Privacy Policy

Last updated: April 2026

The Untrained Leader ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

The Untrained Leader is a sole trader operating in the United Kingdom, providing coaching, guidance, and consultancy services. If you have questions about this policy, you can contact us at: [YOUR EMAIL ADDRESS]

2. What Data We Collect

We may collect the following personal information:

• Name and email address (when you contact us or book a session)
• Message content (when you submit our contact form)
• Payment information (processed securely by Stripe — we never see or store your card details)
• Session notes (taken with your consent during coaching sessions)
• Website usage data (via cookies — see our Cookie Policy)

3. How We Use Your Data

We use your personal data to:

• Respond to your enquiries and book sessions
• Deliver coaching, guidance, and consultancy services
• Process payments through Stripe
• Send you resources you've requested
• Improve our website and services

We will never sell, rent, or share your personal data with third parties for marketing purposes.

4. Legal Basis for Processing

Under UK GDPR, we process your data on the following lawful bases:

• Consent — when you submit the contact form or subscribe to updates
• Contract — when we need your data to deliver a service you've paid for
• Legitimate interest — to improve our website and services

5. Payment Processing

All payments are processed securely by Stripe. We do not collect, store, or have access to your full credit or debit card details. Stripe's privacy policy can be found at stripe.com/privacy.

6. How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy. Specifically:

• Contact form submissions: 12 months
• Session records and notes: 24 months after your last session
• Payment records: 6 years (as required by HMRC for tax purposes)
• Email subscriptions: until you unsubscribe

7. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data ("right to be forgotten")
• Withdraw consent at any time
• Request a copy of your data in a portable format
• Object to processing based on legitimate interest
• Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

To exercise any of these rights, please email us at [YOUR EMAIL ADDRESS].

8. Data Security

We take reasonable technical and organisational measures to protect your personal data from unauthorised access, loss, or misuse. Our website uses HTTPS encryption, and payment processing is handled by PCI-compliant third parties.

9. Third-Party Services

We use the following third-party services that may process your data:

• Stripe — payment processing
• Google Fonts — web fonts (may collect anonymised usage data)

10. Changes to This Policy

We may update this policy from time to time. The latest version will always be available on this page with the date of last update shown above.