Privacy Policy

Effective date: 19 September 2025

1. Who we are and how to contact us

WellWise is the controller of your personal data when you use our website and related services.

Contact us at [email protected] or write to 50 Beach Green, Shoreham by sea, BN43 5YG.

2. Scope

This notice explains what personal data we collect, how and why we use it, who we share it with, how long we keep it, your rights, and how to complain.

It is written for the UK. If you access our service from the EEA, we apply the local rules described in this notice (see the Children section for the age of consent).

3. The personal data we collect

Data you provide: name, email address, telephone number, login details, billing and delivery details, any messages you send us, and content you add to your account (for example, notes or goals).
Data collected automatically: IP address, device and browser details, pages viewed and actions taken, and diagnostic logs.
Data from others: payment status information from our payment processor and service metadata from our platform host.

We do not ask you to provide special category data (such as health data) and our services do not provide medical advice.

4. Why we use your data and our legal bases

• Provide the website, your account and support; process payments — Performance of a contract.
• Keep the service secure; prevent and detect fraud/abuse — Legitimate interests and/or legal obligation.
• Improve and personalise the service; fix bugs — Legitimate interests (for non-essential cookies we rely on consent).
• Send product updates and marketing — Consent (or PECR soft opt-in for existing customers). You can opt out at any time.

We do not carry out automated decision-making that produces legal or similarly significant effects.

5. Cookies and similar technologies (PECR)

We use essential cookies to make the site work. With your consent, we also use analytics and other non-essential cookies.

A cookie banner lets you accept or reject non-essential cookies and change your choices at any time. See our Cookie Policy for details.

6. Who we share your data with

We do not sell your personal data. We share it only with:

• Service providers (processors) under contracts that protect your data — including Kajabi (hosting/CMS/emails/newsletters), Stripe or Apple Pay or Kajabi Payments (payments), and Google (analytics/infrastructure).
• Professional advisers and insurers where necessary.
• Authorities or other third parties where required by law or to protect rights.
• A buyer, investor or similar party in connection with a corporate transaction.

We do not allow third parties to use your data for their own advertising or profiling.

7. International transfers

Some providers are based outside the UK. We use recognised safeguards, such as UK adequacy regulations (including the UK–US data bridge), the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses with the UK Addendum. Contact us for details.

8. How long we keep your data

• Account data — while your account is active and up to 24 months after inactivity (unless needed longer to resolve disputes).
• Communications — up to 24 months.
• Transaction records — at least 6 years (UK tax/company law).
• Analytics data — typically up to 14 months.

We delete or anonymise data when no longer needed; back-ups are retained for disaster recovery for a limited period.

9. Security

We use appropriate technical and organisational measures (e.g., encryption in transit, access controls). If a personal data breach occurs, we will assess risk and notify the ICO and affected individuals when required by law.

10. Your rights

Under UK data protection law you may: access your data; have inaccurate data corrected; request deletion in some cases; restrict or object to certain uses (including objecting to direct marketing at any time); receive your data in a portable format; and withdraw consent. Contact us to exercise your rights. We may ask for proof of identity.

11. Children and young people (UK + EEA)

Our service is not directed to children under 13. We do not knowingly collect personal data from children under 13; if you believe a child has provided us data, please contact us so we can delete it.

If our service is likely to be accessed by users under 18, we aim to follow the ICO’s Age-Appropriate Design Code (Children’s Code).

• United Kingdom: where we rely on consent for an online service, parental consent is required for users under 13.
• European Economic Area: the “age of digital consent” is set by each member state between 13 and 16 (GDPR Art. 8). If your local law sets a higher age (for example, 16), we will not rely on a child’s consent below that age and will either obtain verifiable parental consent or disable consent-based features for that region.

12. Third-party providers & links (transparency)

For convenience and transparency, these are the pages for our main processors (the contracts with each provider govern their processing on our behalf).

• Kajabi (platform/payments if used/ hosting/emails/newsletters): https://legal.kajabi.com/policies/privacy and https://legal.kajabi.com/policies/cookie-policy
• Stripe (payments): https://stripe.com/gb/privacy and https://stripe.com/cookies-policy/legal
• Google (analytics/infrastructure): https://policies.google.com/privacy and https://policies.google.com/technologies/cookies

13. Changes to this notice

If we make significant changes, we will update this page and, where appropriate, notify you by email or on the site.

14. Complaints and how to contact the ICO

Contact us at [email protected]. You also have the right to complain to the Information Commissioner’s Office (ICO): www.ico.org.uk, 0303 123 1113, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

© 2025 WellWise