PRIVACY POLICY

Effective Date: 1 March 2026 | Last Updated: 12 March 2026

1. IDENTITY OF THE DATA CONTROLLER

WHISPERING WAVES S.à r.l.-S. (the "Company") is the sole owner and operator of the TAOY Dynamics proprietary service framework. The Company acts as the "Data Controller" for all personal information provided.

  • Legal Entity: Whispering Waves S.à r.l.-S. (Société à responsabilité limitée simplifiée)

  • Registered Office: Vianden, Luxembourg

  • RCS Luxembourg: B296208

  • Contact Email: office@taoydynamics.com

  • Regulatory Framework: General Data Protection Regulation (EU) 2016/679 (GDPR) and the Luxembourg Law of 1 August 2018.

2. DATA CATEGORIES & COLLECTION

To facilitate vetting, ensure systemic safety, and execute the Structural Container, we process the following datasets:

A. Standard Identity Data

  • Full Legal Name and Contact Information (Email, Phone, Location).

  • Date of Birth (To verify 21+ age compliance and legal capacity).

B. Special Category Data (Sensitive Data) Pursuant to Article 9 of the GDPR, we collect the following with your explicit consent:

  • Health Data: Comprehensive disclosures regarding physical (cardiovascular, respiratory) and psychiatric status required for mandatory safety vetting.

  • Typology & Profile Assessment: Data regarding behavioral patterns and "Yielder" typology used to calibrate Directive Authority.

C. Voluntarily Provided & Continuous State Data

  • Somatic Tracking: Granular professional notes documenting physical and emotional states during sessions.

  • Correspondence & Reporting: All data disclosed in "Deep Dive" fields, email correspondence, and feedback loops derived from "Reporting Requirements."

3. PURPOSE & LAWFUL BASIS FOR PROCESSING

The Company does not sell or trade data. Processing is conducted solely for:

  • Explicit Consent (Art. 9.2.a): Required for processing health and behavioral profiles.

  • Contractual Necessity (Art. 6.1.b): To execute the Tiered Protocols and manage the Asymmetric Authority.

  • Vital Interests (Art. 9.2.c): To monitor and ensure the physical/psychological safety of the Client.

  • Legal Claims (Art. 9.2.f): Retention of notes essential for the defense of professional liability claims.

4. DATA STORAGE & INFRASTRUCTURE SECURITY

The Company utilizes a "Zero-Access" encryption architecture to ensure absolute confidentiality.

  • 4.1. Encryption: All digital communication is secured via End-to-End Encryption (E2EE).

  • 4.2. Zero-Access Processing: Active data is processed via Proton AG (Switzerland), recognized for providing adequate levels of data protection.

  • 4.3. Offline "Cold Storage" Migration: To strictly limit digital exposure, sensitive somatic and behavioral data is migrated from cloud systems to encrypted external hardware on a bi-weekly basis. Once migrated, data is permanently deleted from the cloud server.

  • 4.4. Physical Security: External hardware is stored in a secure, non-public location within the registered office. Access is strictly restricted to the Consultant; no third-party contractors have access.

  • 4.5. Data Redundancy: Redundant, encrypted offline backups are maintained to ensure data integrity and availability in the event of hardware failure.

5. DATA RETENTION POLICY

  • Rejected Applications: Data is deleted from active systems within 30 days, retaining only minimal metadata to prevent re-application abuse.

  • Active/Former Clients: Pursuant to Article 16 of the Luxembourg Commercial Code, all records—including the Private Participant Agreement (PPA), session notes, and communication logs—are retained for 10 years following the termination of service for liability defense.

6. YOUR DATA SUBJECT RIGHTS (GDPR)

Under the GDPR, you possess the rights of access, rectification, and erasure. However, the Company reserves the right to deny erasure requests if the data is required for Statutory Retention (10 years) or the defense of legal claims. Withdrawal of consent results in the immediate termination of services.

7. COOKIES & ANALYTICS

Our website uses essential cookies for secure navigation and form submission. We use Squarespace Analytics with IP anonymization where possible to monitor site traffic. You may manage preferences via the site banner.

8. REGULATORY COMPLAINTS

If you believe your data rights have been violated, you have the right to lodge a complaint with the Luxembourg Supervisory Authority:

Commission Nationale pour la Protection des Données (CNPD) 15, Boulevard du Jazz, L-4370 Belvaux www.cnpd.public.lu