This policy explains clearly what personal data Baseline Coaching collects, why, and how it is protected. If you have any questions, email sam@baselinecoaching.co.uk.
Who we are
Data controller: Sam [Surname], trading as Baseline Coaching.
ICO Registration number: [Your ICO registration number]
Contact: sam@baselinecoaching.co.uk
Baseline Coaching is a psychology-informed NLP coaching practice operating online, UK-wide and internationally.
What data we collect and why
We collect only what is needed to deliver the Baseline Reset coaching programme and communicate with you about it.
| Data | Why we collect it | Lawful basis |
|---|---|---|
| Name and email address | To create your programme account and communicate with you | Contract |
| Baseline Index™ assessment responses | To generate your Baseline Score and inform your programme | Explicit consent |
| Weekly workbook entries and reflection responses | To deliver the programme and allow your coach to review your progress before sessions | Explicit consent |
| Baseline Operating System™ content | To build your personalised programme deliverable | Explicit consent |
| Programme progress (which weeks completed) | To track your journey and unlock subsequent weeks | Contract |
Assessment responses, workbook entries, and Operating System content may contain information about your mental wellbeing, identity, and personal history. Under UK GDPR, this is treated as sensitive personal data. We only process it with your explicit, informed consent, which you give when you first log into the client portal.
Public assessment
If you complete the free Baseline Index™ assessment on this website without logging in, your responses are used only to calculate and display your score in your browser. Nothing is stored on our servers. The score lives only on your screen for that session.
We ask for your consent before you begin, in the form of a checkbox confirming you understand this use.
Where your data is stored
All client portal data — your account, workbook entries, and programme progress — is stored on servers located in London, United Kingdom (Amazon Web Services eu-west-2 region), managed by Supabase.
Your data never leaves UK jurisdiction. Supabase is ISO 27001 and SOC 2 Type 2 certified, and we have signed a Data Processing Agreement with them as required by UK GDPR.
Who has access to your data
- You — you can read and edit your workbook and Operating System content at any time via the client portal.
- Your coach (Sam) — read-only access to your workbook entries and progress, to prepare for your sessions. Your coach cannot edit your entries.
- No one else — your data is not shared with, sold to, or seen by any third party. Each client's data is technically isolated from all other clients.
How long we keep your data
Your account and all associated data is retained for two years after your programme ends. After that, Sam will delete your account and data from the system.
If you request deletion before that period, we will action it within 30 days (see Your Rights below).
Security
We take the security of your data seriously, particularly given the personal nature of what you may write in the programme. Measures in place include:
- All data encrypted in transit (HTTPS) and at rest
- Database-level access controls — your data is technically inaccessible to other clients
- Sessions expire automatically after 30 minutes of inactivity to protect shared-device use
- Passwords are never stored in plain text
Data breaches
In the unlikely event of a data breach affecting your personal data, we will notify you and the Information Commissioner's Office (ICO) within 72 hours of becoming aware of it, as required by UK GDPR.
Your rights
Under UK GDPR, you have the right to:
- Access — request a copy of all personal data we hold about you
- Correction — ask us to correct inaccurate data
- Erasure — ask us to delete your data (the "right to be forgotten")
- Portability — receive your data in a portable format
- Withdraw consent — you can withdraw your consent to process sensitive data at any time; this will mean we can no longer deliver the programme to you
- Object — object to how we process your data
To exercise any of these rights, email sam@baselinecoaching.co.uk. We will respond within 30 days.
Cookies
The Baseline Coaching website and client portal do not use tracking cookies or third-party analytics. The client portal stores your login session using browser localStorage — this is a technical necessity for keeping you logged in, and it stays on your device only.
Third-party links
The website contains links to Cal.com (for booking) and Zoom (for sessions). These services have their own privacy policies which we encourage you to review. We are not responsible for the privacy practices of third-party services.
How to complain
If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Telephone: 0303 123 1113
We would appreciate the opportunity to address any concern directly before you contact the ICO — please email us first.
Changes to this policy
We may update this policy from time to time. When we do, we will update the "last updated" date at the top of this page. If changes are significant, active programme clients will be notified by email.