Privacy Policy

YinPlusYang Digital Library Last updated: April 2026

1. Introduction

YinPlusYang ("we," "us," or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights in relation to it.

This policy applies to all personal data collected through our website, our digital library platform (delivered via Squarespace and MemberSpace), and our email marketing communications (delivered via Klaviyo).

We operate under the trading name YinPlusYang. As we serve members across the European Union and the United Kingdom, this policy is written to comply with the EU General Data Protection Regulation (GDPR) and the UK GDPR.

2. Data Controller

YinPlusYang is the data controller responsible for your personal data. If you have any questions about this policy or how we handle your data, please contact us at:

YinPlusYang Email: team@yinplusyang.co Website: https://yinplusyang.co

3. What Data We Collect

We collect the following categories of personal data:

Account and identity data: your name, email address, and account login credentials, collected when you register for an account or purchase a subscription.

Billing and payment data: your billing name, billing address, and payment card details. Payment card data is processed directly and securely by Stripe and is not stored by us.

Subscription and transaction data: details of the subscription plan you have purchased, billing history, and free trial usage.

Usage data: information about how you interact with the Platform, including which videos you have watched, frequency of access, and session duration.

Communications data: records of any correspondence between you and us, including support enquiries.

Marketing preferences: your preferences regarding receiving marketing communications from us, and records of your consent where applicable.

4. How We Collect Your Data

We collect your data in the following ways:

  • Directly from you when you create an account, purchase a subscription, start a free trial, contact us, or sign up to our mailing list;

  • Automatically through your use of the Platform, via cookies and similar tracking technologies (see Section 9 on Cookies);

  • From third-party tools we use to operate the Platform, including Squarespace, MemberSpace, Stripe, and Klaviyo.

5. Legal Basis for Processing

Under the GDPR and UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

Performance of a contract: to set up and manage your account, process your subscription payments, and provide you with access to the Services.

Legitimate interests: to analyse usage of the Platform in order to improve our Services, and to protect the security and integrity of the Platform.

Consent: to send you marketing emails and newsletters. You may withdraw your consent at any time (see Section 8).

Legal obligation: where we are required to retain certain data to comply with applicable law (for example, financial records for tax purposes).

6. How We Use Your Data

We use your personal data to:

  • Create and manage your account and subscription;

  • Process payments and manage billing through Stripe;

  • Provide you with access to the digital library via Squarespace and MemberSpace;

  • Send you transactional emails such as subscription confirmations, renewal reminders, and account notifications;

  • Send you marketing communications, newsletters, and promotional offers via Klaviyo, where you have given your consent;

  • Analyse usage patterns to improve the Platform and its content;

  • Respond to your enquiries and provide customer support;

  • Comply with our legal and regulatory obligations.

7. Sharing Your Data

We do not sell your personal data. We share your data only with trusted third-party service providers who help us operate the Platform, under strict data processing agreements. These providers include:

  • Squarespace — website hosting and platform delivery (USA, with EU/UK data transfer safeguards)

  • MemberSpace — membership access management (USA, with EU/UK data transfer safeguards)

  • Stripe — payment processing (USA, with EU/UK data transfer safeguards)

  • Klaviyo — email marketing and communications (USA, with EU/UK data transfer safeguards)

All of our third-party providers are required to process your data only for the purposes we specify and in accordance with applicable data protection law.

We may also disclose your data where required to do so by law, or to protect the rights, property, or safety of YinPlusYang or others.

8. International Data Transfers

Some of our third-party service providers are based outside the European Economic Area (EEA) and the United Kingdom, including in the United States. Where we transfer your data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission and the UK equivalent, or reliance on adequacy decisions where applicable.

9. Your Rights

Under the GDPR and UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: to request a copy of the personal data we hold about you;

  • Right to rectification: to ask us to correct inaccurate or incomplete data;

  • Right to erasure: to ask us to delete your personal data in certain circumstances;

  • Right to restriction: to ask us to restrict the processing of your data in certain circumstances;

  • Right to data portability: to receive your data in a structured, machine-readable format;

  • Right to object: to object to processing based on our legitimate interests;

  • Right to withdraw consent: where we rely on your consent (e.g. for marketing emails), you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at team@yinplusyang.co. We will respond within one month of receiving your request.

You also have the right to lodge a complaint with your local data protection authority. In the EU this is your national supervisory authority; in the UK this is the Information Commissioner's Office (ICO) at ico.org.uk.

10. Marketing Communications

Where you have given your consent, we will send you marketing emails including newsletters, practice updates, and promotional offers via Klaviyo. You can opt out of marketing communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email; or

  • Contacting us at team@yinplusyang.co

Opting out of marketing communications will not affect transactional emails related to your account and subscription.

11. Cookies

Our website uses cookies and similar tracking technologies to improve your experience and analyse how the Platform is used. Cookies are small text files stored on your device.

We use the following types of cookies:

  • Strictly necessary cookies: required for the Platform to function, such as maintaining your login session;

  • Analytics cookies: to understand how visitors interact with the Platform, so we can improve it;

  • Marketing cookies: used by third-party tools to track engagement with our communications.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of the Platform. Where required by law, we will ask for your consent before placing non-essential cookies.

12. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes set out in this policy, including to maintain your account, comply with legal obligations, and resolve disputes. Specifically:

  • Account and subscription data is retained for the duration of your subscription and for up to 7 years after termination for legal and tax compliance purposes;

  • Marketing data is retained until you withdraw your consent or opt out;

  • Usage data is retained in aggregated or anonymised form for analytical purposes.

13. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Payment data is handled exclusively by Stripe, which is PCI-DSS compliant. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

14. Children's Privacy

Our Services are not directed at children under the age of 18 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will take steps to delete it promptly.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, where changes are material, notify you by email. We encourage you to review this policy periodically.

16. Contact Us

For any questions, requests, or concerns relating to this Privacy Policy or your personal data, please contact us at:

YinPlusYang Email: team@yinplusyang.co Website: https://yinplusyang.co