Privacy Policy

Last updated: September 27, 2025

This Privacy Notice for Ahash One OÜ (“Company”, “we”, “us”, or “our”) explains how we collect, use, disclose, and protect personal data when you use our websites, apps, coaching and counseling services, guided meditations, retreats, and related offerings (the “Services”).

If you do not agree with this notice, do not use the Services.

Contact details

Website: https://xerxes.re
Email: [email protected]
Phone: +43 699 13570707
Address: Sepapaja tn 6, 15551 Tallinn, Harju maakond, Estonia

1. INFORMATION WE COLLECT

a) Information you provide

Name, email, phone number, address, billing details.
Account login details and contact preferences.
Coaching/counseling interactions (e.g., scheduling, goals you share voluntarily).
Retreat registrations (e.g., dietary needs, emergency contacts you choose to provide).
Payment confirmations (card details handled by Stripe or PayPal).
Support inquiries and survey responses.

Sensitive data: We do not require health or religious data. If you choose to share such information, we process it only with your explicit consent.

b) Information collected automatically

Technical: IP address, device IDs, browser, OS, location (approximate via IP), referring URLs, pages viewed, app events, crash logs, timestamps.
Usage data: how you interact with websites, apps, and features.

c) Information from service providers

Payments: Stripe, PayPal.
Apps: Apple App Store, Google Play.
Video calls: Zoom (if used for sessions).
Analytics & advertising: Google Analytics 4 (GA4), Hotjar, Meta/Facebook Pixel.

2. HOW WE PROCESS YOUR INFORMATION

We process data to:

Provide and operate Services (sessions, subscriptions, apps, retreats).
Process payments and issue invoices.
Communicate about sessions, changes, security, and policies.
Provide support and respond to requests.
Improve Services through analytics and diagnostics.
Market our Services with your consent.
Ensure legal compliance and security.

Analytics & advertising tools:

Google Analytics 4 (GA4): tracks traffic, usage, and conversions. Google may combine this with other data they hold about you.
Hotjar: records anonymized heatmaps, clicks, scrolls, and surveys to improve usability.
Meta/Facebook Pixel: tracks conversions and helps deliver relevant ads on Meta platforms.

Data collected through these tools may be transferred outside the EU.

3. LEGAL BASES FOR PROCESSING

We rely on:

Contract: to deliver Services you request.
Legitimate interests: to improve Services, prevent fraud, market to existing clients (where proportionate).
Consent: for optional cookies, analytics, advertising, and sensitive data you provide.
Legal obligation: to comply with tax, accounting, and regulatory requirements.
Vital interests: in case of emergencies during retreats.

4. SHARING YOUR INFORMATION

We may share data with:

Processors: Stripe, PayPal, Apple, Google, Zoom, Hotjar, Google Analytics, Meta Platforms (Facebook/Instagram).
Legal authorities: when required by law.
Business transfers: in mergers, acquisitions, or restructuring.
Public areas: testimonials or reviews you publish voluntarily.

We do not sell personal data.

5. COOKIES AND TRACKING

We use cookies, pixels, and SDKs for authentication, analytics, and advertising. Categories:

Strictly necessary (login, payments).
Analytics (GA4, Hotjar).
Advertising (Meta/Facebook Pixel).

You can manage preferences in your browser or via our Cookie Notice.

Opt-out tools:

Google Analytics: https://tools.google.com/dlpage/gaoptout
Hotjar: https://www.hotjar.com/legal/compliance/opt-out
Facebook/Meta: https://www.facebook.com/settings/?tab=ads

6. SOCIAL LOGINS

If you log in via a social account (e.g., Facebook), we receive limited profile info. Use is restricted to account and authentication purposes.

7. DATA RETENTION

We keep personal data as long as needed:

Accounts: until closure + reasonable period for legal compliance.
Payments: per tax/accounting law (typically 7–10 years).
Retreat data: until event ends + 24 months.
Support and communications: up to 24 months.

After expiry, data is deleted or anonymized.

8. DATA SECURITY

We apply encryption, access controls, monitoring, and secure vendors. However, no system is 100% secure. Transmission of data is at your own risk.

9. YOUR RIGHTS

EEA/UK: access, rectification, erasure, restriction, portability, objection, withdrawal of consent, complaint to local authority.

Canada: access, correction, withdrawal of consent subject to law.

U.S.: see Section 11 below.

Other regions: rights under local laws.

Requests: [email protected] or https://xerxes.re/contact.

10. DO-NOT-TRACK

We do not respond to DNT signals as no standard exists.

11. U.S. PRIVACY RIGHTS (CCPA/CPRA)

California residents have the right to:

Request access, deletion, correction.
Know categories of data collected.
Opt out of sale/sharing (we do not sell data).
Non-discrimination for exercising rights.

Submit requests: [email protected] or https://xerxes.re/contact.

12. INTERNATIONAL TRANSFERS

Data may be processed in Estonia, the EU, the U.S., and other locations. For transfers outside the EEA/UK, we use safeguards such as Standard Contractual Clauses.

13. UAE, SINGAPORE, HONG KONG NOTICES

We provide Services globally from Estonia.

We make no guarantee that our Services are compliant with specific regulations in your country. You are responsible for obtaining any local approvals, permits, or clearances if required.

Use must comply with local law, culture, and religion.

14. UPDATES

We update this notice from time to time. Changes will be published here with a new “Last updated” date.

15. CONTACT US

Ahash One OÜ

Sepapaja tn 6

15551 Tallinn, Harju maakond, Estonia

Phone: +43 699 13570707

Email: [email protected]

Website: https://xerxes.re

16. REVIEW, UPDATE, DELETE

You can request access, updates, or deletion of your data at https://xerxes.re/contact or by emailing [email protected].

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.