privacy policy

UNBOUND - Privacy Policy

Last updated: March 2026

Data Controller: [Your Full Name / Trading Name] trading as UNBOUND (getunbound.co.uk)

Contact: [your@email.com]

 

1. Who We Are and This Policy’s Purpose

UNBOUND is a structured recovery programme for men dealing with compulsive sexual behaviour, including pornography use. We operate at getunbound.co.uk.

This Privacy Policy explains what personal data we collect, how we use it, the legal basis for processing, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are registered with the Information Commissioner’s Office (ICO). Our ICO registration number is: [INSERT NUMBER].

2. The Data We Collect

2.1 Data You Provide Directly

•       Name and email address (account creation, course enrolment, contact forms)

•       Assessment responses (The Freedom Test) — see Section 3 below

•       Payment information (processed by Stripe; we do not store card details)

•       Communications with us via email or contact form

•       Content you submit in group cohort forms or programme check-ins

2.2 Data Collected Automatically

•       IP address and browser/device information

•       Pages visited, time on site, referral source (via Squarespace analytics)

•       Cookie data (see our Cookie Policy at getunbound.co.uk/cookies)

2.3 Special Category Data

Some of the data you provide — particularly your assessment responses and any disclosures made during the programme — may constitute special category data under UK GDPR. This includes data concerning your health, sexual life, or sexual orientation.

We process this data only with your explicit consent, and we apply the highest level of care and security to it. You may withdraw consent at any time by contacting us at [your@email.com], though withdrawal will not affect processing that took place before your withdrawal.

3. How We Use Your Data

The table below sets out each purpose for which we process your data, what data is used, and the lawful basis under UK GDPR.

 

•       Deliver the programme and course content

Data used: Name, email address, payment confirmation

Lawful basis: Contract performance

•       Triage your assessment responses to the appropriate service level

Data used: Assessment responses (special category)

Lawful basis: Explicit consent

•       Send programme communications and check-ins

Data used: Name, email address

Lawful basis: Contract performance / Legitimate interest

•       Process payments

Data used: Payment details (processed via Stripe)

Lawful basis: Contract performance

•       Respond to your enquiries

Data used: Name, email address, message content

Lawful basis: Legitimate interest

•       Improve the programme and website

Data used: Anonymised and aggregated usage data

Lawful basis: Legitimate interest

•       Fulfil safeguarding obligations

Data used: Any relevant disclosures

Lawful basis: Legal obligation / Vital interests

4. Third-Party Processors

We use the following third-party services to operate the programme. Each acts as a data processor on our instructions, and each is bound by GDPR-compliant data processing agreements:

•       Squarespace - website hosting and e-commerce (squarespace.com/privacy)

•       Typeform - assessment and quiz tool (typeform.com/help/a/gdpr)

•       Stripe - payment processing (stripe.com/gb/privacy)

•       [Email platform, e.g. Mailchimp / ConvertKit] - email communications

•       WhatsApp (Meta) - private group communications, where applicable

We do not sell, rent, or trade your personal data with any third party for marketing purposes.

5. Data Retention

We retain your data only for as long as is necessary for the purpose it was collected, or as required by law. Our standard retention periods are:

•       Course enrolment and account data: 6 years after your last interaction (UK tax and legal requirement)

•       Assessment responses: 12 months, unless you request earlier deletion

•       Payment records: 6 years (HMRC requirement)

•       Safeguarding-related records: 10 years minimum, or as required by law

•       Email communications: 2 years

 You may request deletion of your data at any time (subject to legal retention obligations) by emailing [your@email.com].

6. Data Security

We take reasonable technical and organisational measures to protect your data. These include:

•       Encrypted transmission (HTTPS/TLS) for all data in transit

•       Access controls limiting who within UNBOUND can view personal data

•       Use of reputable, GDPR-compliant third-party processors

No method of transmission or storage is 100% secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the ICO as required by law.

7. Your Rights Under UK GDPR

You have the following rights in relation to your personal data. To exercise any of them, email [your@email.com]. We will respond within 30 days.

•       Right of access - request a copy of the personal data we hold about you

•       Right to rectification - ask us to correct inaccurate or incomplete data

•       Right to erasure (“right to be forgotten”) - ask us to delete your data, subject to legal retention obligations

•       Right to restriction - ask us to pause processing of your data in certain circumstances

•       Right to data portability - receive your data in a structured, machine-readable format

•       Right to object - object to processing carried out on the basis of legitimate interest

•       Right to withdraw consent - where processing is based on your consent, withdraw it at any time without affecting the lawfulness of prior processing

 If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.

8. International Transfers

Some of our third-party processors may transfer or store data outside the UK or EEA. Where this occurs, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or reliance on adequacy decisions. Details of the specific transfer mechanisms used by each processor are available on request.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted at getunbound.co.uk/privacy with an updated effective date. Continued use of our services after changes are posted constitutes your acceptance of the updated policy. We will notify you of any material changes by email where we are able to do so.

 

Questions about this policy? Email us at [your@email.com]