Mandala of Light Privacy Policy

WEBSITE PRIVACY NOTICE

Last Updated: January 2026

Organization: Vajranandacharya, operating as Mandala of Light (the “sangha”)

Contact: [email protected]

1. Introduction

Vajranandacharya, operating as Mandala of Light (“we,” “us,” or “the sangha”), is a spiritual community dedicated to fostering personal growth and spiritual development through online and in-person learning experiences. We are committed to protecting the privacy and security of your personal information.This Privacy Notice explains how we collect, use, share, and store personal data when individuals access our websites, online platforms, or digital services.

This Notice applies to all visitors, including those in the European Union (EU), and is consistent with the General Data Protection Regulation (GDPR).

2. Data Controller

Controller: Vajranandacharya, operating as Mandala of Light

Email: [email protected]

3. Categories of Data We Collect

We may collect the following data:

A. Data You Provide Voluntarily

Account and Profile Information: When you create an account or complete your profile, we collect details such as your full name, email address, phone number, date of birth, physical address, username, password, profile picture, biographical information, and areas of spiritual interest.

Membership Information: As a member, we may collect additional information related to your participation, including attendance records, event registrations, and feedback.

Financial Information: When you make a purchase or donation, we collect payment information, including credit card details, billing address, and transaction history. We utilize secure third-party payment processors and do not store sensitive payment information on our servers.

Communications and Support: We collect information from your communications with us, including emails, chat logs, support tickets, and feedback forms.

Event and Program Participation: When you participate in our events, workshops, or programs, we may collect information related to your participation, such as attendance, feedback, and any logistical or accessibility needs voluntarily disclosed.

Information Regarding other Individuals: If you provide information regarding another individual, you are responsible for gaining their consent, and informing them of this privacy policy.

B. Data Collected Automatically

Website Usage Data: We collect information about your interactions with our websites, including IP address, browser type, operating system, referring URLs, pages visited, time spent on pages, and clickstream data.

Device Information: We collect information about the devices you use to access our Services, including device type, operating system version, unique device identifiers, and mobile network information.

Location Data: With your consent, we may collect location data from your device to provide location-based services or personalize your experience.

Log Files: We maintain log files that record events related to your use of our Services, including access times, IP addresses, and error logs.

This data is typically collected through:

- cookies

- server logs

- analytics tools

C. Cookies and Tracking Data

Cookies: We use cookies to enhance your browsing experience, personalize content, and analyze website traffic. You can manage your cookie preferences through your browser settings.

Web Beacons and Pixel Tags: We use web beacons and pixel tags to track user activity, measure the effectiveness of our marketing campaigns, and personalize advertising.

Third-Party Analytics: We use third-party analytics services, such as Google Analytics and Meta Pixel, to collect and analyze data about website usage and user behavior. These services may use cookies and similar technologies to track your online activity.

Advertising Technologies: We may use advertising technologies to deliver targeted ads to you on our websites and other platforms.

For EU visitors, non-essential cookies are activated only after consent. See “Cookie Policy” below.

D. Special Category Data

Participation in sangha activities may imply religious affiliation, which is considered special category data under GDPR. We process such data only for legitimate religious purposes.

4. Purposes for Processing

We process data for the following purposes:

- to provide religious and educational content

- to manage sangha activities and communications

- to process donations

- to administer events and retreats

- to send newsletters or updates (with consent)

- to ensure website performance and security

- to comply with legal, tax, and regulatory obligations

5. Legal Bases for Processing

We rely on several GDPR legal bases:

- Consent (Art. 6(1)(a)) — newsletters, media, cookies

- Contractual Necessity (Art. 6(1)(b)) — event registrations

- Legal Obligation (Art. 6(1)(c)) — donation recordkeeping

- Legitimate Interest (Art. 6(1)(f)) — website security & analytics

- Art. 9(2)(d) — processing of religious affiliation within a not-for-profit religious body

7. Data Sharing & Processors

We may share personal data with service providers such as:

Cloud Service Providers: We share information with third-party service providers who assist us with various aspects of our Services, including hosting, payment processing, email marketing, event management, embedded media (YouTube), and analytics.

Authorized Community Teachers: In our decentralized model, select community members are authorized to teach. In order to provide the services, certain data such as name and contact information may be shared.

Legal Authorities: We may disclose your information to legal authorities when required by law or to protect our rights and interests.

We do not sell personal data.

8. International Data Transfers

Because we are US-based, data may be transferred to the United States. Where required, we rely on:

GDPR Art. 49(1)(d) — religious public interest, or

Standard Contractual Clauses (SCCs) via service providers

9. Data Retention

We retain data only as long as necessary for the purposes described. Details are provided in our Data Retention Policy.

10. Your Rights Under GDPR

EU data subjects have the following rights regarding personal information, which we extend to all subjects:

Right to Access: You have the right to request access to your personal information and receive a copy of it.

Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information.

Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal information, subject to certain exceptions.

Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal information in certain circumstances.

Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another controller.

Right to Object: You have the right to object to the processing of your personal information, including for direct marketing purposes.

Right to Withdraw Consent: If we rely on your consent to process your information, you have the right to withdraw your consent at any time, where applicable.

Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe that we have violated your data protection rights.

Requests may be submitted to: [email protected]

11. Security

We use administrative, technical, and physical safeguards to protect personal data. These measures include:

Encryption: We use encryption to protect sensitive data during transmission and storage.

Access Controls: We restrict access to your information to authorized personnel on a need-to-know basis.

Regular Security Assessments: We conduct regular security assessments to identify and mitigate potential vulnerabilities.

Data Minimization: We only collect and retain the information necessary to fulfill the purposes outlined in this policy.

12. Children’s Data

We do not knowingly collect data from children under 16 without parental consent.

13. Third-Party Links and Services

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party websites or services you visit.

14. Changes to This Notice

We may update this Privacy Notice periodically. The latest version will be posted on our website.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at: [email protected]

WEBSITE COOKIE POLICY

1. What Are Cookies?

Cookies are small data files stored on your device when you visit websites. They may be used to improve functionality, analyze usage, or store preferences.

2. Types of Cookies We Use

We may use the following categories:

A. Strictly Necessary Cookies

Essential for basic site operation

Examples:

- session management

- login/authentication

- donation/payment processing

GDPR: no consent required

B. Analytics & Performance Cookies

Used to measure usage and performance

Examples:

- visit count

- referrer tracking

- navigation patterns

GDPR: consent required

C. Functional Cookies

Provide enhanced user experience

Examples:

- remembering preferences

- language settings

GDPR: consent required

D. Marketing / Tracking Cookies

Used for advertising or cross-site tracking

We currently do not use marketing cookies.

If introduced later, explicit consent would be required.

E. Third-Party Cookies

Set by embedded content or tools such as:

- YouTube / Vimeo video embeds

- SoundCloud audio embeds

- social media widgets

- donation widgets

These require consent if they track users.

3. Cookie Consent

For EU visitors:

- cookies requiring consent must be opt-in

- denial must not impair essential functionality

- consent must be withdrawable at any time