Privacy Policy

Healing Journey is an independent digital self-help platform operated in the United Kingdom. We sell digital products including ebooks and email programmes focused on burnout recovery.

This privacy policy explains what personal data we collect, why we collect it, and how we handle it, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For any privacy-related question, contact us at hello@starthealingjourney.co.

We collect only what is necessary to deliver our products and services:

• First name — used to personalise the emails we send you. We do not collect your last name.
• Email address — required to confirm your registration (via a one-time sign-in link), deliver your purchase, and send the daily emails for any programme you purchase.
• Purchase record — order number, product purchased, date of purchase, and amount paid. Retained for support, refund processing, and to meet UK accounting record retention requirements (typically 6 years for VAT records and similar).
• Technical data — basic request information (IP address, browser type) is processed by our hosting and security providers (Vercel, Cloudflare) to deliver the website and protect against abuse. We do not store this data ourselves.

We do not collect your last name, full postal address, phone number, date of birth, or any special category data. We do not see or store your payment card details — payments are handled entirely by Payhip.

We use your personal data only for the following purposes:

• To authenticate your registration (sending you a one-time sign-in link via Supabase).
• To deliver the digital product(s) you purchased (PDF ebook, 30-day email journey, or both).
• To send the 30-day email journey if you purchased that programme.
• To send a small number of follow-up emails after registration or purchase, where you have consented at the point of registration (lead warm-up, ebook upsell, or related). You can unsubscribe at any time from any email.
• To respond to support or refund requests.

We do not use your data for targeted advertising, profiling, or any purpose beyond delivery and support. We do not sell, rent, or trade your data with any third party.

We process your personal data under the following lawful bases:

• Consent (UK GDPR Article 6(1)(a)) — for sending email content you have opted into during registration.
• Contract (Article 6(1)(b)) — for delivering products you have purchased.
• Legal obligation (Article 6(1)(c)) — for retaining purchase records to comply with UK tax and accounting law.

We use the following third-party services to deliver Healing Journey. Each processes your data on our behalf, governed by their own privacy policies:

• Payhip — processes payments and delivers digital purchases by email. Stores your email address, first name, last name (if you provide it at checkout), and payment confirmation. Payhip privacy policy.
• Kit (formerly ConvertKit) — sends emails (registration confirmation, the 30-day journey, and opt-in follow-ups). Stores your email and first name. Kit privacy policy.
• Supabase — provides the authentication system (email-only sign-in via one-time link) and hosts the ebook PDF for download. Stores your email address and a session cookie. Supabase privacy policy.
• Vercel — hosts the website and provides cookieless Web Analytics (aggregate page-view data, no individual tracking). Vercel privacy policy.
• Cloudflare — provides DNS and email forwarding (for the `hello@` address). Processes basic request data to deliver the site securely. Cloudflare privacy policy.

We do not share your data with any third party beyond those listed above, and never for marketing or advertising purposes.

We retain your personal data for these periods:

• Email subscription — for as long as you remain subscribed. You can unsubscribe at any time using the link at the bottom of any email; this removes you from all our email sequences.
• Purchase records — retained for up to 7 years to comply with UK tax and accounting record-keeping requirements.
• Account / authentication session — your Supabase user record persists until you request deletion. Browser session cookies are typically removed when you close your browser or after a short inactivity period.

Some of our processors are based outside the UK (notably Kit, Supabase, Vercel, and Cloudflare, which operate global infrastructure including the United States). Where data is transferred internationally, we rely on appropriate safeguards — typically Standard Contractual Clauses or equivalent — to protect your data.

Under UK GDPR you have the right to:

• Access the personal data we hold about you (Article 15).
• Request correction of inaccurate data (Article 16).
• Request deletion of your data (Article 17).
• Object to processing (Article 21).
• Request data portability in a machine-readable format (Article 20).
• Withdraw consent for email communications at any time.
• Lodge a complaint with the Information Commissioner's Office (ICO).

To exercise any of these rights, email hello@starthealingjourney.co. We will respond within 30 days. You can also unsubscribe directly from any email using the unsubscribe link at the bottom.

This website uses only technically necessary cookies (primarily for your sign-in session). See our Cookie Notice for full details.

We may update this policy from time to time. The “last updated” date at the top of this page reflects the most recent revision. Material changes will be communicated via email to active subscribers.