Privacy Policy for Aligned Therapy

Effective date: 13 January 2026

This Privacy Policy explains how Aligned Therapy Ltd, trading as Aligned / Aligned Therapy (“Aligned”, “we”, “us”, “our”) collects, uses, shares, and protects personal data when you use our therapy-matching and introduction service (the “Service”). It applies to both Clients and Therapists.

This policy should be read alongside our Terms of Service.

Summary (plain English)

What we collect

  • Contact details and basic profile info

  • Therapy-matching intake information (which may include health information)

  • Preferences and practical constraints (budget, availability, location, format)

  • Communications and transcripts (where you choose to use voice/AI intake or contact us)

  • Limited technical data (device, IP address, cookies—where enabled)

Why we collect it

  • To provide matching and introductions to independent therapists

  • To operate, secure, and improve the Service

  • To provide support and handle complaints

  • To meet legal, tax, and regulatory obligations (where relevant)

Who we share with

  • Independent therapists (only after you approve an introduction, and only what’s necessary)

  • Service providers who help us run the Service (e.g., hosting, email, analytics, AI/transcription) under contract

  • Authorities only where legally required

How long we keep it

  • Typically 3 years for client health/intake data (unless you withdraw consent earlier)

  • Typically 5 years for non-health client account/support data

  • Typically 7 years for therapist account/financial records

Your rights

  • Access, correction, deletion, restriction, objection, portability, and withdrawal of consent (where we rely on consent)

1) Who we are (Data Controller) and how to contact us

Data Controller: Aligned Therapy Ltd (England and Wales)
Registered office: Flat 604, Adansbeck Court, 35 Rookwood Way, London, E3 2XT

Contact (privacy and data requests):

  • Email: support@aligned.co.uk

  • Alternative: liam@aligned.co.uk

If you contact us, we may need to verify your identity before actioning a request.

2) What data we collect

We group data into categories so we can evolve forms and processes without constantly rewriting the policy.

2.1 Client data (examples)

A. Identity & contact

  • Name, email, phone number

B. Matching intake (may include special category/health data)

  • What you want help with, relevant history (if you choose to share it), therapy goals

  • Risk flags you volunteer (e.g., “I feel unsafe”) – note: we are not a crisis service

C. Preferences & constraints

  • Budget, availability, location, online/in-person preference

  • Therapist preferences (e.g., style, experience)

D. Communications

  • Messages you send us and we send you

  • Where you choose WhatsApp introductions, the content you exchange with us in WhatsApp threads/groups we set up

E. Voice/AI intake and transcripts (where you opt in)

  • Audio recordings (if enabled), transcripts, summaries, and metadata (time/date, duration)

F. Technical and usage

  • IP address, device/browser information, approximate location (derived from IP), log data

  • Cookie and analytics data where enabled (see Cookies section)

2.2 Therapist data (examples)

A. Identity & contact

  • Name, professional email, phone, practice details

B. Professional credentials

  • Professional body memberships/registration details, qualifications, insurance confirmation (as applicable)

C. Practice info

  • Modalities, fees, availability, client groups, working preferences

D. Communications and onboarding

  • Messages with us; onboarding/interview notes or transcripts (where used)

E. Financial/administrative

  • Invoicing and accounting records (where relevant)

3) Where data comes from

  • Directly from you (forms, calls, voice/AI intake, emails/WhatsApp)

  • From therapists (their profile information and responses)

  • From public sources (limited checks where relevant, such as professional registers or public websites)

  • From your device/browser (technical logs, cookies—where enabled)

4) Why we use your data and our lawful bases

UK GDPR requires a lawful basis. Where we process health data (special category data), we also need an additional condition.

4.1 Clients

A. Provide the matching and introduction service

  • Purpose: collect intake information, assess preferences/constraints, identify potential therapist matches, and (if you approve) introduce you.

  • Lawful basis (Article 6): contract (to provide the Service you request) and/or legitimate interests (to run a safe, effective matching process).

  • Special category condition (Article 9): explicit consent for health/special category data where required.

B. AI/voice intake (where you opt in)

  • Purpose: capture, transcribe and summarise your responses to support matching and service delivery.

  • Lawful basis (Article 6): contract and/or legitimate interests.

  • Article 9: explicit consent where health data is involved.

  • Note: we request AI/voice consent separately before you use the voice/AI experience.

C. Support, quality, and improvement

  • Purpose: customer support, troubleshooting, preventing misuse, improving match quality (including review of anonymised summaries or transcripts where permitted).

  • Lawful basis: legitimate interests; in some cases contract.

  • Where special category data is used for improvement: we rely on explicit consent where required, and we minimise/aggregate/anonymise where possible.

D. Legal and compliance

  • Purpose: respond to lawful requests, exercise or defend legal claims, comply with legal obligations.

  • Lawful basis: legal obligation and/or legitimate interests.

4.2 Therapists

A. Onboarding and eligibility checks

  • Purpose: confirm suitability to receive referrals and maintain service quality.

  • Lawful basis: contract; legitimate interests; and legal obligation where applicable.

B. Matching operations

  • Purpose: share anonymised client summaries to check fit/availability; facilitate introductions after client approval.

  • Lawful basis: contract and legitimate interests.

C. Administration and accounting

  • Purpose: invoicing, record keeping, dispute handling.

  • Lawful basis: contract and legal obligation.

5) How introductions work (and what we share)

5.1 Anonymised outreach first (where helpful)

To check fit and availability, we may contact therapists with an anonymised summary (for example: presenting issues, preferences, timing, format). This summary should not include your name or direct contact details.

5.2 Identifiable details only after you approve

We will only share your name and contact details with a therapist after you explicitly agree to be introduced.

5.3 Email vs WhatsApp

You can choose whether introductions happen via email or WhatsApp (where available).

  • If you choose WhatsApp, messages are processed by WhatsApp as an independent third-party service under their terms and privacy practices.

  • We only use WhatsApp introductions to facilitate the connection you requested. You can request a switch to email.

6) Who we share data with

We do not sell your personal data.

We share data only with:

6.1 Therapists (independent practitioners)

  • When: only after you approve an introduction (for identifiable details), or earlier only as an anonymised summary for fit/availability checks.

  • What: the minimum necessary information for matching/introduction.

6.2 Service providers (processors)

We use third parties to run the Service, under contracts that require appropriate security and confidentiality. Categories include:

  • Website/app hosting and infrastructure

  • Email and communications tools

  • Analytics and product measurement tools

  • AI/transcription providers (where you opt in)

  • Document storage (if used for operational records)

  • Accounting/bookkeeping tools (primarily therapist/admin side)

6.3 Professional/regulatory bodies and authorities

  • Only where required by law, or to exercise/defend legal claims.

7) International transfers

Some providers may process data outside the UK. Where data is transferred internationally and the destination is not covered by an adequacy decision, we use appropriate safeguards (such as the UK International Data Transfer Agreement and/or UK Addendum to EU SCCs) and, where appropriate, carry out transfer risk assessments.

You can request more information about safeguards by emailing support@aligned.co.uk.

8) Retention (how long we keep data)

We keep personal data only as long as necessary for the purposes described, including legal and operational needs.

8.1 Clients

  • Health/special category intake data (including transcripts/summaries where applicable): typically up to 3 years from collection, unless you withdraw consent earlier (see Section 9).

  • Non-health account/support data: typically up to 5 years after your last interaction, to handle follow-ups or complaints.

8.2 Therapists

  • Account/profile and operational records: typically up to 7 years after deactivation (to meet accounting/legal needs).

  • Onboarding/interview transcripts (if used): typically up to 3 years, unless you withdraw consent earlier (where consent applies).

8.3 Legal holds

We may retain limited data longer where necessary to comply with legal obligations or to establish, exercise, or defend legal claims.

9) Your rights (UK GDPR)

You have rights including:

  • Access (get a copy of your data)

  • Rectification (correct inaccurate data)

  • Erasure (delete data in certain circumstances)

  • Restriction (limit processing)

  • Portability (receive data in a usable format where applicable)

  • Objection (to processing based on legitimate interests)

  • Withdraw consent (where we rely on consent, including explicit consent for health data and AI/voice intake)

To exercise rights, email support@aligned.co.uk. We aim to respond within one month (extendable for complex requests).

ICO complaint right: You can complain to the Information Commissioner’s Office (ICO). We encourage you to contact us first so we can try to resolve the issue.

10) Cookies and analytics

We use cookies/local storage and analytics to operate and improve the Service.

10.1 Cookie types

  • Strictly necessary cookies: required for basic functionality and security.

  • Optional analytics cookies: used to understand website usage; only set if you opt in via the cookie banner (where implemented).

  • In-product analytics (post sign-up): helps us understand how registered users use the Service to improve performance and reliability. Where required, we will present choices/controls consistent with applicable law and your settings.

10.2 Managing preferences

  • Use the cookie settings link (where available) to adjust optional cookies.

  • You can also control cookies in your browser settings (may affect functionality).

11) Security

We use appropriate technical and organisational measures, such as:

  • Encryption in transit (TLS/SSL) and encryption at rest where appropriate

  • Role-based access controls and least-privilege access

  • Logging and monitoring for security events

  • Minimisation and (where possible) anonymisation of summaries used for matching

  • Incident response processes (including notification where legally required)

No method of transmission or storage is 100% secure, but we work to protect your information with proportionate safeguards.

12) Automated processing and profiling

We may use technology (including AI tools where you opt in) to help organise, summarise, and interpret information for matching. We do not make decisions with legal or similarly significant effects solely by automated means.

13) Third-party links

Our website may link to third-party sites. This policy does not apply to those sites.

14) Children’s data

The Service is for adults aged 18+. We do not knowingly collect personal data from children.

15) Changes to this policy

We may update this policy. The “Effective date” will change. If changes are material, we will take reasonable steps to notify users (for example via the website or email).

Contact

For privacy questions or to exercise your rights:
support@aligned.co.uk (or liam@aligned.co.uk)