TheraFlo

Legal

Privacy policy

TheraFlo handles personal data — including special-category therapy records — on behalf of UK therapists. This page will set out exactly what we collect, why, how it's protected, and your rights as a data subject.

Pending solicitor review

The full privacy policy is being prepared with our solicitor and will be published here soon. In the meantime, if you have questions about how TheraFlo handles your data or any aspect of using the service, email hello@theraflo.co.uk and we'll respond personally.

What the final document will cover

  • Who we are and how to contact us (ICO registered: ZC155176)
  • What personal data we collect from therapists and their clients
  • Lawful basis for processing under UK GDPR, including special-category data
  • How and where your data is stored (EU hosting via Supabase, UK transactional email via Mailpace)
  • Security measures — encryption in transit and at rest, access controls
  • Data retention and what happens when you cancel
  • Your rights: access, rectification, erasure, portability, objection
  • Third-party processors and sub-processors
  • International data transfers
  • How to raise a concern or complaint (including the ICO)