Privacy Policy

2. Categories of Data Subjects

We process personal data relating to:
Website visitors
Enquirers
Clients receiving therapeutic services
Participants in our online programme (including beta users)

Different categories of data and lawful bases apply depending on your relationship with us.

3. Personal Data We Collect

A. Website Visitors
We may collect: IP address, Browser type, Device information, Pages visited, Time and date of visit.

This data is collected through cookies and analytics tools.

B. Enquiries
If you contact us via email or contact form, we may collect: Name, email address, telephone number (if provided), any information you choose to share in your message

C. Therapeutic Clients
In order to provide safe and effective therapy, we collect:

Identity and Contact Data
Name, address, Email, telephone number, date of birth,

Special Category Data (Article 9 UK GDPR)
Health information, medical history, medication details, trauma history, relationship and family information, assessment responses, session content and notes.

Session notes are recorded in brief form and stored securely.

D. Online Programme Participants (Including Beta)
Where you access our online programme (hosted via Groove Digital LLC), we may process:
Account registration details, login data, programme participation activity, communications within the platform.

No automated decision-making or profiling is conducted.


4. Lawful Bases for Processing

A. Website Analytics

Article 6(1)(f) – Legitimate Interests (Improving website performance and user experience)

We use a privacy-friendly analytics service (Plausible) to understand website usage. This service does not track or store personally identifiable information and does not use cookies.

B. Enquiries

Article 6(1)(f) – Legitimate Interests(Responding to enquiries and providing requested information)


C. Therapeutic Services

Article 6(1)(b) – Performance of a Contract
Processing is necessary to provide therapeutic services agreed with you.

Article 9(2)(h) – Provision of Health or Social Care
Special category data is processed for the purpose of delivering therapy.

Article 6(1)(c) – Legal Obligation
Retention of records in accordance with insurance and regulatory requirements.

Article 6(1)(f) – Legitimate Interests
Professional supervision and practice management (no identifiable data shared).

We process the personal and sensitive information you provide primarily to deliver therapy safely and effectively. This processing is based on our legal and professional obligations, not on your consent, which means your therapy records are maintained in accordance with professional standards even if you choose to withdraw consent for other uses.


D. Online Programme

Article 6(1)(b) – Contract (where enrolled)
Article 6(1)(f) – Legitimate Interests (platform administration)

If payment processing is introduced, Stripe or PayPal may be used as payment processors. These providers act as independent data controllers for payment data and process information in accordance with their own privacy policies.


5. Confidentiality and Safeguarding

All client information is treated as confidential.

Confidentiality may be breached only where:
There is a risk of serious harm to you or others
Safeguarding obligations arise
Disclosure is required by law or court order
Information relates to terrorism or other serious criminal matters.

Where possible, we will seek to discuss disclosure with you before taking action.

Professional supervision is undertaken in anonymised form only. Identifiable client information is not disclosed to supervisors.


6. Data Sharing

We may share limited data with:
Website hosting providers
Analytics providers (e.g., Plausible)
Online programme hosting provider (Groove Digital LLC)
Payment processors (e.g., Stripe or PayPal, if used)
Professional advisers where legally required

We use professional service providers, such as accountants, to assist with our financial and administrative operations. These providers may have access to personal data necessary to process payments and maintain records. All processors are required to handle your data securely and in accordance with UK data protection law.

All processors are contractually or legally required to protect your data. While we have provided a Data Processing Agreement to our accountants, access is strictly limited to information required to provide their services.

We regularly review our processors to ensure compliance.

We do not sell or lease personal data to third parties.

7. International Transfers

Some service providers may process data outside the United Kingdom.

If personal data is transferred outside the UK, we take steps to ensure it is protected to UK GDPR standards, using approved safeguards such as legally recognised agreements or transfers to countries deemed safe for personal data.


8. Data Retention

Therapeutic client records are retained for 7 years from the end of the therapeutic episode in accordance with professional and insurance requirements.

After this period, records are securely destroyed.

Enquiry data that does not result in a therapeutic relationship is retained only as long as necessary for administrative purposes.

Website analytics data is retained in accordance with platform settings.


9. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:
Encrypted digital storage
Password-protected systems
Restricted access controls
Secure physical storage for paper records

We regularly review our data protection practices.


10. Your Rights Under UK GDPR

You have the right to:

Be informed about how your data is processed
Request access to your personal data
Request rectification of inaccurate data
Request erasure (subject to legal retention requirements)
Request restriction of processing
Object to processing based on legitimate interests
Request data portability
Withdraw consent (where processing is based on consent)

To exercise your rights, contact: [email protected]

We respond to requests within one month as required by law.

11. Complaints

If you are dissatisfied with how we handle your data, you may:

Contact us directly in the first instance.
Lodge a complaint with the UK Information Commissioner’s Office (ICO):Information Commissioner’s Office: www.ico.org.uk


12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal, operational or regulatory requirements. The latest version will always be available on our website.

Updated February 19 2026