Skip to main content

Privacy Policy

Last updated: 11 July 2026

This Privacy Policy explains how Therapyway collects, uses, stores and shares personal data when you visit therapyway.co.uk, use the Therapyway app, or contact us. As a platform that connects people with independent therapists, we handle sensitive information carefully and in line with UK GDPR and the Data Protection Act 2018. Read this together with our Cookie Policy, which covers cookies specifically, and our Trust Centre, which covers security in more detail.

Who we are

Therapyway is run by Therapyway Ltd, a company registered in England and Wales (company number 16512786), based at Office 8161, 321-323 High Road, Chadwell Heath, Essex, RM6 6AX, United Kingdom. We are the data controller for the personal data described in this policy. You can reach us at contact@therapyway.co.uk, or see the Contact section below.

Children and family use

Therapyway is not intended for independent use by anyone under 18. A parent or guardian may use the platform on behalf of, or together with, a child, for example to find and book a children's occupational therapy, speech and language therapy, or physiotherapy service. Where a booking involves a child, the parent or guardian is responsible for the accuracy of the information provided and for supervising the child's use of any messaging or app features.

What we collect

When you use the site or app, sign up, or get in touch, we may collect the following types of personal data:

  • Identity and contact data: your name, email address, phone number if you give it, and organisation name if relevant.
  • Professional data, for therapists: HCPC registration details, other professional body memberships such as BACP or UKCP, qualifications, and the information in your published profile.
  • Health-related data: if anything you share with us, for example in a sign-up or enquiry form, indicates a health condition or the kind of therapy you are looking for, we treat it as special category data under UK GDPR.
  • Technical data: your IP address, browser type, device and operating system, and similar information collected automatically when you use the site.
  • Usage data: how you use the site, such as pages viewed and navigation paths, mostly collected in aggregate.
  • Anything else you choose to share with us directly, for example through a form or an email.

We only collect what we need for the purposes set out in this policy. Some information, such as your name and contact details, is needed to create an account or make a booking; without it we will not be able to provide that part of the service.

How we use your information

We use your personal data for specific purposes, and we need a lawful basis under UK GDPR for each one. For special category data, such as health data, we also need an additional condition under Article 9.

  • To respond to your questions and manage your account, relying on performance of a contract with you or our legitimate interest in supporting users.
  • To help connect clients with verified therapists, including checking a therapist's HCPC registration and understanding what a client is looking for. For special category health data, we rely on the UK GDPR Article 9(2)(h) condition for health or social care purposes, alongside the Data Protection Act 2018.
  • To improve the site and app, using aggregate usage data, relying on our legitimate interest in developing the platform.
  • To send service messages, such as account or booking-related updates, relying on performance of a contract or our legitimate interest in keeping the service running.
  • To meet legal obligations, such as responding to a lawful request from a regulator or public authority.

We do not sell your personal data, and we do not share it with third parties for their own marketing without your consent.

Who we share your data with

We share personal data only where it is needed to run the platform, with the following categories of recipients:

  • The therapist you contact or book: making a booking or sending a message shares relevant information, such as your name and the details of your enquiry, with that therapist.
  • Public therapist profiles: if you are a therapist, your profile information, such as your name, photo, qualifications and specialties, is published on pages that anyone can view, including without an account, so that clients can find and compare therapists. This does not apply to clients.
  • Our cloud hosting and infrastructure providers, including Amazon Web Services (AWS), which we use to host the platform, manage sign-in, and store data securely.
  • Our payment provider, Stripe, to process payments for bookings. We do not store your full card details ourselves.
  • Analytics providers, Google Analytics and PostHog, only if you consent to analytics cookies on our marketing website. See our Cookie Policy for detail.
  • Regulators, law enforcement or other authorities, where we are legally required to share information with them.

We put data processing terms in place with providers who handle personal data on our behalf, and we only work with providers who meet an appropriate standard of security.

Data security

We take reasonable steps to keep your data secure, including encrypting traffic between your device and our servers, limiting internal access to personal data to people who need it, and using reputable hosting providers. Security is ongoing work rather than a fixed state, and we review our practices as the platform grows. For more detail on our security approach, including what is already in place and what we are working towards, see our Trust Centre at therapyway.co.uk/trust.

International data transfers

Some of the tools we use, including our analytics providers, are based outside the UK, for example in the United States. Where we transfer personal data outside the UK, we put appropriate safeguards in place, such as the UK's International Data Transfer Addendum or equivalent standard contractual clauses, so your data stays protected to a UK standard.

Data retention

We keep personal data only for as long as we need it for the purpose it was collected, including to meet legal, accounting or regulatory requirements. When we no longer need it, we delete or anonymise it.

  • Enquiry and sign-up data where no ongoing account is used is kept for a limited period and then deleted, unless we need to keep it longer for a legal reason.
  • Data tied to an active account, including anything health-related you have shared with us, is kept for as long as your account is active and for a reasonable period afterwards, in line with our legal obligations. Clinical records themselves are kept by the therapist you book, not by Therapyway.
  • We may keep anonymised data, which can no longer identify you, for longer, for example to understand trends and improve the platform.

Your UK GDPR rights

Under UK GDPR you have a number of rights over your personal data:

  • Access: to ask for a copy of the personal data we hold about you.
  • Rectification: to ask us to correct inaccurate or incomplete data.
  • Erasure: to ask us to delete your data where there is no good reason for us to keep it.
  • Restriction: to ask us to limit how we use your data in certain circumstances.
  • Portability: to receive your data in a structured, commonly used format, or have it sent to another provider.
  • Objection: to object to processing based on our legitimate interests or for direct marketing.
  • Rights around automated decisions: to not be subject to a decision based solely on automated processing that has a legal or similarly significant effect on you, except in limited circumstances.
  • Withdrawing consent: where we rely on your consent, to withdraw it at any time, without affecting anything we did before you withdrew it.
  • Complaining to us directly: you can complain to us about how we have handled your data using the details in the Contact section below. We accept complaints by any reasonable means, including email, and we aim to acknowledge your complaint within 30 days and keep you updated while we look into it.
  • Complaining to the regulator: if you are unhappy with how we have handled your data, you can also complain to the Information Commissioner's Office (ICO) at ico.org.uk, though we would appreciate the chance to put things right first.

To exercise any of these rights, contact us using the details in the Contact section below. We may need to verify your identity first, and we aim to respond within one month. We do not currently make any decision about you based solely on automated processing, without a person reviewing it.

Cookies and analytics

We use cookies and similar technologies, including Google Analytics and PostHog, to understand how the site is used and to improve it. Non-essential cookies only run if you consent through our cookie banner. See our Cookie Policy for the full detail on what we use and how to manage your preferences.

Third-party services and integrations

We use, or plan to use, the following third-party services as part of running the platform.

  • Google Calendar sync (not live yet): we plan to offer an optional feature so you can see your Therapyway appointments alongside your other events. Connecting your Google Calendar will be optional and will need your explicit permission. Once live, we will read your calendar events to check for scheduling conflicts, create calendar events for your confirmed bookings, and access your calendar list so you can choose which calendar to sync to. We will use the Google Calendar API in accordance with the Google API Services User Data Policy, including the Limited Use requirements. We will not share your calendar data with third parties, use it for advertising, or store calendar event content beyond what scheduling needs. We will update this policy with the full detail before the feature goes live.
  • Payment processing: we use Stripe to process payments for bookings. Your payment details are handled directly by Stripe in accordance with Stripe's own privacy policy and PCI-DSS standards. We do not store your full card details on our servers.

Compliance and safeguarding

Only HCPC-registered therapists can publish a profile and take bookings on Therapyway. Clinical care, clinical records, confidentiality and safeguarding within a therapy relationship are the therapist's responsibility, not ours. Therapyway is not a healthcare provider and does not provide therapy, clinical care or medical advice. For more on how we think about trust, safeguarding and security, see our Trust Centre at therapyway.co.uk/trust.

Changes to this policy

We may update this Privacy Policy from time to time, for example if we add a new feature, start using a new service, or the law changes. When we do, we will update the date at the top of this page. Where a change is significant, such as a new way we use your data, we will take reasonable steps to let you know, for example through the app or by email, rather than relying on this page alone.

Contact

If you have questions or concerns about this Privacy Policy, our Cookie Policy, or how your data is handled, please get in touch. If you want to exercise any of your UK GDPR rights, use the same details.

For security purposes, we may need to verify your identity before responding to requests about your personal data.

Therapyway Ltd

Email: contact@therapyway.co.uk