Logo Healing In-depth
Menu

Privacy Policy

Last updated: February 14, 2026

GDPR Compliant

This Privacy Policy is designed to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Introduction

Healing In-depth ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and services.

We are a UK-based nurse-led health and wellness business operating under UK data protection laws, including the UK GDPR and the Data Protection Act 2018.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

  • Contact Information: Name, email address, phone number, postal address
  • Account Information: Username, password (encrypted), profile information
  • Payment Information: Billing address, payment method details (processed securely through Stripe)
  • Health Information: Health goals, dietary preferences, weight logs, exercise data, wellness questionnaire responses, consultation notes
  • Communication Data: Content of emails, messages, and consultation notes

2.2 Automatically Collected Information

When you use our website, we may automatically collect:

  • Browser type and version
  • Device information
  • IP address
  • Pages visited and time spent on pages
  • Referring website addresses
  • Date and time of visits

3. How We Use Your Information

We use your personal information for the following purposes:

  • Service Delivery: To provide wellness consultations, create personalized plans, and deliver our services
  • Account Management: To create and manage your account, authenticate your identity, and provide customer support
  • Payment Processing: To process payments and prevent fraud
  • Communication: To send service-related emails, respond to inquiries, and provide customer support
  • Personalization: To tailor our services to your needs and preferences
  • Analytics: To understand how our services are used and improve our offerings
  • Legal Compliance: To comply with legal obligations and protect our rights

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose.

4. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

  • Contract: Processing is necessary to perform our contract with you (providing wellness services)
  • Consent: You have given explicit consent for processing your health data
  • Legitimate Interests: Processing is necessary for our legitimate business interests (improving services, preventing fraud)
  • Legal Obligation: Processing is necessary to comply with legal requirements

For health data, we rely primarily on your explicit consent. You have the right to withdraw consent at any time, though this may affect our ability to provide services.

5. Third-Party Service Providers

We use trusted third-party service providers to help us operate our business. These providers have access to your personal information only to perform specific tasks on our behalf and are obligated to protect your information.

5.1 Service Providers We Use

  • Supabase: Database hosting and authentication services
  • Stripe: Payment processing (does not store full card details on our servers)
  • Resend: Email delivery services
  • Web Hosting Services: For hosting our website and application

All third-party providers are carefully selected and required to maintain appropriate security measures and comply with data protection regulations.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Secure authentication and password protection
  • Regular security assessments
  • Limited access to personal data on a need-to-know basis
  • Regular backups and disaster recovery procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Active Users: Data is retained while your account is active
  • Inactive Accounts: Data may be retained for up to 2 years after account inactivity
  • Legal Requirements: Some data may be retained longer to comply with legal, accounting, or regulatory requirements
  • Backup Systems: Data in backup systems may persist for up to 90 days after deletion

After the retention period, personal data will be securely deleted or anonymized so that it can no longer identify you.

8. Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Request that we limit how we use your data
  • Right to Data Portability: Request a copy of your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time where we rely on consent

To exercise any of these rights, please contact us at info@healingindepth.com.

We will respond to your request within one month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your data properly.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience on our website. Cookies are small text files stored on your device that help us:

  • Keep you logged in
  • Remember your preferences
  • Understand how you use our website
  • Improve website performance and functionality

We use the following types of cookies:

  • Essential Cookies: Required for the website to function properly
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how visitors use our website

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our website.

10. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If we become aware that we have collected personal data from a child under 18 without parental consent, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a child, please contact us immediately.

11. International Data Transfers

Your personal data may be transferred to and processed in countries outside the United Kingdom. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the UK authorities
  • Data processing agreements with third-party providers
  • Ensuring adequate levels of data protection in the recipient country

All third-party service providers we use are required to maintain appropriate security measures regardless of their location.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will notify you by email (if you have provided an email address) or by placing a prominent notice on our website. The "Last updated" date at the top of this policy indicates when it was last revised.

We encourage you to review this Privacy Policy periodically. Your continued use of our services after any changes constitutes your acceptance of the updated policy.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: info@healingindepth.com

We will respond to your inquiry as soon as possible, typically within 5 business days.

You also have the right to contact the UK Information Commissioner's Office (ICO) if you have concerns about how we handle your personal data: ico.org.uk

By using our services, you acknowledge that you have read, understood, and agree to this Privacy Policy.