Privacy Policy

Last updated: 30 March 2026

Elvara Ltd (trading as Ellvara) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website (www.laurenlepley.com) or engage our services.

ICO registration: We are registered with the Information Commissioner's Office (ICO). Registration number: [ICO REGISTRATION NUMBER].

Data controller: Elvara Ltd, Custom House, 9 The Strand, Barnstaple, North Devon, EX31 1EU. Email: hello@laurenlepley.com.

1. What personal data we collect

We may collect the following types of personal data depending on how you interact with us:

When you visit our website: Your IP address, browser type, device information, pages visited, and time spent on the site. This data is collected automatically through cookies and analytics tools used by our website platform (Squarespace).

When you enquire about our services: Your name, email address, phone number, and any information you provide in your enquiry or through forms on our website or landing pages.

When you book a discovery call or session: Your name, email address, and scheduling preferences via our booking platform.

When you become a client: Your name, postal address, email address, phone number, payment details (processed securely via Stripe or by bank transfer), session notes, programme records, and any health or personal information you share during sessions.

When you subscribe to our mailing list: Your name and email address.

When you communicate with us between sessions: Any information you share via email, WhatsApp, Voxer, or Telegram.

2. How we use your personal data

We use your personal data for the following purposes: to deliver our coaching, consulting, mentoring, and somatic support services; to manage your programme, schedule sessions, and provide between-session support; to process payments and send invoices; to communicate with you about your programme, bookings, and any changes to our services; to send marketing communications where you have opted in; to improve our website and services; and to comply with legal and regulatory obligations.

3. Legal basis for processing

Under the UK GDPR, we rely on the following legal bases:

Contract: Where processing is necessary to deliver services you have engaged us for, or to take steps at your request before entering into a contract (e.g. discovery calls, onboarding).

Legitimate interests: Where processing is necessary for our legitimate business interests, such as improving our services, managing client relationships, and administering our business, provided these interests do not override your rights.

Consent: Where you have given clear consent for us to process your data for a specific purpose, such as subscribing to our mailing list or agreeing to session recordings as part of case study participation. You may withdraw consent at any time by contacting us at hello@laurenlepley.com.

Legal obligation: Where we are required by law to process your data (e.g. tax and accounting obligations).

4. Special category data

Some of our services (particularly somatic support and nervous system work) may involve the processing of special category data, including information about your physical or mental health. This data is processed on the basis of your explicit consent, which is obtained as part of the Client Agreement and onboarding process. You may withdraw this consent at any time, though this may affect our ability to deliver certain services.

5. How we store and protect your data

Your personal data is stored securely using appropriate technical and organisational measures. Client records, session notes, and programme documents are stored in password-protected systems (including Google Workspace). Payment card information is processed securely through Stripe and is not stored on our systems. Messages sent via WhatsApp, Voxer, and Telegram are stored within those platforms and subject to their respective security measures. We take reasonable steps to protect your data from unauthorised access, loss, or misuse.

6. How long we retain your data

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

Client records, invoices, and programme data are retained for 6 years after the end of the engagement, in line with HMRC requirements and limitation periods under English law.

Marketing data (e.g. mailing list subscribers) is retained until you unsubscribe or request deletion.

Website analytics data is retained in accordance with the retention settings of the relevant platform (Squarespace).

Session recordings (where applicable under a Case Study Addendum) are retained for the duration of the relevant qualification or professional development process and deleted within 12 months of completion.

Messages exchanged via WhatsApp, Voxer, and Telegram are retained for the duration of the client engagement and deleted within 12 months of the programme ending, unless required for legal or regulatory purposes.

7. Third parties we share data with

We may share your personal data with the following third-party service providers, who process data on our behalf:

Squarespace for website hosting and analytics (squarespace.com/privacy).

Go High Level for client relationship management, forms, and marketing automation (gohighlevel.com/privacy-policy).

Stripe for payment processing (stripe.com/privacy).

Zoom for online session delivery (zoom.us/privacy).

Calendly for scheduling (calendly.com/privacy).

Mailchimp for email marketing communications (mailchimp.com/legal/privacy).

Google Workspace including Google Docs, for client document management and programme tracking (policies.google.com/privacy).

WhatsApp (operated by Meta) for client messaging (whatsapp.com/legal/privacy-policy).

Voxer for client voice messaging (voxer.com/privacy).

Telegram for client messaging (telegram.org/privacy).

We do not sell your personal data to any third party. We will only share your data with third parties where it is necessary to deliver our services, where we have a legal obligation to do so, or where you have given your consent.

8. International data transfers

Some of the third-party services we use (including Zoom, Stripe, Mailchimp, Google, WhatsApp, Voxer, and Telegram) may transfer your data outside of the UK. Where this happens, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the relevant authorities, to protect your data in accordance with UK data protection law.

9. Cookies

Our website uses cookies and similar technologies. Cookies are small text files placed on your device when you visit our website.

Essential cookies are necessary for the website to function and cannot be switched off.

Analytics cookies help us understand how visitors use the website. Our website platform (Squarespace) uses its own analytics tools. You can manage your cookie preferences through your browser settings.

We do not use advertising or tracking cookies.

10. Your rights

Under the UK GDPR, you have the following rights in relation to your personal data:

Right of access: You can request a copy of the personal data we hold about you.

Right to rectification: You can ask us to correct any inaccurate or incomplete data.

Right to erasure: You can ask us to delete your personal data where there is no compelling reason for us to continue processing it.

Right to restrict processing: You can ask us to suspend processing of your data in certain circumstances.

Right to data portability: You can request that we transfer your data to another organisation or directly to you, in a structured, commonly used format.

Right to object: You can object to the processing of your personal data where we are relying on legitimate interests as the legal basis.

Right to withdraw consent: Where we are processing your data based on consent, you may withdraw that consent at any time.

To exercise any of these rights, please contact us at hello@laurenlepley.com. We will respond to your request within one month.

11. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk

Telephone: 0303 123 1113

Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would appreciate the opportunity to address any concerns directly before you contact the ICO, so please reach out to us first at hello@laurenlepley.com.

12. Changes to this privacy policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. Where changes are significant, we will make reasonable efforts to notify you directly (for example, by email).

13. Contact

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at hello@laurenlepley.com.