Stories · The Work · Experiences · Community

Privacy Policy

Last updated: May 2026

1. Who We Are

Anna Lou Wellness is a sole trader based in London, United Kingdom, operated by Anna Lou Scaife. When we refer to “we”, “us”, or “our” in this policy, we mean Anna Lou Wellness. Our website is annalouwellness.com. For data protection enquiries, contact: hello@annalouwellness.com.

2. Information We Collect

We may collect the following personal data:

  • Identity data: Name, email address, phone number
  • Contact data: Postal address (for product orders)
  • Transaction data: Purchase history, payment method (card details are processed by Stripe and never stored on our servers)
  • Coaching data: Notes from coaching sessions (stored securely and confidentially)
  • Subscription data: Email address when you subscribe to our Substack newsletter
  • Technical data: IP address, browser type, device information, pages visited (collected via analytics)
  • Quiz/form data: Responses to wellness quizzes or enquiry forms

3. How We Use Your Information

We use your data to:

  • Process orders, payments, and shipping
  • Deliver coaching sessions and programme materials
  • Manage your Reset Room membership
  • Respond to enquiries and provide customer support
  • Send order confirmations and shipping updates
  • Deliver newsletter content (via Substack, only if you subscribe)
  • Improve our website and services through anonymous analytics

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

  • Contract: To fulfil orders, deliver services, and manage memberships
  • Consent: For newsletter subscriptions and non-essential cookies
  • Legitimate interest: To improve our services and website experience
  • Legal obligation: To comply with tax and accounting requirements

5. Third-Party Services

We use the following third-party services that may process your data:

  • Stripe: Secure payment processing (PCI DSS compliant)
  • Substack: Newsletter delivery and email subscriptions
  • YouTube: Embedded video content (mantra videos)
  • Cloudinary: Image hosting and delivery
  • Vercel/Coolify: Website hosting
  • Instagram, Facebook, YouTube: Social media links (no tracking until you click)

Each service operates under its own privacy policy. We encourage you to review their policies directly.

6. Cookies

Our website uses the following cookies:

  • Essential cookies: Session management, cart storage, cookie consent preference — required for the site to function
  • Analytics cookies: Anonymous usage data to understand how visitors use the site (optional, consent-based)

You can decline non-essential cookies via the banner shown on your first visit. You can also manage cookies through your browser settings at any time.

7. Your Rights (GDPR)

Under the UK GDPR, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data (“right to be forgotten”)
  • Restriction: Request we limit how we use your data
  • Portability: Request your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Unsubscribe from newsletters or withdraw cookie consent at any time

To exercise any of these rights, email: hello@annalouwellness.com. We will respond within 30 days.

8. Data Retention

  • Order data: Retained for 6 years (UK tax law requirement)
  • Coaching session notes: Retained for 12 months after last session, then securely deleted
  • Enquiry form data: Retained for 12 months
  • Newsletter subscribers: Until you unsubscribe
  • Analytics data: Anonymised, retained for 26 months

You may request deletion at any time, subject to our legal obligations.

9. Data Security

We use SSL/HTTPS encryption across our entire website. Payment data is handled by Stripe (PCI DSS Level 1 certified) and is never stored on our servers. Access to personal data is restricted to authorised individuals only. In the unlikely event of a data breach, we will notify affected individuals and the ICO within 72 hours as required by GDPR.

10. Children’s Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. We encourage you to review this policy periodically.

12. Contact & Complaints

For questions about this privacy policy or to exercise your data rights:
hello@annalouwellness.com

If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO): ico.org.uk

This is a template privacy policy. Please have it reviewed by a legal professional before publishing.

We use cookies to improve your experience. By continuing to visit this site, you agree to our use of cookies. Privacy Policy