Privacy Policy

Last updated: 2 May 2026

The Potter Sanctuary (“we”, “us”, “our”) is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal information when you use our website thepottersanctuary.co.uk.

Who we are

The Potter Sanctuary is a sole-trader wellness studio based in Beck Row, Suffolk, United Kingdom. For any privacy-related queries, contact hello@thepottersanctuary.co.uk.

Information we collect

When you book a treatment or create an account with us, we collect:

• Personal details: name, email address, phone number, date of birth, address, gender
• Emergency contact information
• Health information you provide via our consultation questionnaire (medical history, allergies, conditions, medications, treatment preferences)
• Booking history and consultation responses
• Technical information when you visit our site (IP address, browser type, pages visited)

How we use your information

We use your information solely to:

• Provide and manage your treatment bookings
• Tailor treatments safely to your individual circumstances
• Communicate with you about your appointments
• Send you reminders and confirmation emails
• Maintain accurate records as required by professional practice standards
• Improve our service

We will never sell your information to third parties.

Legal basis

We process your information based on:

• Performance of a contract: managing your bookings and delivering treatments
• Legitimate interests: improving our service and maintaining professional records
• Consent: where you have explicitly agreed (e.g. marketing, if applicable)
• Legal obligation: where we are required to retain records

Third-party services

We use the following trusted services to deliver our website and bookings:

• Supabase (database hosting, EU region)
• Cloudflare (website hosting and DNS)
• Resend (transactional email delivery)
• Google Workspace (business email)

All providers are GDPR-compliant.

Data retention

We retain your booking and consultation records for seven (7) years from your last visit, in line with professional practice guidance for therapy and bodywork records. After this period, your data will be securely deleted.

Your rights

Under UK GDPR, you have the right to:

• Access your personal information
• Correct any inaccurate information
• Request deletion of your information (subject to retention requirements above)
• Object to certain types of processing
• Withdraw consent at any time
• Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise any of these rights, please contact hello@thepottersanctuary.co.uk.

Security

We take appropriate technical measures to protect your information, including encryption in transit (HTTPS), encryption at rest, magic-link authentication (no passwords stored), and access controls.

Changes to this policy

We may update this policy from time to time. The latest version will always be available on this page.