Data Rights & Protection

Scope of Data Collection and Processing

At Prophetic Health, accessible via lifeofprophet.com, we are fully committed to maintaining the highest standards of data privacy and protection in accordance with applicable laws and regulations in the United States of America, including GDPR principles. Our data collection practices encompass personal data that users voluntarily provide through interaction with our website and services, including but not limited to names, email addresses, health-related information, and usage behavior analytics. The data may be collected during newsletter sign-ups, contact form submissions, and navigation of our informational resources. We leverage advanced security protocols to ensure that your data is collected, stored, and processed securely at all stages, and access is strictly limited to authorized personnel for legitimate operational purposes only. We may collect additional non-personal data, such as browser type, access times, and referring website addresses, to optimize website functionality and provide personalized experiences. All personal and non-personal data collected are handled in compliance with legal mandates.

Lawful Basis for Data Processing

Our processing of personal data adheres to lawful bases outlined in GDPR and U.S. regulations. These bases include users’ explicit consent when subscribing to services or providing information, necessity for the performance of a contract, or our legitimate interest to deliver and improve Prophetic Health’s offerings. Explicit consent is sought for any activity not strictly necessary for site functionality, such as marketing or analytical purposes. We clearly communicate the purposes of data processing, and users retain the right to withdraw consent at any time without detriment. Data required to fulfill contractual obligations or requested services is processed strictly for those purposes and within strictly defined parameters. Data is never processed in a way that undermines users' privacy or rights, and regular audits are conducted to ensure compliance with all applicable data protection regulations.

Rights of Data Subjects

Under the General Data Protection Regulation and relevant U.S. data privacy laws, individuals interacting with Prophetic Health are afforded a suite of rights regarding their personal data. These rights include the right to access their personal data, rectify inaccuracies, erase data where appropriate, restrict or object to processing, and receive their data in a portable format. Users may also object to automated decision-making or profiling and are guaranteed transparent explanations of such processes when they occur. Information on exercising these rights is readily available, and requests are acknowledged and acted upon promptly, typically within one (1) calendar month. Prophetic Health recognizes its responsibility to respond diligently and provide complete and accurate information when responding to subject access requests or other rights exercised.

Data Security and Retention

Maintaining the confidentiality, integrity, and availability of personal data is paramount at Prophetic Health. We utilize robust encryption, regular vulnerability assessments, and strict authentication protocols to protect all stored and transmitted data. Access to personal data is tightly controlled and monitored to prevent unauthorized disclosures or breaches. Our retention policy ensures that personal data is maintained only for as long as strictly necessary to fulfill the specified purpose or as required by law. Upon cessation of the legitimate need or expiration of retention periods, data is securely deleted or anonymized in accordance with industry best practices. In case of any security incident that may compromise personal data, affected users will be informed without undue delay and in accordance with regulatory requirements.

International Data Transfers

Prophetic Health may transfer personal data to third-party service providers or affiliated organizations operating outside of the United States, including to the United Kingdom, where Graham Everly, the website owner, is based. In such cases, all data transfers will comply with applicable statutory safeguards, and measures such as contract clauses or adequacy decisions will be implemented to ensure a level of data protection equivalent to that provided under U.S. and GDPR standards. The website ensures that third-party vendors handling personal data provide similar protective measures and enter into data processing agreements that respect privacy and protect data subject rights throughout the transfer process.

Third-Party Data Sharing and Processors

Prophetic Health does not sell users’ personal information to third parties. We may, however, share personal data with trusted vendors or service providers who assist with website functionality, communication, analytics, or maintenance, under strict contractual obligations to maintain confidentiality and use data solely for designated purposes. These third-party processors are thoroughly vetted, and their compliance with data protection standards is regularly reviewed. Data is not shared with or disclosed to unauthorized entities, ensuring full transparency and accountability throughout all data processing relationships. Any changes or additions to our data processors will be communicated promptly within our privacy management framework.

Children’s Privacy

Prophetic Health does not intentionally collect or process personal data from individuals under the age of 13, consistent with the Children’s Online Privacy Protection Act (COPPA) and GDPR stipulations regarding minors. Should we become aware that data from anyone under this age threshold has been inadvertently collected, we will take immediate steps to erase such data and prevent future collection. Guardians or parents are encouraged to contact us at [email protected] if they suspect their child has provided personal data without consent so that swift remedial action can be taken.

Contact and Complaints

For any inquiries regarding your data, the exercising of your rights, or concerns about how your data is managed by Prophetic Health, please contact the website owner, Graham Everly, at [email protected]. Physical correspondence can be directed to 21 St Andrew Square, Edinburgh EH2 1AF, United Kingdom. We are committed to addressing questions, resolving complaints, and providing additional details regarding the collection, use, retention, or disclosure of personal information. In cases where concerns remain unresolved, users have the right to lodge a complaint with the applicable data protection authority.

Policy Updates

This Data Rights & Protection policy is reviewed regularly to ensure ongoing compliance with evolving legal frameworks in the United States and internationally. Updates or changes to the policy will be posted prominently on the site, and significant changes will be communicated directly to registered users. Continued use of the website following any revisions constitutes acknowledgment and acceptance of the updated practices. Users are encouraged to review this policy periodically for the latest information regarding our commitments to data security and privacy.