True You TogetherCIC

how we handle your information

Privacy and cookies.

We collect as little as we can, we explain what we do with it in plain language, and we never share it with anyone we don’t have to.

Last updated: 21 May 2026. [REVIEW: keep this date current with each change.]

Who we are.

This website is operated by True You Together CIC, a community-interest company registered in England and Wales.

  • Registered company number: [REVIEW: insert once registration completes.]
  • Registered address: [REVIEW: insert business address, not personal.]
  • Lead contact for data matters: [REVIEW: name, role, email. Default email Info@trueyoucic.co.uk]

If you have any questions about how we handle your information, email us at Info@trueyoucic.co.uk and we’ll come back to you within seven working days.

What we collect.

We only collect information you actively give us, and a small amount of routine technical data needed to keep the site running.

When you contact us

  • Your name (or whatever you’d like us to call you)
  • Your email address
  • The message you send us
  • Optional: your phone number, if you choose to share it
  • Whether you’ve ticked the box to be added to our monthly newsletter

When you sign up for our launch list or newsletter

  • Your email address
  • Optional: your name

Routine technical data

  • Your IP address, browser and device type. Standard server log data, kept briefly for security and troubleshooting.
  • Pages you visit and how you got here. We don’t currently use analytics tracking. If we add it, we’ll update this page and ask for your consent before any non-essential cookies load.

Why we collect it (lawful basis).

UK GDPR requires us to name a lawful basis for processing your data. Ours are:

  • Consent. When you sign up for our newsletter or tick a box to be contacted, we rely on your consent. You can withdraw it at any time.
  • Legitimate interests. When you contact us with a question, we use the information to reply to you. We balance our interest in answering against your interest in privacy, and we keep what we collect to the minimum needed.
  • Legal obligation. If we ever have to retain records for legal or safeguarding reasons, we’ll tell you what and why.

Who we share it with.

We don’t sell, rent, or share your data with third parties for marketing. We do share it with the small set of service providers who help us run the site:

  • Our website host (WPMUDEV). They process page requests and store the website database, including form submissions, on UK or EU servers.
  • Our email provider. [REVIEW: name the provider you use for Info@trueyoucic.co.uk so this is accurate.]
  • Forminator. A WordPress plugin that handles form submissions. It stores them in our website database and emails us a copy.

Each provider is bound by a data-processing agreement appropriate to UK GDPR. None of them sell or share your data.

How long we keep it.

  • Contact form messages: [REVIEW: confirm retention period. Suggest 24 months from last interaction, then deleted.]
  • Newsletter sign-ups: until you ask to be removed, or until we close down, whichever comes first.
  • Server logs: 30 days, then automatically deleted by the host.
  • Anything held for safeguarding reasons: as long as the relevant safeguarding policy requires. Usually no longer than three years.

You can ask us to delete your data at any time. We’ll do so within 30 days unless we’re legally required to keep something.

Your rights.

Under UK GDPR you have the right to:

  • Ask us what information we hold about you (a “subject access request”)
  • Ask us to correct anything that’s wrong
  • Ask us to delete your information
  • Ask us to stop processing your information
  • Ask us to send your information to you, or to another organisation, in a portable format
  • Object to anything we’re doing with your data

To exercise any of these rights, email us at Info@trueyoucic.co.uk. We’ll respond within one calendar month, usually much sooner.

Cookies.

A cookie is a small text file the site can store on your device. We use the smallest set we reasonably can.

Essential cookies (always set)

  • WordPress session cookies, only set if you log in to the admin area. They keep you logged in. They are never set on visitors who don’t have an account.
  • Forminator anti-spam cookie, set briefly to prevent automated form submissions.

Functional preferences (stored in localStorage)

We remember a few of your preferences in your browser’s localStorage. These are not cookies, never leave your device, and we cannot read them from our server.

  • Your chosen reading mode (Paper, Dusk, or High contrast)
  • Your chosen text size (Normal, Larger, Largest)
  • Your cookie-banner choice (so we don’t show the banner every time)

Analytics

We do not currently use analytics tracking. If we add it in future, we’ll update this page and ask for your consent before any non-essential cookies load.

Children’s data.

The site is not aimed at children under 13. We don’t knowingly collect data from anyone under that age. If you believe a child has submitted their information through this site, please contact us and we’ll delete it.

Safeguarding.

If a message we receive raises a safeguarding concern, we may need to share what’s relevant with the appropriate authority. We’ll tell you if and when this happens unless doing so would itself create a safeguarding risk. See our safeguarding statement for more detail.

Changes to this policy.

We may update this policy from time to time. Material changes will be flagged on the home page and dated at the top of this document. We’ll never reduce your rights without telling you in advance.

How to complain.

If you’re unhappy with how we’ve handled your data, please tell us first so we can put it right. If you’re still not satisfied, you have the right to complain to the UK’s data protection regulator:

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
ico.org.uk

This policy is provided as a starting point. For a CIC working with vulnerable people, we strongly recommend you have a UK data-protection professional review it before formal launch. [REVIEW: get external legal sign-off before promoting Home to the front page.]