Privacy & Cookies

Last updated: April 2026

Your privacy matters to me. This notice explains, in plain English, what personal information I collect, how I use it, and how I keep it safe. If anything is unclear, please get in touch.

How your data is protected

All your information is protected by encryption, the same technology used by banks and the NHS. Encryption scrambles your data so that even if someone intercepted it, they would see nothing but meaningless characters. Without the encryption key, the data cannot be read.

Your information is encrypted when it travels between your device and my systems, and encrypted again where it is stored.

Only I have access to your records in the normal course of my practice. No one else can browse or search your data.

Cookies and tracking

I do not use cookies or tracking technology on this website. Your browsing is private to you; I have no interest in monitoring how you use this site.

When you use the practice app, it uses a session cookie solely to keep you logged in. This is strictly necessary and does not track your activity.

What information I collect

Depending on how you interact with me, I may collect:

Contact details — your name, email address, phone number, and home address
Appointment information — dates, times, and session type
Clinical information — the reason you are seeking therapy, session notes, and any homework or exercises we agree on
Communication records — summaries of our email correspondence
Session recordings and transcripts — with your consent, I may record sessions and produce transcripts to support your ongoing care
Payment information — transaction records and amounts (your card details are handled securely by Stripe and are never stored on my systems)
GP or referral details — if relevant to your care

Some of this information, particularly anything relating to your sexual health or intimate relationships, is classed as “special category” data under data protection law and receives extra protection.

Why I collect it

Purpose	Lawful basis
Providing therapy and maintaining clinical records	Necessary for healthcare provision (UK GDPR Article 9(2)(h), DPA 2018 Schedule 1)
Managing appointments and communications	Legitimate interests in running my practice
Processing payments	Performance of our contract
Meeting professional and regulatory obligations	Legal obligation and legitimate interests

For special category data (anything relating to your sexual health or therapy), I rely on the healthcare provision condition. I also ask for your explicit consent at intake as an additional safeguard.

How I use your information

Your data is used solely to provide and manage your therapy. This includes:

Keeping accurate clinical records to support your care
Communicating with you about appointments and your therapy
Processing session fees
Making referrals to other professionals (only with your knowledge)

I use secure practice management software to help me manage administration, including correspondence. These tools help me respond to you promptly while maintaining my personal touch. All communications are reviewed by me before they are sent.

Your data is never used for marketing, profiling, or any purpose unrelated to your therapy.

Who has access to your data

I am the sole practitioner and the only person who accesses your records day to day. To run my practice securely, I use a small number of trusted service providers:

Provider	What they do	Where data is held
Railway	Hosts my practice database	UK/EU data centres, encrypted at rest
Anthropic	AI-assisted email classification and drafting	Data processed in transit only, not retained
Google Workspace	Email hosting	Google’s data centres (Data Processing Agreement in place)
Stripe	Payment processing	PCI-compliant infrastructure (they never share your card details with me)
Twilio	SMS appointment reminders	Data processed in transit for message delivery

All of these providers are bound by data processing agreements and are required to protect your information to the same standard I do. Your data is never sold or shared with anyone outside these arrangements.

How long I keep your data

Type of record	How long
Client records (active and discharged)	7 years from our last session, in line with professional body and insurer guidance
Records of clients seen as minors	Until you turn 25, or 7 years from discharge, whichever is longer
Enquiry records (if you contacted me but did not become a client)	12 months from our last contact. After that, clinical details are removed and only your name and email are kept so I can recognise you if you get in touch again
Payment records	6 years (HMRC requirement)

Your rights

Under data protection law, you have the right to:

Access your personal data — ask me for a copy of what I hold about you
Correct inaccurate information
Delete your data (subject to any legal or professional obligations I have to retain it)
Restrict how I process your data
Data portability — receive your data in a commonly used format
Object to certain types of processing
Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal

To exercise any of these rights, contact me at emesetaylor@sextherapist.london. I will respond within one month.

If you are unhappy with how I have handled your data, you have the right to complain to the Information Commissioner’s Office (ICO):

Website: ico.org.uk
Helpline: 0303 123 1113

Data breaches

In the unlikely event of a data breach that poses a risk to your rights, I will notify the ICO within 72 hours and inform you without undue delay. Given the sensitivity of therapy records, I take a cautious approach and will always err on the side of transparency.

Data controller

Emese Taylor
Trading as Sex Therapist London
COSRT registered member (No. 3027)

Email: emesetaylor@sextherapist.london

Changes to this notice

I may update this notice from time to time. Any significant changes will be communicated to active clients directly. The date at the top of this page shows when it was last updated.

Last updated: April 2026