Privacy Policy for Aligned Therapy
Effective date: 13 January 2026
This Privacy Policy explains how Aligned Therapy Ltd, trading as Aligned / Aligned Therapy (“Aligned”, “we”, “us”, “our”) collects, uses, shares, and protects personal data when you use our therapy-matching and introduction service (the “Service”). It applies to both Clients and Therapists.
This policy should be read alongside our Terms of Service.
Summary (plain English)
What we collect
Contact details and basic profile info
Therapy-matching intake information (which may include health information)
Preferences and practical constraints (budget, availability, location, format)
Communications and transcripts (where you choose to use voice/AI intake or contact us)
Limited technical data (device, IP address, cookies—where enabled)
Why we collect it
To provide matching and introductions to independent therapists
To operate, secure, and improve the Service
To provide support and handle complaints
To meet legal, tax, and regulatory obligations (where relevant)
Who we share with
Independent therapists (only after you approve an introduction, and only what’s necessary)
Service providers who help us run the Service (e.g., hosting, email, analytics, AI/transcription) under contract
Authorities only where legally required
How long we keep it
Typically 3 years for client health/intake data (unless you withdraw consent earlier)
Typically 5 years for non-health client account/support data
Typically 7 years for therapist account/financial records
Your rights
Access, correction, deletion, restriction, objection, portability, and withdrawal of consent (where we rely on consent)
1) Who we are (Data Controller) and how to contact us
Data Controller: Aligned Therapy Ltd (England and Wales)
Registered office: Flat 604, Adansbeck Court, 35 Rookwood Way, London, E3 2XT
Contact (privacy and data requests):
Email: support@aligned.co.uk
Alternative: liam@aligned.co.uk
If you contact us, we may need to verify your identity before actioning a request.
2) What data we collect
We group data into categories so we can evolve forms and processes without constantly rewriting the policy.
2.1 Client data (examples)
A. Identity & contact
Name, email, phone number
B. Matching intake (may include special category/health data)
What you want help with, relevant history (if you choose to share it), therapy goals
Risk flags you volunteer (e.g., “I feel unsafe”) – note: we are not a crisis service
C. Preferences & constraints
Budget, availability, location, online/in-person preference
Therapist preferences (e.g., style, experience)
D. Communications
Messages you send us and we send you
Where you choose WhatsApp introductions, the content you exchange with us in WhatsApp threads/groups we set up
E. Voice/AI intake and transcripts (where you opt in)
Audio recordings (if enabled), transcripts, summaries, and metadata (time/date, duration)
F. Technical and usage
IP address, device/browser information, approximate location (derived from IP), log data
Cookie and analytics data where enabled (see Cookies section)
2.2 Therapist data (examples)
A. Identity & contact
Name, professional email, phone, practice details
B. Professional credentials
Professional body memberships/registration details, qualifications, insurance confirmation (as applicable)
C. Practice info
Modalities, fees, availability, client groups, working preferences
D. Communications and onboarding
Messages with us; onboarding/interview notes or transcripts (where used)
E. Financial/administrative
Invoicing and accounting records (where relevant)
3) Where data comes from
Directly from you (forms, calls, voice/AI intake, emails/WhatsApp)
From therapists (their profile information and responses)
From public sources (limited checks where relevant, such as professional registers or public websites)
From your device/browser (technical logs, cookies—where enabled)
4) Why we use your data and our lawful bases
UK GDPR requires a lawful basis. Where we process health data (special category data), we also need an additional condition.
4.1 Clients
A. Provide the matching and introduction service
Purpose: collect intake information, assess preferences/constraints, identify potential therapist matches, and (if you approve) introduce you.
Lawful basis (Article 6): contract (to provide the Service you request) and/or legitimate interests (to run a safe, effective matching process).
Special category condition (Article 9): explicit consent for health/special category data where required.
B. AI/voice intake (where you opt in)
Purpose: capture, transcribe and summarise your responses to support matching and service delivery.
Lawful basis (Article 6): contract and/or legitimate interests.
Article 9: explicit consent where health data is involved.
Note: we request AI/voice consent separately before you use the voice/AI experience.
C. Support, quality, and improvement
Purpose: customer support, troubleshooting, preventing misuse, improving match quality (including review of anonymised summaries or transcripts where permitted).
Lawful basis: legitimate interests; in some cases contract.
Where special category data is used for improvement: we rely on explicit consent where required, and we minimise/aggregate/anonymise where possible.
D. Legal and compliance
Purpose: respond to lawful requests, exercise or defend legal claims, comply with legal obligations.
Lawful basis: legal obligation and/or legitimate interests.
4.2 Therapists
A. Onboarding and eligibility checks
Purpose: confirm suitability to receive referrals and maintain service quality.
Lawful basis: contract; legitimate interests; and legal obligation where applicable.
B. Matching operations
Purpose: share anonymised client summaries to check fit/availability; facilitate introductions after client approval.
Lawful basis: contract and legitimate interests.
C. Administration and accounting
Purpose: invoicing, record keeping, dispute handling.
Lawful basis: contract and legal obligation.
5) How introductions work (and what we share)
5.1 Anonymised outreach first (where helpful)
To check fit and availability, we may contact therapists with an anonymised summary (for example: presenting issues, preferences, timing, format). This summary should not include your name or direct contact details.
5.2 Identifiable details only after you approve
We will only share your name and contact details with a therapist after you explicitly agree to be introduced.
5.3 Email vs WhatsApp
You can choose whether introductions happen via email or WhatsApp (where available).
If you choose WhatsApp, messages are processed by WhatsApp as an independent third-party service under their terms and privacy practices.
We only use WhatsApp introductions to facilitate the connection you requested. You can request a switch to email.
6) Who we share data with
We do not sell your personal data.
We share data only with:
6.1 Therapists (independent practitioners)
When: only after you approve an introduction (for identifiable details), or earlier only as an anonymised summary for fit/availability checks.
What: the minimum necessary information for matching/introduction.
6.2 Service providers (processors)
We use third parties to run the Service, under contracts that require appropriate security and confidentiality. Categories include:
Website/app hosting and infrastructure
Email and communications tools
Analytics and product measurement tools
AI/transcription providers (where you opt in)
Document storage (if used for operational records)
Accounting/bookkeeping tools (primarily therapist/admin side)
6.3 Professional/regulatory bodies and authorities
Only where required by law, or to exercise/defend legal claims.
7) International transfers
Some providers may process data outside the UK. Where data is transferred internationally and the destination is not covered by an adequacy decision, we use appropriate safeguards (such as the UK International Data Transfer Agreement and/or UK Addendum to EU SCCs) and, where appropriate, carry out transfer risk assessments.
You can request more information about safeguards by emailing support@aligned.co.uk.
8) Retention (how long we keep data)
We keep personal data only as long as necessary for the purposes described, including legal and operational needs.
8.1 Clients
Health/special category intake data (including transcripts/summaries where applicable): typically up to 3 years from collection, unless you withdraw consent earlier (see Section 9).
Non-health account/support data: typically up to 5 years after your last interaction, to handle follow-ups or complaints.
8.2 Therapists
Account/profile and operational records: typically up to 7 years after deactivation (to meet accounting/legal needs).
Onboarding/interview transcripts (if used): typically up to 3 years, unless you withdraw consent earlier (where consent applies).
8.3 Legal holds
We may retain limited data longer where necessary to comply with legal obligations or to establish, exercise, or defend legal claims.
9) Your rights (UK GDPR)
You have rights including:
Access (get a copy of your data)
Rectification (correct inaccurate data)
Erasure (delete data in certain circumstances)
Restriction (limit processing)
Portability (receive data in a usable format where applicable)
Objection (to processing based on legitimate interests)
Withdraw consent (where we rely on consent, including explicit consent for health data and AI/voice intake)
To exercise rights, email support@aligned.co.uk. We aim to respond within one month (extendable for complex requests).
ICO complaint right: You can complain to the Information Commissioner’s Office (ICO). We encourage you to contact us first so we can try to resolve the issue.
10) Cookies and analytics
We use cookies/local storage and analytics to operate and improve the Service.
10.1 Cookie types
Strictly necessary cookies: required for basic functionality and security.
Optional analytics cookies: used to understand website usage; only set if you opt in via the cookie banner (where implemented).
In-product analytics (post sign-up): helps us understand how registered users use the Service to improve performance and reliability. Where required, we will present choices/controls consistent with applicable law and your settings.
10.2 Managing preferences
Use the cookie settings link (where available) to adjust optional cookies.
You can also control cookies in your browser settings (may affect functionality).
11) Security
We use appropriate technical and organisational measures, such as:
Encryption in transit (TLS/SSL) and encryption at rest where appropriate
Role-based access controls and least-privilege access
Logging and monitoring for security events
Minimisation and (where possible) anonymisation of summaries used for matching
Incident response processes (including notification where legally required)
No method of transmission or storage is 100% secure, but we work to protect your information with proportionate safeguards.
12) Automated processing and profiling
We may use technology (including AI tools where you opt in) to help organise, summarise, and interpret information for matching. We do not make decisions with legal or similarly significant effects solely by automated means.
13) Third-party links
Our website may link to third-party sites. This policy does not apply to those sites.
14) Children’s data
The Service is for adults aged 18+. We do not knowingly collect personal data from children.
15) Changes to this policy
We may update this policy. The “Effective date” will change. If changes are material, we will take reasonable steps to notify users (for example via the website or email).
Contact
For privacy questions or to exercise your rights:
support@aligned.co.uk (or liam@aligned.co.uk)