All three websites are part of the same business ecosystem and are operated by the same entity. SkyGardenTarot.com was our previous business which has evolved into our current brands, and existing clients from Sky Garden Tarot have been migrated to our new ecosystem. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy applies to all websites and explains how we collect, use, disclose, and safeguard your information when you visit any of our websites or use our services.

    This privacy policy is effective as of July 29, 2025 and replaces any previous privacy practices across all our websites. It applies to all data collected from the effective date forward. For any data collected from our previous business (Sky Garden Tarot) or prior to this effective date, we commit to applying these same privacy protections and standards to ensure consistent data protection across all user information.

    Information We Collect

    Information You Provide Directly

    • Contact Information: Name, email address, phone number when you contact us, subscribe to our newsletter via Flodesk, book masterclass sessions through YouCanBookMe, or communicate via social media direct messages
    • Website Interactions: Comments on our websites, including your IP address and browser user agent string for spam detection
    • Email Opt-ins: Information collected through popup forms and email subscription forms (OptinMonster)
    • User Accounts: If you create an account on our websites, we collect the information you provide in your user profile
    • Social Media Communications: Direct messages and private communications sent through social media platforms (Facebook, Instagram, etc.)
    • Course and Program Information: Information collected when you purchase courses through MemberVault, including account details and progress data
    • Application Data: Information submitted through Typeform application forms for programs or services
    • Booking Information: Scheduling details, preferences, and related data when booking appointments through YouCanBookMe
    • Masterclass Data: Information collected during Zoom masterclasses and Facebook live sessions, including participation data and interactions
    • Course Materials: Assignments, coursework submissions, and related materials submitted through Google Drive, email, or other platforms
    • Feedback and Surveys: Information collected through Google Forms for feedback, testimonials, and service evaluation
    • Visual Content: Photos taken during live classes and masterclasses, screenshots, and images for social proof and marketing purposes
    • Social Media Content: Public posts, comments, reviews, and interactions on our social media pages (Facebook, Instagram, YouTube, TikTok) and in our Facebook groups (both public and private)
    • Private Group Interactions: Posts, comments, discussions, and shared content within our private Facebook groups and other private community spaces
    • Testimonials and Feedback: Written testimonials, video testimonials, social media posts, and other feedback you provide about our services
    • Communication Data: Messages, comments, or other content you submit through our contact forms or communication features
    • Payment Information: Billing details for any purchases (processed securely through third-party payment processors including PayPal, Stripe, and buy now pay later services such as Klarna, depending on the service used)

    Information Collected Automatically

    • Technical Data: IP address, browser type, operating system, device information
    • Usage Data: Pages visited, time spent on site, click patterns, referral sources
    • Cookies and Tracking Technologies: Session cookies, persistent cookies, web beacons, and similar technologies
    • Analytics Data: Website performance metrics, user behavior analysis, and traffic statistics (may include Google Analytics, Facebook Pixel, and other tracking tools)
    • Marketing Data: Advertising performance, conversion tracking, and audience insights from various marketing platforms

    How We Use Your Information

    We use the collected information for the following purposes:

    • Service Provision: To provide, maintain, and improve our websites and services across both domains
    • Course Delivery: To manage course materials, assignments, and student progress through Google Workspace tools
    • Communication: To respond to inquiries, send updates, newsletters, and important notices via Gmail and Flodesk
    • Personalization: To customize your experience and provide relevant content across our websites
    • Marketing and Promotion: To use testimonials, reviews, social media posts, photos, and feedback as social proof and promotional materials for our services across both websites
    • Content Creation: To create screenshots, photos, and share user-generated content from our social media pages, groups, and live sessions for marketing purposes
    • Analytics: To understand how our websites are used, improve user experience, and optimize our marketing efforts through various tracking and analytics tools
    • Automated Recommendations: To provide personalized course, masterclass, and service recommendations through automated systems (primarily Zapier integrations)
    • Analytics: To understand how our website is used and improve user experience
    • Legal Compliance: To comply with applicable laws and regulations
    • Security: To protect against fraud, unauthorized access, and other security threats

    How We Share Your Information

    We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

    • Service Providers: With trusted third-party vendors who assist in operating our website and services, including:
      • MemberVault: For course delivery and management
      • Flodesk: For email marketing and newsletter services
      • YouCanBookMe: For appointment scheduling and booking management
      • Typeform: For application forms and data collection
      • Zapier: For automated data integration between our services (transfers data from Typeform, MemberVault, and YouCanBookMe to Flodesk for consolidated email management)
      • PayPal and Stripe: For secure payment processing
      • Buy Now Pay Later Services: Including Klarna and other installment payment providers for flexible payment options
      • Zoom: For delivering masterclasses and online sessions
      • Facebook/Meta: For live masterclasses, group interactions, and social media marketing
      • Google Workspace: Including Gmail, Google Drive, Google Docs, and Google Forms for course delivery, communication, file storage, and feedback collection
      • Canva: For creating marketing materials, social media posts, and promotional content that may include client photos, testimonials, and social proof
      • Gravatar: For displaying profile pictures in comments (if you use this service)
      • Spam Detection Services: For automated comment moderation and spam prevention (Akismet)
      • Website Security Services: For protection against malicious attacks and monitoring (Jetpack)
      • Email Marketing Tools: For popup forms and lead generation (OptinMonster)
      • Analytics and Marketing Tools: May include Google Analytics (via MonsterInsights), Facebook Pixel, and other tracking/advertising platforms for website optimization and marketing purposes
      • Web Hosting Services: Bluehost provides hosting infrastructure for our websites and handles server-level data processing
      • Other vendors: Web hosting and technical support services
    • Employees and Contractors: With freelancers, virtual assistants, and employees who assist with business operations, including website development, social media management, content creation, and marketing materials that may contain client information, photos, testimonials, and social proof
    • Legal Requirements: When required by law, court order, or government request
    • Business Transfers: In connection with a merger, acquisition, or sale of assets
    • Consent: With your explicit consent for specific purposes
    • Safety: To protect the rights, property, or safety of our users or others

    Data Sharing Between Websites

    Since NightshadeSanctum.com, ZelaFeraco.com, and SkyGardenTarot.com are part of the same business ecosystem, information collected across any of these websites may be used to provide services, communicate with you, and deliver content across all platforms. This integrated approach allows us to provide you with a seamless experience across our evolving business.

    Business Evolution: Sky Garden Tarot was our previous business that has evolved into our current brands (Nightshade Sanctum and Zela Feraco). Existing client data and relationships from Sky Garden Tarot have been migrated to our new ecosystem to ensure continuity of service and communication.

    We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no internet transmission is completely secure, and we cannot guarantee absolute security.

    Children’s Privacy / Age Restrictions

    Our services and websites are intended for use by individuals aged 18 and older. We do not knowingly collect or process personal data from individuals under 18 years of age.
    If we become aware that a minor has provided us with personal information, we will take steps to delete that data as quickly as possible.

    If you are a parent or guardian and believe your child has submitted personal information to us, please contact us at [email protected] and we will take appropriate action.

    Your Rights and Choices

    Depending on your jurisdiction, you may have the following rights:

    • Access: Request access to your personal information
    • Correction: Request correction of inaccurate or incomplete data
    • Deletion: Request deletion of your personal information (this does not include data we are required to keep for administrative, legal, or security purposes)
    • Portability: Request a copy of your data in a structured format
    • Data Export: If you have an account or have left comments, you can request an exported file of all personal data we hold about you
    • Account Management: If you have a user account, you can view, edit, or delete your personal information at any time through your profile settings
    • Opt-out: Unsubscribe from marketing communications
    • Cookies: Manage cookie preferences through your browser settings

    To exercise these rights, please contact us using the information provided below.

    Cookies and Tracking Technologies

    We use cookies and similar technologies to enhance your browsing experience. You can control cookie settings through your browser preferences, though disabling cookies may affect website functionality.

    Types of Cookies We Use:

    • Essential Cookies: Necessary for basic website functionality
    • Analytics Cookies: Help us understand website usage and performance (may include Google Analytics and similar tools)
    • Functional Cookies: Remember your preferences and settings
    • Marketing Cookies: Used for targeted advertising and marketing optimization (may include Facebook Pixel and other advertising platforms)
    • Social Media Cookies: Enable social media features and track social interactions
    • Comment Cookies: Save your name, email, and website when you leave comments (optional, lasts one year)
    • Login Cookies: Maintain your login session and display preferences (last 2 days to 2 weeks depending on “Remember Me” selection)
    • Editing Cookies: Temporary cookies when you edit content (expire after 1 day)

    Third-Party Services

    We use several third-party services to provide our offerings. Each service has its own privacy policy and data handling practices:

    • MemberVault (Course Platform): Processes course enrollment, payment, and learning data. View MemberVault Privacy Policy
    • Flodesk (Email Marketing): Manages email subscriptions and marketing communications. View Flodesk Privacy Policy
    • YouCanBookMe (Booking System): Handles appointment scheduling and booking data. View YouCanBookMe Privacy Policy
    • Typeform (Forms): Processes application and form submissions. View Typeform Privacy Policy
    • Zapier (Automation): Facilitates automated data transfers between our services. When you interact with Typeform, MemberVault, or YouCanBookMe, Zapier may automatically transfer relevant information (such as your name and email) to Flodesk for email management purposes. View Zapier Privacy Policy
    • PayPal (Payment Processing): Processes payments for certain services. View PayPal Privacy Policy
    • Stripe (Payment Processing): Processes payments for certain services. View Stripe Privacy Policy
    • Klarna (Buy Now Pay Later): Provides installment payment options for purchases. View Klarna Privacy Policy
    • Zoom (Video Conferencing): Hosts masterclasses and online sessions. View Zoom Privacy Policy
    • Facebook/Meta (Social Media Platform): Hosts live masterclasses, manages groups, and facilitates social media interactions. View Meta Privacy Policy
    • Google Workspace (Productivity Suite): Includes Gmail for email communication, Google Drive for file storage, Google Docs for course materials, and Google Forms for feedback collection. View Google Privacy Policy
    • Canva (Design Platform): Used for creating marketing materials and social media content that may include client information, photos, testimonials, and social proof. View Canva Privacy Policy
    • MonsterInsights (Google Analytics): Provides website analytics and visitor insights. View MonsterInsights Privacy Policy
    • OptinMonster (Lead Generation): Powers popup forms and email opt-in campaigns. View OptinMonster Privacy Policy
    • Akismet (Spam Protection): Protects against spam comments and form submissions. View Akismet Privacy Policy
    • Jetpack (Security & Performance): Provides security monitoring, performance optimization, and additional website features. View Jetpack Privacy Policy
    • Bluehost (Web Hosting): Provides hosting infrastructure and server services for our websites. All website data is processed through their servers. View Bluehost Privacy Policy

    Website Functionality

    Comments When you leave comments on our websites, we collect the information shown in the comment form, your IP address, and browser user agent string to help with spam detection via Akismet. An anonymized string created from your email address (called a hash) may be provided to the Gravatar service to display your profile picture. After approval, your profile picture is visible to the public with your comment. View Gravatar Privacy Policy

    Contact Forms Information submitted through our website contact forms (powered by WPForms) is collected for customer service and communication purposes.

    Email Opt-ins and Popups We use OptinMonster to display targeted popup forms and email subscription opportunities. Information you provide through these forms is used for email marketing and communication purposes.

    Website Analytics We use Google Analytics (via MonsterInsights) to understand how visitors use our websites. This includes collecting information about your browsing behavior, pages visited, and website interactions.

    Security and Performance Jetpack provides security monitoring, spam protection, and performance optimization for our websites. This may involve collecting technical data about your visits and interactions for security purposes.

    Web Hosting Our websites are hosted by Bluehost, which means all website data, including visitor information, is processed through their servers. Bluehost may collect server logs, IP addresses, and technical information as part of their hosting services.

    Social Media Communications When you communicate with us via direct messages on social media platforms (Facebook, Instagram, YouTube, TikTok), these communications are processed through the respective platform’s messaging systems. Each platform has its own privacy policy governing how they handle private messages and communications.

    Media Uploads If you upload images to our websites, avoid including embedded location data (EXIF GPS) as visitors can download and extract this information from images.

    User Accounts If you register for an account on our websites, we store the personal information you provide in your user profile. You can view, edit, or delete your personal information at any time (except your username). Website administrators can also access and edit this information.

    Embedded Content Our websites may include embedded content (videos, images, articles) from other websites. This embedded content behaves as if you visited the other website directly, and those sites may collect data about you, use cookies, and track your interactions.

    Password Resets If you request a password reset, your IP address will be included in the reset email for security purposes.

    Analytics and Marketing Tools

    We may use various analytics and marketing tools to improve our services and reach our audience effectively. These tools may collect information about your website usage and interactions:

    • Google Analytics: For website traffic analysis and user behavior insights
    • Facebook Pixel: For advertising optimization and audience targeting on Facebook and Instagram
    • Other Tracking Tools: We may implement additional analytics, advertising, and marketing tools as needed to improve our services

    These tools may use cookies and similar technologies to collect information about your browsing behavior. You can control these through your browser settings and opt-out mechanisms provided by the respective platforms.

    User-Generated Content and Testimonials

    When you interact with our services, participate in our social media communities, or provide feedback, you may create content that we use for promotional purposes:

    • Social Media Posts: Comments, posts, and interactions on our Facebook pages, Instagram, YouTube, TikTok, and other social platforms may be used as social proof and testimonials
    • Group Interactions: Contributions to our Facebook groups (both public and private) may be screenshot and used for marketing purposes
    • Private Group Content: Posts, discussions, and interactions within our private Facebook groups may be used for social proof, testimonials, and marketing materials. While we respect the private nature of these groups, exceptional content that showcases client success may be shared more broadly with appropriate context
    • Live Session Photos: Photos taken during live classes and masterclasses may be used for social proof and marketing materials
    • Course Materials: Screenshots and images related to course delivery may be used for promotional purposes
    • Design and Marketing Materials: Client information, photos, testimonials, social media handles, and coursework may be incorporated into marketing materials created using design platforms like Canva
    • Testimonials: Any testimonials you provide through Google Forms, written communication, video, or social media posts may be used to promote our services across various marketing channels
    • Assignment Submissions: Course assignments and related materials submitted via Google Drive or email become part of your educational record and may be used (anonymized) for course improvement
    • Reviews and Feedback: Reviews and feedback about our services may be shared as testimonials

    By participating in our courses, social media communities, or providing testimonials, you grant us permission to use your content for promotional purposes. If you prefer your content not be used this way, please contact us or adjust your social media privacy settings.

    Special Note on Private Groups: While we respect the private nature of our exclusive groups, participating in these communities means your exceptional success stories, insights, and interactions may occasionally be shared as inspiring examples for our broader audience. We will always use discretion and consider the context when sharing private group content publicly.

    Intellectual Property

    While this Privacy Policy primarily addresses data protection, we want to clarify ownership of content within our ecosystem:

    • Our Content: We retain all intellectual property rights to our course materials, educational content, website content, marketing materials, and any original content we create.
    • Your Content: You retain ownership of any original content you create, including testimonials, social media posts, coursework, and photos. However, by using our services and participating in our programs, you grant us a non-exclusive license to use your content for promotional and marketing purposes as described in this policy.
    • Usage Rights: When you provide testimonials, participate in our courses, or engage with our social media, you give us permission to use, modify, and distribute that content for business purposes while you maintain underlying ownership.

    For comprehensive terms regarding intellectual property, usage rights, and content ownership, please refer to our Terms of Service.

    Course Content and Educational Materials

    Course materials, including Google Docs manuals, assignments, and related educational content, are stored securely using Google Workspace. Your course progress, submissions, and interactions are maintained to provide ongoing educational support and track your learning journey.

    We encourage you to review the privacy policies of these third-party services to understand how they handle your information.

    Employees and Contractors

    We may work with freelancers, virtual assistants, contractors, and employees to help deliver our services and manage our business operations. These individuals may have access to your personal information when:

    • Creating websites and web content
    • Developing social media posts and marketing materials
    • Preparing social proof content using client photos, testimonials, and success stories
    • Managing social media accounts and online presence
    • Providing technical support and website maintenance
    • Assisting with course delivery and customer service

    All employees and contractors who handle personal information are required to:

    • Sign confidentiality and data protection agreements
    • Follow our data protection policies and procedures
    • Use personal information only for authorized business purposes
    • Implement appropriate security measures
    • Report any potential data breaches immediately

    We carefully vet all individuals who may access client information and ensure they understand their responsibilities regarding data protection and privacy.

    Third-Party Links

    Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

    Children’s Privacy

    Our websites are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

    International Data Transfers

    If you are located outside of Switzerland, please note that your information may be transferred to and processed in countries with different privacy laws. We ensure appropriate safeguards are in place for such transfers.

    Changes to This Privacy Policy

    We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of significant changes by posting the updated policy on all our websites with a new effective date.

    Data Retention

    We retain your personal information only as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce our agreements.

    Contact Us

    If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

    Email: [email protected]
    Business Address: Available upon request
    Location: Zürich, Zürich, Switzerland

    Compliance

    This Privacy Policy is designed to comply with applicable privacy laws, including but not limited to:

    • Swiss Federal Data Protection Act (FADP)
    • General Data Protection Regulation (GDPR) for EU clients
    • California Consumer Privacy Act (CCPA) for California residents
    • Other applicable local and international privacy regulations

    As a Zürich, Switzerland-based business serving international clients, we are committed to meeting the highest standards of data protection regardless of your location.

    This privacy policy was last updated on July 29, 2025. Please review this policy periodically for any changes.