Legal

Privacy Policy

Last updated: May 2026

Who we are

Past Life and Beyond is an international wellness practice operated by Lana Spitz, based in Puerto Escondido, Oaxaca, Mexico. We provide complementary wellness services including past life regression, life between lives hypnosis, quantum consciousness work, yoga, massage, breathwork, and related modalities — both in person and online.

For the purposes of data protection legislation, including the EU General Data Protection Regulation (GDPR) and the UK GDPR, Lana Spitz is the data controller. Our contact email for all data-related enquiries is hello@pastlifeandbeyond.com.

What information we collect

Contact form

When you reach out through our website contact form, we collect your name, email address, and any details you choose to share about the session or service you are interested in. This information is used solely to respond to your enquiry and, if appropriate, to arrange a session.

Booking and scheduling

We use Cal.com for session booking and scheduling. When you book a session, Cal.com collects the information you provide during the booking process, including your name, email address, and session preferences. Cal.com processes this data in accordance with its own privacy policy. We receive your booking details to confirm and prepare for your session.

Payment

Payments are processed securely through Stripe. We do not store your credit card or bank details on our servers. Stripe handles all payment data in accordance with PCI-DSS standards and its own privacy policy. We receive only a confirmation of payment and basic transaction details (amount, date, and a transaction reference).

Session recordings

With your explicit consent, sessions may be audio- or video-recorded. These recordings are created for your personal benefit — to support your integration and reflection after the session. Recordings are stored securely and are shared only with you. We do not use session recordings for marketing, training, or any purpose other than your direct benefit. Recordings are deleted promptly upon your request.

Session notes

We may keep brief session notes to support continuity of care across multiple sessions. These notes are stored securely and are treated with the same confidentiality as the sessions themselves.

How we use your information

We use your personal data for the following purposes:

  • To respond to your enquiries and arrange sessions
  • To provide the wellness services you have requested
  • To process payments for sessions
  • To maintain session records for continuity of care
  • To send you session-related communications (confirmations, preparation guidance, follow-up resources)
  • To comply with applicable legal obligations

We do not use your data for marketing unless you have given explicit consent. We do not sell, rent, or share your personal information with third parties for their own marketing purposes.

Legal basis for processing

Under the GDPR, we process your personal data on the following legal bases:

  • Consent — when you submit a contact form, book a session, or agree to a session recording
  • Contractual necessity — to provide the services you have booked and paid for
  • Legitimate interest — to maintain session notes for continuity of care and to improve our services
  • Legal obligation — to retain records as required by applicable professional standards and tax regulations

Cookies and analytics

Our website uses cookies for analytics purposes only. We do not use advertising cookies, tracking pixels, or retargeting technologies. Analytics cookies help us understand how visitors use the site — which pages are visited, how long people spend, and where they arrive from — so we can improve the experience.

You can disable cookies in your browser settings at any time. The site will continue to function normally without them.

Data retention

We retain client records — including contact details, session notes, and booking history — for a period of seven years from your most recent session, in line with professional standards for wellness practitioners. After this period, your records are securely deleted.

Session recordings are retained only as long as you wish to have access to them. You may request deletion of your recordings at any time.

Contact form enquiries that do not lead to a booking are deleted within twelve months.

Data sharing and transfers

We share your data only with the following third-party services, each of which is necessary for delivering our services:

  • Cal.com — for booking and scheduling
  • Stripe — for payment processing

As our practice is based in Mexico and serves clients internationally, your data may be transferred across borders. Where data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place, including reliance on adequacy decisions or standard contractual clauses as applicable.

Your rights

Under the GDPR and applicable data protection laws, you have the following rights regarding your personal data:

  • Right of access — You may request a copy of the personal data we hold about you.
  • Right to rectification — You may request that we correct any inaccurate or incomplete data.
  • Right to erasure — You may request that we delete your personal data, subject to our legal retention obligations.
  • Right to restriction — You may request that we limit how we use your data in certain circumstances.
  • Right to data portability — You may request your data in a structured, commonly used, machine-readable format.
  • Right to object — You may object to processing based on legitimate interest.
  • Right to withdraw consent — Where processing is based on consent, you may withdraw that consent at any time.

To exercise any of these rights, please contact us at hello@pastlifeandbeyond.com. We will respond within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Data security

We take reasonable and appropriate measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes the use of encrypted storage, secure communication channels, and access controls that limit data access to those who need it to provide your care.

No method of electronic transmission or storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

Children's privacy

Our services are intended for adults. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have collected data from a minor, we will delete it promptly.

Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable law. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Contact

If you have any questions about this privacy policy, or if you would like to exercise your data protection rights, please contact us:

Past Life and Beyond
Lana Spitz
Puerto Escondido, Oaxaca, Mexico
hello@pastlifeandbeyond.com