Privacy Policy

GLOBAL PRIVACY NOTICE + U.S. STATE ADDENDUM

The Standing Mountain, LLC

Effective Date: October 5, 2025

1   Introduction: Who We Are

The Standing Mountain, LLC (“Company,” “we,” “us,” “our”) operates the website thestandingmountain.com and the Connecting Coaches To Communities program. (the “Program”).

We respect your privacy and are committed to protecting personal data in accordance with:

• the EU General Data Protection Regulation (EU 2016/679) (“GDPR”);

• the UK GDPR and Data Protection Act 2018; and

• U.S. state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and substantially similar laws in Colorado, Virginia, Connecticut, and Utah.

This Notice describes how we collect, use, disclose, and secure personal information and explains your rights and choices.

2    Scope

This Notice applies to:

• visitors to our website or social-media pages,

• Clients and Coaches who participate in the Program, and

• anyone who communicates with us by email, phone, text, or other channels.

It does not apply to aggregated or anonymized data.

3   Data We Collect

a. Category: Identification and Contact Data: such as but not limited to name, email, telephone number, and postal address: information received directly from you, the client

b. Category: Program Data (voluntary):such as but not limited to wellness goals, habits, routines, dietary choices, values, session notes: information received from the client during the coaching session or onboarding paperwork

c. Category: Transactional Data: such as but not limited to scheduling information, purchase records, billing details (we do not store full card numbers): information received from you and your payment processor

d. Category: Technical and Usage Data: such as but not limited to IP address, device ID, browser type, pages visited, cookies and similar identifiers: information received from automatically through cookies and analytics

e. Category: Recording/Transcript Data: such as but not limited to audio/video recordings or Ai-generated transcripts only with your opt-in consent; information received from when you, the client, consents

f. Category: Marketing Preferences: such as but not limited to newsletter subscriptions, communication choices; information received from you, the client

We do not intentionally collect special-category data (e.g., race, religion, health data) unless you volunteer it during coaching or the coaching onboarding process; such data is processed only for Program purposes.

4 How We Use Personal Data (“Processing Purposes”)

Purpose and Legal Basis (GDPR Art. 6)

a. Deliver and administer the Program - Contract (6 (1)(b))

b. Maintain and improve our website and services - Legitimate interests (6 (1)(f))

c. Communicate with you about sessions, support, or billing - Contract / Legitimate interests

d. Manage recordings or AI transcripts (if you opt in)** - Consent (6 (1)(a))

e. Send marketing communications (if you opt in)** - Consent (6 (1)(a))

f. Comply with legal obligations (e.g., tax, court orders) - Legal obligation (6 (1)(c))

g. Prevent fraud and ensure security - Legitimate interests


Withdrawal of Consent: You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

5 Disclosures and Recipients

We may disclose data to:

  • Service providers / processors (hosting, IT, payment, video, email, analytics) bound by contractual confidentiality and processing limitations;

  • Coaches (to deliver the Program to Clients);

  • Legal or governmental authorities where required by law or court order; and

  • Successor entities in connection with mergers or reorganizations.

We do not sell personal information and do not permit service providers to use it for their own marketing.

6 International Transfers

Where data is transferred outside your country of residence:

• For EU/UK residents, we rely on European Commission Standard Contractual Clauses (SCCs) where applicable, the UK IDTA/Addendum.

• Transfers to U.S. service providers certified under the EU-U.S. Data Privacy Framework are deemed adequate.

• Otherwise, we obtain your explicit consent for the transfer.

7 Retention of Data

Program recordings / transcripts: deleted within 30 days unless longer retention is legally required.

• Administrative records (e.g., signed agreements): kept as long as necessary for legal and accounting purposes.

• Anonymized data: may be kept indefinitely for research and statistics.

8 Security

We use administrative, technical, and physical safeguards—including encryption in transit, restricted access, and secure cloud storage— to protect data. No system is perfectly secure; you assume normal internet-use risk.

9 Your Rights

Under GDPR/UK GDPR

  • Access your data (Art. 15)

  • Rectify inaccuracies (Art. 16) 

  • Erase data (Art. 17)

  • Restrict processing (Art. 18)

  • Data portability (Art. 20) 

  • Object to processing (Art. 21)

  • Withdraw consent at any time

  • Lodge a complaint with your data-protection authority

Under U.S. State Laws (including CPRA)

  • Right to know/access the categories and specific data collected;

  • Right to delete;

  • Right to correct;

  • Right to opt out of sale or “sharing” for cross-context advertising;

  • Right to limit use of Sensitive Personal Information;

  • Right not to be discriminated against for exercising your rights.

Requests may be submitted to support@thestandingmountain.com.

We verify each request and respond within 30 days (GDPR) or 45 days (CPRA/US).

10 Notice at Collection (California CPRA) 

Category - Purpose - Shared for Cross-Context Ads - Retention

a. Identifiers - Registration, communication - No - Program duration + legal retention

b. Internet Activity - Analytics, security - Possible (analytics only) - > 2 years

c. Audio/Visual - Recordings (only with consent) - No - 30 days

d. Geolocation (IP-based) - Analytics - Possible - < 2 years

e. Professional Information - Verification of Coach Training - No - Program duration + legal retention


We do not sell personal information. If we engage in “sharing” for advertising, a “Do Not Sell or Share My Personal Information” link will be available, and we will honor Global Privacy Control (GPC) signals.

11 Cookies and Tracking Technologies

We use cookies and similar technologies for:

(a) site operation and security (strictly necessary);

(b) remembering preferences (functional);

(c) analytics (Google Analytics 4); and

(d) advertising (if enabled).

You can manage cookies in your browser or via the banner displayed on first visit.

12 Children

The Site and Program are intended for adults (18+). Minors may participate in the Program only with verified parental consent, and minors are not recorded.

13 Changes to This Notice

We may update this Notice periodically. The “Effective Date” at the top will reflect the latest version. Material changes will be announced on the Site.

14 Contact Information

Data Protection Contact: 

The Standing Mountain, LLC

PO Box 1404, Thompson Falls, MT 59873

Email: support@thestandingmountain.com

For EU/UK residents: contact us at the address above with “GDPR Request” in the subject line to reach our EU/UK representative.

U.S. STATE PRIVACY ADDENDUM

This Addendum supplements the Global Privacy Notice for residents of California, Colorado, Connecticut, Utah, and Virginia.

A. Your Rights and How to Exercise Them

You may submit a verifiable consumer request to access, delete, or correct personal information by emailing support@thestandingmountain.com  or by postal mail to our address above

We will confirm receipt within 10 business days and respond within 45 days. If additional time is required (up to 45 days more), we will notify you.

Authorized agents may submit requests with written authorization.

B. Appeals Process (Colorado, Virginia, Connecticut)

If we deny your request, you may appeal by replying “Appeal” to our decision email. We will respond within 45 days and inform you how to contact your state regulator if unsatisfied.

C. Sensitive Information

We do not use or disclose Sensitive Personal Information except as allowed under CPRA §7027(m) (for security, fraud prevention, and providing requested services).

D. Financial Incentives

We do not offer programs that involve financial incentives or differential pricing based on personal data.

E. Non-Discrimination

We will not discriminate against you for exercising privacy rights.

F. Do Not Track and Global Privacy Control

We do not respond to browser “Do Not Track” signals but honor the GPC opt-out mechanism recognized under CPRA regulations.

15 Effective Date and Revision History 

Version Effective Date: 1.0 October 1, 2025

Summary of Changes: Initial global GDPR / CPRA alignment