Skip to main content
Aligned

Privacy Policy for Aligned Therapy

Effective date: 26 May 2026

Last updated 26 May 2026 — added Section 6.3 disclosure that Aligned may share hashed contact identifiers (email and phone) with Google for marketing-measurement audience targeting, where cookie consent has been given.

This Privacy Policy explains how Aligned Therapy Ltd, trading as Aligned / Aligned Therapy (“Aligned”, “we”, “us”, “our”) collects, uses, shares, and protects personal data when you use our therapy-matching and introduction service (the “Service”). It applies to both Clients and Therapists.

This policy should be read alongside our Terms of Service.

Summary (plain English)

What we collect:

  • Contact details and basic profile info
  • Therapy-matching intake information (which may include health information)
  • Preferences and practical constraints (budget, availability, location, format)
  • Communications and transcripts (where you choose to use voice/AI intake or contact us)
  • Limited technical data (device, IP address, cookies—where enabled)

Why we collect it:

  • To provide matching and introductions to independent therapists
  • To operate, secure, and improve the Service
  • To provide support and handle complaints
  • To meet legal, tax, and regulatory obligations (where relevant)

Who we share with:

  • Independent therapists (only after you approve an introduction, and only what’s necessary)
  • Service providers who help us run the Service (e.g., hosting, email, analytics, AI/transcription) under contract
  • Advertising platforms such as Google, in the form of hashed contact identifiers (email, phone) used for marketing-measurement audience targeting — only where you have given cookie consent
  • Authorities only where legally required

How long we keep it:

  • Typically 3 years for client health/intake data (unless you withdraw consent earlier)
  • Typically 5 years for non-health client account/support data
  • Typically 7 years for therapist account/financial records

Your rights:

  • Access, correction, deletion, restriction, objection, portability, and withdrawal of consent (where we rely on consent)

1) Who we are (Data Controller) and how to contact us

Data Controller: Aligned Therapy Ltd (England and Wales)

Registered office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ

Contact (privacy and data requests):

Email: support@aligned.co.uk

Alternative: liam@aligned.co.uk

If you contact us, we may need to verify your identity before actioning a request.

ICO registration: Aligned Therapy Ltd is registered with the Information Commissioner's Office (ICO) under registration reference ZC114778.

Data Protection Officer: Given the current scale of our operations, we have assessed that we are not required to appoint a Data Protection Officer under UK GDPR Article 37. We keep this assessment under review as the business grows. For any data protection queries, please contact us using the details above.

2) What data we collect

We group data into categories so we can evolve forms and processes without constantly rewriting the policy.

2.1 Client data (examples)

  • A. Identity & contact — Name, email, phone number
  • B. Matching intake (may include special category/health data) — What you want help with, relevant history (if you choose to share it), therapy goals. Risk flags you volunteer (e.g., “I feel unsafe”) — note: we are not a crisis service
  • C. Preferences & constraints — Budget, availability, location, online/in-person preference. Therapist preferences (e.g., style, experience)
  • D. Communications — Messages you send us and we send you. Where you choose WhatsApp introductions, the content you exchange with us in WhatsApp threads/groups we set up
  • E. Voice/AI intake and transcripts (where you opt in) — Audio recordings (if enabled), transcripts, summaries, and metadata (time/date, duration)
  • F. Technical and usage — IP address, device/browser information, approximate location (derived from IP), log data. Cookie and analytics data where enabled (see Cookies section)

2.2 Therapist data (examples)

  • A. Identity & contact — Name, professional email, phone, practice details
  • B. Professional credentials — Professional body memberships/registration details, qualifications, insurance confirmation (as applicable)
  • C. Practice info — Modalities, fees, availability, client groups, working preferences
  • D. Communications and onboarding — Messages with us; onboarding/interview notes or transcripts (where used)
  • E. Financial/administrative — Invoicing and accounting records (where relevant)

3) Where data comes from

  • Directly from you (forms, calls, voice/AI intake, emails/WhatsApp)
  • From therapists (their profile information and responses)
  • From public sources (limited checks where relevant, such as professional registers or public websites)
  • From your device/browser (technical logs, cookies—where enabled)

4) Why we use your data and our lawful bases

UK GDPR requires a lawful basis. Where we process health data (special category data), we also need an additional condition.

4.1 Clients

A. Provide the matching and introduction service — Purpose: collect intake information, assess preferences/constraints, identify potential therapist matches, and (if you approve) introduce you. Lawful basis (Article 6): contract and/or legitimate interests. Special category condition (Article 9): explicit consent for health/special category data where required.

B. AI/voice intake (where you opt in) — Purpose: capture, transcribe and summarise your responses to support matching and service delivery. Lawful basis (Article 6): contract and/or legitimate interests. Article 9: explicit consent where health data is involved. Note: we request AI/voice consent separately before you use the voice/AI experience.

C. Support, quality, and improvement — Purpose: customer support, troubleshooting, preventing misuse, improving match quality. Lawful basis: legitimate interests; in some cases contract. Where special category data is used for improvement: we rely on explicit consent where required, and we minimise/aggregate/anonymise where possible.

D. Legal and compliance — Purpose: respond to lawful requests, exercise or defend legal claims, comply with legal obligations. Lawful basis: legal obligation and/or legitimate interests.

E. Marketing-measurement and audience targeting (where you have given cookie consent) — Purpose: measure how effective our advertising is and find similar prospective clients. We do this by sharing hashed versions of email and (where present) phone number with Google Ads (Customer Match). Lawful basis (Article 6): consent (via cookie settings). No special category / health data is shared for this purpose. See Section 6.3 for the operational detail.

4.2 Therapists

A. Onboarding and eligibility checks — Purpose: confirm suitability to receive referrals and maintain service quality. Lawful basis: contract; legitimate interests; and legal obligation where applicable.

B. Matching operations — Purpose: share anonymised client summaries to check fit/availability; facilitate introductions after client approval. Lawful basis: contract and legitimate interests.

C. Administration and accounting — Purpose: invoicing, record keeping, dispute handling. Lawful basis: contract and legal obligation.

5) How introductions work (and what we share)

5.1 Anonymised outreach first (where helpful) — To check fit and availability, we may contact therapists with an anonymised summary (for example: presenting issues, preferences, timing, format). This summary should not include your name or direct contact details.

5.2 Identifiable details only after you approve — We will only share your name and contact details with a therapist after you explicitly agree to be introduced.

5.3 Email vs WhatsApp — You can choose whether introductions happen via email or WhatsApp (where available). If you choose WhatsApp, messages are processed by WhatsApp (Meta Platforms) as an independent third-party service under their own terms and privacy practices. On our side: we use WhatsApp solely to facilitate the introduction you requested. We retain WhatsApp messages only for as long as needed to complete the introduction and for reasonable record-keeping (typically up to 3 years, consistent with our health-data retention period). You can request a switch to email at any time, and you can ask us to delete your WhatsApp message history by emailing admin@aligned.co.uk.

6) Who we share data with

We do not sell your personal data. We share data only with:

6.1 Therapists (independent practitioners) — When: only after you approve an introduction (for identifiable details), or earlier only as an anonymised summary. What: the minimum necessary information for matching/introduction.

6.2 Service providers (processors) — We use third parties to run the Service, under contracts that require appropriate security and confidentiality. Key processors include:

  • Cloudflare (website hosting, infrastructure, and database)
  • ElevenLabs (AI voice and text intake, where you opt in)
  • Deepgram (call transcription, where applicable)
  • Resend (transactional email delivery)
  • Airtable (client and therapist record management)
  • Mixpanel and Google Analytics (analytics and product measurement, where you opt in via cookie settings)
  • Cookiebot (cookie consent management)
  • Accounting/bookkeeping tools

6.3 Advertising platforms (hashed identifiers only) — Where you have given cookie consent, we may share hashed versions of contact identifiers (email address and, where present, phone number) with Google Ads (Customer Match) to measure marketing effectiveness and reach similar audiences. Identifiers are hashed with SHA-256 on our infrastructure before upload — the platform never receives your plain email or phone. We never share intake responses, health or matching data this way. Membership lasts up to 540 days from the most recent upload, after which Google automatically removes the entry. You can withdraw consent at any time via the cookie settings link.

6.4 Professional/regulatory bodies and authorities — Only where required by law, or to exercise/defend legal claims.

7) International transfers

Some providers may process data outside the UK. Where data is transferred internationally and the destination is not covered by an adequacy decision, we use appropriate safeguards (such as the UK International Data Transfer Agreement and/or UK Addendum to EU SCCs) and, where appropriate, carry out transfer risk assessments.

You can request more information about safeguards by emailing support@aligned.co.uk.

8) Retention (how long we keep data)

We keep personal data only as long as necessary for the purposes described, including legal and operational needs.

8.1 Clients — Health/special category intake data (including transcripts/summaries where applicable): typically up to 3 years from collection, unless you withdraw consent earlier. Non-health account/support data: typically up to 5 years after your last interaction.

8.2 Therapists — Account/profile and operational records: typically up to 7 years after deactivation. Onboarding/interview transcripts (if used): typically up to 3 years.

8.3 Legal holds — We may retain limited data longer where necessary to comply with legal obligations or to establish, exercise, or defend legal claims.

9) Your rights (UK GDPR)

You have rights including:

  • Access (get a copy of your data)
  • Rectification (correct inaccurate data)
  • Erasure (delete data in certain circumstances)
  • Restriction (limit processing)
  • Portability (receive data in a usable format where applicable)
  • Objection (to processing based on legitimate interests)
  • Withdraw consent (where we rely on consent) — see below

To exercise any of these rights, email admin@aligned.co.uk. We aim to respond within one month.

Withdrawing consent: Where we process your data based on consent (including health data and AI/voice intake), you can withdraw that consent at any time by emailing admin@aligned.co.uk. Once we receive your request, we will stop the relevant processing promptly. Withdrawal does not affect the lawfulness of processing carried out before you withdrew. If you withdraw consent for health-data processing, we will delete or anonymise that data unless we have another lawful basis to retain it (for example, a legal obligation).

ICO complaint right: You can complain to the Information Commissioner’s Office (ICO). We encourage you to contact us first. ICO contact details: ico.org.uk, telephone 0303 123 1113, or write to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

10) Cookies and analytics

We use cookies/local storage and analytics to operate and improve the Service.

10.1 Cookie types — Strictly necessary cookies: required for basic functionality. Optional analytics cookies: used to understand website usage; only set if you opt in.

10.2 Managing preferences — Use the cookie settings link (where available) to adjust optional cookies. You can also control cookies in your browser settings.

11) Security

We use appropriate technical and organisational measures, such as encryption in transit and at rest, role-based access controls, logging and monitoring, minimisation and anonymisation, and incident response processes. No method is 100% secure, but we work to protect your information with proportionate safeguards.

12) Automated processing and profiling

We may use technology (including AI tools where you opt in) to help organise, summarise, and interpret information for matching. We do not make decisions with legal or similarly significant effects solely by automated means.

13) Third-party links

Our website may link to third-party sites. This policy does not apply to those sites.

14) Children’s data

The Service is for adults aged 18+. We do not knowingly collect personal data from children.

15) Changes to this policy

We may update this policy. The “Effective date” will change. If changes are material, we will take reasonable steps to notify users.

Contact

For privacy questions or to exercise your rights: support@aligned.co.uk (or liam@aligned.co.uk)