Data Handling Policy

Respecting your privacy is fundamental to ethical therapy. This policy explains how your personal information is collected, stored, used, and protected.

Confidentiality and Legal Limits

Your sessions are confidential. I will not disclose identifying information unless there is a serious concern for safety, a legal requirement, or a court order. I aim to discuss this with you first wherever possible, unless doing so would increase risk. This approach reflects ethical guidance on client confidentiality upheld by my professional body, the National Counselling and Psychotherapy Society (NCPS) Code of Ethics and related guidance.

Session Notes and Records

I keep brief session notes to support consistent and safe care. Notes are:

Google Workspace adheres to UK GDPR standards and supports high-security settings; see Google’s privacy policy here: https://policies.google.com/privacy

Online Sessions and Communications

Online sessions (video calls) and email communications use Google Meet and Google Workspace. I have enabled enhanced security settings to protect privacy and confidentiality. Website forms and contact data on this site are also managed through Google Sites and Google Workspace infrastructure.

Supervision, Training, and Research

As part of ethical practice, I attend regular clinical supervision. Any client information discussed in supervision is anonymised so you cannot be identified.

Non-identifying material from sessions may be used for training or professional development, with identifying details removed or fictionalised.

Clinical Will and Continuity of Care

A clinical will is in place: if something unexpected prevents me from continuing our work, a secure process allows a trusted colleague to contact you confidentially with appropriate support and next steps. No therapeutic content is shared in this process.

Appointment Booking and Payments

Booking details are managed via Calendly, which is GDPR compliant: https://calendly.com/privacy

Payments are processed securely via Stripe: https://stripe.com/privacy

I do not store card details; Stripe handles payment data in accordance with its policy.

I also accept bank transfers to my Monzo account: https://monzo.com/help/legal-stuff/privacy-policy

Messaging and Communications

If agreed, messaging or calls may take place via WhatsApp, which uses end-to-end encryption: https://www.whatsapp.com/legal/privacy-policy

Email, SMS, and phone calls may be used for practical or administrative purposes. These methods are not suitable for emergencies. By choosing to communicate this way, you acknowledge the associated risks, which may include delayed responses, misdirected messages, or potential interception by third parties.

Use of Mailing Lists

Mailing lists are managed through Mailchimp: https://mailchimp.com/legal/privacy/

This is strictly opt-in and used only for updates about services. You may unsubscribe at any time. No sensitive personal therapy content is shared via mailing lists.

Use of Large Language Models

Large Language Models (also called LLM) may be used for limited administrative or reflective tasks, such as drafting general documents or summarising anonymised themes. They are not used to analyse identifiable client data, make clinical decisions, or provide diagnoses. No identifying client information is entered into these systems.

Marketing and Third Parties

Your personal information will never be sold or shared with third parties for unrelated marketing purposes. Mailing lists and analytics data are used only to provide updates about services.

Data Retention and Your Rights

I retain records for five years following the end of therapy, as required by professional insurance and guidance. After that, records are securely deleted.

Under UK GDPR, you have the right to: