Privacy Policy

Effective Date: February 25, 2026

Website: timrsnell.com

Business: Tim Snell — Coaching, Breathwork & Resilience Programs

Location: Australia

1. Introduction

This Privacy Policy explains how Tim Snell ("I," "me," "my") collects, uses, and protects your personal information when you use my website, take The Resilience Profile assessment, book services, or engage with my programs.

I am committed to protecting your privacy and handling your personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), the General Data Protection Regulation (GDPR) for users in the EU and EEA, the UK GDPR for users in the United Kingdom, and applicable US state privacy laws including the CCPA. This policy is designed to the GDPR standard, which satisfies all applicable jurisdictions.

This website is hosted on Wix, a US-based platform. By using this website, you acknowledge that your data may be processed and stored in the United States and other jurisdictions where my service providers operate.

2. Information I Collect

Information You Provide Directly

When you use this website or my services, I may collect:

Personal information: Name, email address, phone number.
Account information: Login credentials if you create an account.
Booking information: Details for coaching sessions, breathwork programs, or retreats.
Payment information: Processed securely by Stripe, PayPal, or other payment processors. I do not store your credit card details.
Communications: Content of emails, contact forms, or messages you send me.
Program information: Information you share during coaching sessions, breathwork programs, or retreats (subject to confidentiality — see Section 4).

The Resilience Profile Assessment

When you take The Resilience Profile, I collect:

Assessment data: Your first name, email address, and your responses to 21 self-report questions covering breathing patterns, sleep quality, stress recovery, self-regulation capacity, and lifestyle factors.
Derived data: Domain scores, composite resilience score, and your assigned profile — all calculated from your assessment responses.
Consent records: A timestamp recording when you consented to data processing, and whether you opted in to marketing communications.
During the assessment, your responses are temporarily stored in your browser's local storage (on your device only) so you don't lose progress. This data is cleared after you submit the assessment. It is not encrypted but never leaves your device.
Health-adjacent data: Some of the information collected in The Resilience Profile — such as breathing patterns, sleep quality, and stress responses — may be considered health-related data under GDPR Article 9. I process this data on the basis of your explicit consent, which you provide before starting the assessment.

Information Collected Automatically

Through my website and third-party services, the following may be collected:

Technical information: IP address, browser type, operating system, device information.
Usage information: Pages visited, links clicked, time spent on site, referral source.
Location data: General geographic location based on IP address.
Cookies: See Section 11 for details.

Information from Third-Party Services

I may collect information through Google Analytics (website traffic, IP anonymised), MailerLite (email engagement and list management), Zoom (meeting recordings with consent), booking and scheduling tools (appointment information), and social media platforms (interactions via Facebook, Instagram, LinkedIn).

Search Engine Services

My website is listed with Google Search Console and Bing Webmaster Tools to manage how the site appears in search results. These services may collect anonymised search performance data (queries, impressions, clicks, page positions) and technical crawl data. They do not collect personal information about individual visitors to my site. I do not use Meta Pixel, Facebook tracking, or similar advertising or retargeting integrations.

3. How I Use Your Information

Primary Uses

I use your personal information to deliver services including coaching sessions, breathwork programs, and retreats; to process bookings and payments; to generate and deliver your Resilience Profile report; to email your assessment results and a persistent link to your report; to track changes in your assessment results over time if you retake the assessment; and to communicate with you about sessions, programs, and inquiries.

Secondary Uses (With Consent or Legitimate Interest)

With your consent or where I have a legitimate interest, I may use your information to improve my services by analysing what programs and content resonate; to send you updates about new programs, events, or offerings (marketing opt-in only); to support ICF credentialing with your explicit consent; and to conduct anonymised research for program improvement.

What I Don't Do

I do not sell your data to third parties. I do not share your email with unrelated marketers. I do not disclose coaching content without your consent. I do not send unsolicited promotional content to people who have not opted in.

4. Confidentiality in Coaching and Breathwork

ICF Code of Ethics

As an ICF-certified coach (PCC), I adhere to the International Coach Federation Code of Ethics regarding confidentiality. Information shared in coaching sessions is confidential. I will not disclose your information without your consent. Coaching information is not legally privileged in the same way as attorney-client privilege.

Exceptions to Confidentiality

I may disclose information without your consent only if required by law or court order; if you or someone else is at risk of serious harm; if I become aware of illegal activity that must be reported; or with your explicit consent for ICF credential verification.

Breathwork and Retreat Confidentiality

Information shared in breathwork sessions or retreats is treated with the same confidentiality standards, except where group settings make complete anonymity impossible.

5. How Information Is Shared

Service Providers

Your information may be shared with the following providers, each of which is contractually obligated to protect your data:

Wix — Website hosting. Processes: name, email, account data, website usage data. Location: United States.
Cloudflare — Hosts The Resilience Profile assessment and processes submissions via serverless Workers. Processes: assessment submissions, email, name. Location: Global edge network. DPA in service terms.
Supabase — Database for assessment data. Processes: first name, email, assessment responses, derived scores, profile, consent records. Encrypted at rest (AES-256) and in transit. Row-level security enabled. Location: AWS infrastructure. SOC2 certified. DPA available.
Resend — Transactional email service. Delivers your assessment report summary and persistent report link. Processes: email address, profile name, key findings. Does not receive your full assessment responses or raw scores. DPA in terms.
MailerLite — Marketing email service. Only receives data from people who explicitly opt in to marketing communications. Processes: email, first name, profile tag. Powers welcome sequences, nurture content, and retake prompts. DPA in terms.
Payment processors (Stripe, PayPal) — Process payments securely. I do not store credit card details.
Google Workspace — Email, documents, calendar.
Zoom — Online sessions.
Booking tools (Calendly or similar) — Appointment scheduling.

Partners and Collaborators

If I partner with other practitioners for programs or retreats, your information may be shared only with your explicit consent, only for the purpose of delivering the service you've booked, and under equivalent confidentiality agreements.

Legal Requirements

I may disclose information if required to comply with legal obligations, to protect my rights or safety, or to prevent fraud or security issues.

Business Transfers

If my business is acquired or merged, your information may be transferred. You will be notified of any such change.

Affiliate Programs

I participate in affiliate programs (e.g., Soma Breath). When you click affiliate links, the partner site may collect information per their own privacy policy. I may receive commission data but not your personal information from these partners.

6. International Data Transfers

This business is based in Australia. Your information may be transferred to and processed in the United States (Wix, Cloudflare, Supabase, Stripe, Zoom, Google, MailerLite, Resend), the European Union (where service providers maintain EU infrastructure), and Malta or Sicily (if participating in partner retreat programs).

These transfers are made in compliance with GDPR safeguards where applicable, including standard contractual clauses and data processing agreements with each provider.

7. Data Retention

General Retention

I retain your information for as long as you have an active relationship with me; as long as necessary for service delivery or legal compliance; and for a minimum of 5 years for financial and tax records as required under Australian law.

Assessment Data Retention

Your Resilience Profile assessment data — including responses, scores, profile, and consent records — is retained for 24 months from the date of your most recent assessment. This allows you to retake the assessment and see how your results have changed over time.

After the retention period, your assessment data is deleted from all systems unless you have an ongoing active relationship with me.

When You Request Deletion

Personal information is removed from all active systems including Supabase, MailerLite, and Resend. Some data may be retained for legal compliance (payment records for tax purposes). Anonymised data may be retained for research purposes. Deletion is confirmed to you in writing.

8. Your Rights

For All Users

You have the right to access your personal information; to correct inaccurate information; to request deletion (subject to legal retention requirements); to opt out of marketing communications; to object to certain uses of your data; and to withdraw consent at any time.

Additional Rights Under GDPR (EEA and UK Users)

You also have the right to data portability (receive your data in JSON or CSV format); to restriction of processing (limit how I use your data); and to lodge a complaint with your local data protection authority.

Additional Rights Under Australian Privacy Principles

You have the right to request access to your information; to request correction of inaccurate information; and to complain to the Office of the Australian Information Commissioner (OAIC).

How to Exercise Your Rights

Contact tim@timrsnell.com. I will respond to all data subject requests within 30 days. For assessment data, I can provide a full export of your stored data (responses, scores, profile) or delete your records across all systems upon request.

9. Security

I implement reasonable security measures to protect your information:

Encryption in transit: All connections use TLS/HTTPS. Cloudflare, Supabase, Resend, and MailerLite all enforce encrypted connections by default.
Encryption at rest: Assessment data stored in Supabase is encrypted using AES-256 (AWS-managed).
Access control: Assessment data is protected by row-level security. Your report is accessible only via a unique, unguessable URL (UUID). I access the database via password-protected accounts with two-factor authentication enabled.
Minimal data in email: Report emails contain a summary and a link to your full report — not your complete assessment responses or raw scores.
Local storage during assessment: Your browser's local storage is used temporarily during the assessment and cleared after submission. This data is unencrypted but never leaves your device.
Provider security: Two-factor authentication is enabled on all provider accounts (Cloudflare, Supabase, Resend, MailerLite).

No internet transmission is 100% secure. You are responsible for maintaining the confidentiality of your passwords and any unique report URLs you receive.

10. Children's Privacy

This website and my services are not intended for individuals under 18. I do not knowingly collect information from children. If I become aware of such collection, I will delete it promptly.

11. Cookies and Local Storage

This website uses cookies as set by Wix for website functionality and analytics. The Resilience Profile assessment uses your browser's local storage to save your responses during the assessment — no tracking cookies are used by the assessment itself. Your locally stored assessment data is cleared after submission. See the Wix Cookie Policy for details on website cookies.

12. Links to Other Websites

This website contains links to third-party websites including social media platforms, affiliate partners, and resource recommendations. I am not responsible for the privacy practices of these sites. Review their privacy policies before providing them with your information.

13. Changes to This Policy

I may update this Privacy Policy periodically. Material changes will be communicated via email to registered users and via notice on the website. The effective date at the top of this policy will be updated accordingly. Continued use of my services after changes indicates acceptance of the updated policy.

14. Contact Information

For privacy questions, data requests, or complaints:

Tim Snell Email: tim@timrsnell.com Website: timrsnell.com Location: Australia

For Australian Privacy Complaints: Office of the Australian Information Commissioner (OAIC) Website: www.oaic.gov.au Phone: 1300 363 992 Email: enquiries@oaic.gov.au

For GDPR / EEA Complaints: Contact your local data protection authority.

For ICF Ethics Complaints: International Coach Federation Website: coachingfederation.org/ethics

This policy is not legal advice. It has been prepared to reflect the actual data handling practices of my services. I recommend periodic review by a qualified legal professional, particularly regarding the classification of health-adjacent data under GDPR Article 9.

Section 11