Legal · Last updated June 2026

Privacy policy.

The short version

We collect what we need to host you well and nothing we don't. Our website analytics are cookieless. We don't run ads, we don't sell or rent your data, and we never will. Health information you share for ceremony safety is treated as sensitive, used only for that purpose, and seen only by the people who keep you safe. The long version follows, and questions are welcome at info@lunitajungleretreat.com.

1. Who we are

This website, lunitajungleretreat.com, is operated by [LEGAL ENTITY NAME — placeholder] (“Lunita,” “we”), located at Ruta de los Cenotes Km 17, 77584 Puerto Morelos, Quintana Roo, Mexico. Lunita is the data controller (responsable) for the personal information described here, under Mexico's Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP). This page also serves as our English-language Aviso de Privacidad. Contact for anything in this policy: info@lunitajungleretreat.com or +52 984 270 1532.

2. What we collect

Information you give us.

  • Contact and inquiry data: name, email, phone/WhatsApp, and what you write to us, through our forms (such as the retreat-leader application or the corporate questionnaires), by email, by WhatsApp, or when scheduling a call.
  • Booking data: names of guests, arrival details (such as flight information for transfers we arrange), dietary needs, and payment-related details. We don't store card numbers. Payments are handled by our payment providers.
  • Newsletter: your email address, if you subscribe. You can unsubscribe at any time with the link in every email.
  • Workplace questionnaire responses: if you complete the Raiz or Archipelago forms, your answers and company details, used solely to prepare your team's report.

Sensitive information, handled differently.

If your retreat includes ceremonies, we collect health information needed for safety screening: medications, relevant medical and mental-health history, and similar. This is sensitive personal data. We collect it with your express consent, use it exclusively to assess safety and prepare your care, share it only with the facilitators and team members who need it to hold you safely, and delete it when it's no longer needed for that purpose.

Information collected automatically.

Very little, deliberately. Our analytics run on Cloudflare Web Analytics, which is cookieless and doesn't fingerprint, track you across sites, or build profiles. We see aggregate page statistics, not you. Our hosting and CDN providers process standard technical logs (IP address, browser type) to deliver and secure the site.

Photographs.

Retreat photography happens with consent. Images of guests appear on our website or social channels only when the people in them have agreed.

3. Why we use it

To respond to you; to design, book, and run your retreat; to keep ceremony participants safe; to prepare corporate diagnostic reports; to send the newsletter you asked for; to process payments; to keep the website working and secure; and to meet legal obligations. We don't use your data for advertising, we don't sell or rent it, and we don't make automated decisions about you.

4. Who processes it for us

We use a small set of service providers, each processing data only to provide their service:

  • Cloudflare: content delivery, security, and cookieless analytics
  • Railway: website hosting
  • FormSubmit: relays our website forms to our email
  • Calendly: call scheduling (its own privacy policy applies when you book)
  • WhatsApp (Meta): if you choose to message us there
  • Our email and newsletter providers, and our payment providers

Some of these providers operate internationally (including the United States), which means your data may be transferred outside Mexico; we work with providers that commit to appropriate data-protection safeguards. Beyond these processors, we share personal data only if the law requires it.

5. How long we keep it

As long as needed for the purpose it was collected: inquiries and applications for the conversation they start; booking and invoicing records for the periods Mexican law requires; newsletter data until you unsubscribe; ceremony-screening information only while it's needed for your safety. Then we delete it.

6. Your rights

Under Mexican law (LFPDPPP), you have ARCO rights: to access the personal data we hold about you, to rectify it, to cancel it, and to oppose its use, and to withdraw consent at any time. Write to info@lunitajungleretreat.com with your request and proof of identity; we'll respond within the legal timeframes. If you're unsatisfied, you may complain to INAI, Mexico's data-protection authority.

If you're in the EU/EEA or UK, you additionally have the equivalent GDPR rights: access, rectification, erasure, restriction, portability, and objection, exercisable at the same address, plus the right to complain to your local supervisory authority.

7. Cookies

We don't use advertising or cross-site tracking cookies. Our analytics are cookieless by design. The site may set strictly necessary technical cookies (for security or basic functionality), nothing that follows you.

8. Children

Our website and services are directed at adults. We don't knowingly collect personal data from minors online; information about children attending a family retreat is provided by their parent or guardian as part of booking.

9. Changes

When this policy changes, we'll update it here with a new date. Meaningful changes to how we handle your data will be flagged clearly, not buried.

10. Contact

[LEGAL ENTITY NAME — placeholder] · Ruta de los Cenotes Km 17, 77584 Puerto Morelos, Quintana Roo, Mexico · info@lunitajungleretreat.com · +52 984 270 1532