Privacy Policy
Last updated: April 2026
Your privacy matters to us. This policy explains how bring retreats collects, uses, and protects your personal data when you interact with our website and application process.
1. Who we are
bring retreats is a group retreat venue located in the Peloponnese region of Greece, near Nafplio. We provide end-to-end retreat hosting for facilitators and retreat leaders. Our website is bringretreat.com.
For the purposes of the EU General Data Protection Regulation (GDPR), bring retreats is the data controller responsible for your personal data.
2. What data we collect
When you submit an application through our form at apply.bringretreat.com, we collect the following information:
- First name and last name
- Email address
- Phone number / WhatsApp number
- Your location
- Instagram handle
- Retreat preferences and experience level
- Collaboration preferences
- Timing preferences
- How you heard about us
We also collect anonymized usage data through Google Analytics when you consent to analytics cookies on our website.
3. How we use your data
We use your personal data for the following purposes:
- To review your retreat application and assess suitability
- To communicate with you about retreat availability, scheduling, and logistics
- To match facilitators for co-bring collaborations
- To improve our services and understand how visitors use our website
The legal basis for processing your data is your consent (provided when you submit your application) and our legitimate interest in operating and improving our retreat services.
4. Data storage
Your application data is stored securely using Supabase, a cloud database service that provides encryption at rest and in transit. Supabase infrastructure is hosted within the EU/EEA where possible. We take appropriate technical and organizational measures to protect your data against unauthorized access, alteration, or loss.
5. Email communications
We use Resend as our email service provider to send communications related to your application, including confirmations, status updates, and retreat-related correspondence. Resend processes your email address solely for the purpose of delivering these messages on our behalf.
6. Cookies
Our website uses Google Analytics cookies to help us understand how visitors interact with our site. These cookies are only loaded after you provide your consent through our cookie banner. You can withdraw your consent at any time by clearing your browser cookies or adjusting your preferences.
We also use essential cookies that are strictly necessary for the website to function. These do not require consent.
7. Third-party services
We use the following third-party services that may process your data:
- Google Fonts — to serve web fonts. Google may collect your IP address when fonts are loaded.
- Google Analytics — for anonymized website usage analytics (only with your consent).
- Supabase — for secure storage of application data.
- Resend — for transactional email delivery.
Each third-party service operates under its own privacy policy. We only share the minimum data necessary for each service to function.
8. Data retention
We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including facilitating retreat collaborations and maintaining communication with applicants. If you no longer wish us to hold your data, you can request deletion at any time by contacting us.
9. Your rights under GDPR
As a data subject under the GDPR, you have the following rights:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request correction of inaccurate or incomplete data.
- Right to erasure — request deletion of your personal data.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to restrict processing — request that we limit how we use your data.
- Right to withdraw consent — withdraw your consent at any time without affecting the lawfulness of processing prior to withdrawal.
- Right to lodge a complaint — file a complaint with a supervisory authority. In Greece, this is the Hellenic Data Protection Authority (www.dpa.gr).
To exercise any of these rights, please contact us using the details below.
10. Contact
For any questions, concerns, or requests regarding this privacy policy or your personal data, please contact us at:
We will respond to your request within 30 days, as required by the GDPR.
11. Changes to this policy
We may update this privacy policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.