Stagfire Healing Privacy Policy

Privacy Policy

Last updated: 19th March 2026

This Privacy Policy explains how Stagfire Healing collects, uses, stores, and protects personal information.

It applies to information collected through this website, by email, through forms, during enquiries and bookings, and in connection with services provided by Stagfire Healing.

In this policy:

  • “I”, “me”, “my” refers to Stagfire Healing
  • “you” / “your” refers to anyone who uses this website, contacts me, books an interest call, or receives a service

If you have any questions about this Privacy Policy, please contact:
info@stagfirehealing.co.uk

1. Who I am

Stagfire Healing is a wellbeing and spiritual practice based in Edinburgh / Midlothian, Scotland.

I act as the data controller for the personal information described in this policy.

2. The information I collect

A) Website enquiries and lead information

If you contact me or book a free interest call, I may collect:

  • your name
  • your email address
  • your phone number, if you choose to provide it
  • the content of your enquiry
  • your acknowledgement that Stagfire Healing is not a health service or replacement for treatment
  • your consent to me handling your enquiry data
  • technical or referral information such as how you found the site or UTM tracking details, where available

B) Client and booking information

If you go on to work with me, I may collect:

  • contact details
  • appointment and booking information
  • payment and invoice information
  • service history and administrative records

C) Session notes, feedback, and progress records

If you receive sessions or other services, I may create and store:

  • session notes
  • practitioner notes
  • follow-up notes
  • client feedback
  • milestone feedback
  • simple self-reported pre-session and post-session scores or similar progress markers

Some of this information may amount to special category data under UK data protection law if it reveals information relating to your health, wellbeing, or similar sensitive matters.

3. How I collect information

I collect personal information when:

  • you complete a website form
  • you contact me by email
  • you book a free 15-minute interest call
  • you book or attend a session, event, or service
  • you provide feedback before, during, or after sessions

4. How I use your information

I use personal information to:

  • respond to enquiries
  • arrange and manage interest calls
  • decide whether a service is an appropriate fit
  • provide sessions or other services
  • keep records of bookings, communications, and payments
  • keep session notes, feedback, and progress records where appropriate
  • support continuity of service and reflective practice
  • review and improve the clarity, quality, and effectiveness of my services
  • carry out limited internal analysis of lead and service patterns
  • comply with legal, regulatory, tax, or insurance obligations

5. My lawful bases for processing

Depending on the context, I rely on one or more of the following lawful bases under UK GDPR:

For enquiry and booking administration

  • Legitimate interests — to respond to enquiries, manage bookings, and run the practice responsibly
  • Contract — where processing is necessary to provide an agreed service

For session notes, feedback, and progress records

  • Legitimate interests and/or contract for providing continuity, managing the service, and maintaining appropriate records
  • Explicit consent where special category data is involved or where that is the most appropriate basis for the type of information being recorded

For website analytics or non-essential cookies

  • Consent, where such tools are used

At present, if I use analytics or non-essential cookies, I will only do so with appropriate consent.

6. Where your information is stored

Personal information may be stored in a combination of:

  • secure email systems
  • website and form systems
  • internal self-hosted business administration systems
  • encrypted storage used for session notes and practitioner records

External service providers currently used

Where relevant, I use the following external providers:

  • Namecheap — website hosting, domain, and DNS services
  • Tally — website forms and lead capture
  • Proton Mail — email communications

Internal systems

I also use internal self-hosted systems for:

  • lead and booking administration
  • customer relationship management
  • invoicing and financial administration
  • internal reporting and service review

Some client feedback and simple pre-session/post-session progress markers may be stored in internal self-hosted systems for continuity, internal analysis, and service review.

Session notes and practitioner records are stored separately in encrypted storage with restricted access.

7. How long I keep your information

Personal information is not kept for longer than necessary for the purposes for which it was collected.

My current retention approach is:

  • Website enquiries that do not become clients: up to 90 days
  • Interest call and lead administration records: up to 12 months if no ongoing service is provided
  • Client contact, booking, invoice, and payment records: up to 6 years after the end of the client relationship
  • Session notes, practitioner notes, milestone feedback, and pre/post session scores: up to 6 years after the final session
  • Financial records: up to 6 years or as otherwise required for legal or tax purposes

Where information is no longer needed, it will be securely deleted or anonymised.

8. Who I share information with

I do not sell your personal information.

I may share information with trusted external providers only where necessary for running the practice, such as:

  • website and form providers
  • email providers
  • payment or invoicing services
  • accountants, insurers, legal advisers, or regulators where required

I may also disclose information if required by law, or where necessary to protect someone from serious harm.

9. Cookies and website tools

This website may use essential cookies or similar technologies necessary for website operation, security, or basic functionality.

At present, this website does not currently use non-essential analytics or advertising cookies. If that changes, this policy will be updated and any required consent mechanism will be put in place.

10. Your rights

Under UK data protection law, you may have the right to:

  • access the personal information I hold about you
  • ask for inaccurate information to be corrected
  • ask for information to be deleted in some circumstances
  • object to certain uses of your data
  • restrict certain uses of your data
  • withdraw consent where consent is the basis for processing
  • complain to the Information Commissioner’s Office (ICO)

If you want to exercise any of these rights, please email: info@stagfirehealing.co.uk

11. Data security

I take reasonable steps to protect personal information from loss, misuse, unauthorised access, disclosure, or alteration.

These steps include:

  • keeping website forms minimal
  • using passwords and access controls across the systems I use
  • storing sensitive records separately in encrypted storage
  • limiting access to personal data to what is necessary for running the practice

No method of transmission or storage is completely secure, but I aim to use tools and practices that are appropriate to the size and nature of the practice.

12. Changes to this policy

This Privacy Policy may be updated from time to time.

The latest version will always be posted on this website with the revised date shown at the top of the page.

13. Contact

If you have any questions about this Privacy Policy or how your data is handled, please contact:

Stagfire Healing
Email: info@stagfirehealing.co.uk

If you are unhappy with how your information has been handled, you also have the right to contact the Information Commissioner’s Office (ICO).