Privacy Policy
How we collect, use, and protect your personal information
Last Updated: 15 February 2026
Thoroughgood Development Ltd (Company No. 16542049).
Registered office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ.
Introduction
Your privacy is important to Thoroughgood Development Ltd ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you engage with our coaching, training, and consultancy services. Please read this Privacy Policy carefully. By accessing or using our services, you acknowledge that you have read, understood, and agreed to be bound by all the terms outlined in this Privacy Policy.
1. Information We Collect
1.1 Personal Information
We may collect personal information from you when you use our services, including but not limited to:
- Identity information (name)
- Contact information (email address, phone number, postal address)
- Professional information (job title, company, industry)
- Contact form submissions (phone number, service interest, message content)
- Financial information (invoice records only; we do not collect or store payment card details directly)
- Service data (information provided during consultations, coaching sessions, or training)
- Technical data (IP address, browser type, device information)
1.2 Sensitive Personal Information
In the course of executive coaching and business psychology services, we may process information that constitutes special category data under Article 9 of the UK GDPR, such as information relating to your mental or physical health and wellbeing shared during coaching sessions. We process such data only with your explicit consent (Article 9(2)(a)).
1.3 Collection Methods
We collect information through:
- Direct interactions (when you contact us, register for our services, or complete forms)
- Automated technologies (cookies, server logs, and other similar technologies)
- Third parties (business partners, service providers)
2. Legal Basis for Processing
Under the UK GDPR, we must have a lawful basis for each processing activity. The table below maps our activities to the applicable legal basis:
| Activity | Lawful Basis |
|---|---|
| Delivering coaching, training, and consultancy services | Art. 6(1)(b) contractual necessity |
| Responding to contact form enquiries | Art. 6(1)(f) legitimate interests (responding to prospective client enquiries) |
| Sending newsletter emails | Art. 6(1)(a) consent |
| Analytics (Google Analytics 4, PostHog) | Art. 6(1)(a) consent via cookie banner |
| Vercel Analytics (cookieless page metrics) | Art. 6(1)(f) legitimate interests (monitoring site performance and reliability) |
| Error monitoring (Sentry) | Art. 6(1)(f) legitimate interests (maintaining site reliability) |
| Maintaining financial and tax records | Art. 6(1)(c) legal obligation (HMRC requirements) |
| Processing special category data during coaching | Art. 9(2)(a) explicit consent |
2.1 Newsletter
Our newsletter provides periodic insights on leadership, coaching, and professional development, sent no more than once per month. The lawful basis for processing your email address for this purpose is your consent (Art. 6(1)(a)). Every email includes an unsubscribe link. After you unsubscribe, your email address will be deleted within 30 days.
3. How We Use Your Information
Your information may be used to:
- Provide and manage our coaching, training, and consultancy services
- Process payments and maintain financial records
- Communicate with you regarding your sessions, enquiries, and service updates
- Improve our services and customer experience
- Send you newsletter content, if you have opted in to receive it
- Comply with legal obligations
- Protect our rights, privacy, safety, or property
4. Cookies and Tracking Technologies
We use cookies on our website. When you first visit, a cookie banner asks for your consent. You can change your preferences at any time via the cookie preference centre accessible from the banner or the footer of any page.
4.1 Strictly Necessary Cookies
These cookies are essential for the website to function and cannot be switched off:
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| td_cookie_consent | Remembers your cookie choices | 12 months | First-party |
| sb-*-auth-token | Keeps you signed in while you use the site | Session | First-party |
| theme | Remembers your light/dark mode preference | Persistent | First-party |
| sentry-* | Error monitoring to keep the site working reliably | Session | Third-party |
4.2 Analytics Cookies
These cookies help us understand how visitors use our website. All data is anonymous. These are only set if you consent:
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| _ga | Google Analytics — counts site visitors | 2 years | Third-party |
| _ga_* | Google Analytics — tracks visitor journeys | 2 years | Third-party |
| ph_* | PostHog — anonymous usage data and session replays | 1 year | Third-party |
PostHog may record anonymous session replays of page visits and clicks. All text content is masked by default, and replays cannot be used to identify individual visitors.
4.3 Functional and Marketing Cookies
We do not currently use any functional or marketing cookies. These categories are reserved for future use and will be disclosed here before activation.
5. Data Retention
We retain your personal information only for as long as necessary for the purposes described in this policy. Specific retention periods are:
| Data Type | Retention Period |
|---|---|
| Contact form messages | 2 years |
| Newsletter subscriber data | Until unsubscribe + 30 days |
| Audit and security logs | 12 months |
| Financial records | 6 years (HMRC requirement) |
| Cookie consent records | 12 months |
| Coaching and training records | Duration of engagement + 2 years |
We will securely delete or anonymise your personal information when it is no longer needed for the purposes for which it was collected.
6. Data Protection
We implement appropriate technical and organisational measures to protect your personal information from unauthorised access, use, or disclosure. These measures include:
- Encryption of sensitive data
- Secure network architectures
- Access controls to limit data access to authorised personnel
- Regular security assessments
However, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
7. International Data Transfers
Some of our data processors are based outside the UK. When we transfer personal data internationally, we ensure appropriate safeguards are in place under UK data protection law:
| Processor | Location | Transfer Mechanism |
|---|---|---|
| Supabase (database, auth) | United States | UK Extension to EU-US Data Privacy Framework |
| Google Analytics 4 | United States | UK Extension to EU-US Data Privacy Framework |
| PostHog (analytics) | EU (Frankfurt) | No international transfer |
| Vercel (hosting, analytics) | United States | UK Addendum to EU Standard Contractual Clauses |
| Sentry (error monitoring) | United States | UK Addendum to EU Standard Contractual Clauses |
8. Sharing Your Information
We do not sell, trade, or otherwise transfer your personal information to outside parties without your consent, except as described below:
- Service providers: Third parties who perform services on our behalf (e.g., payment processing, IT services)
- Business transfers: In connection with any merger, sale of company assets, financing, or acquisition
- Legal requirements: When required by law, court order, or governmental regulation
- Protection of rights: To protect our rights, property, or safety, or that of our users or others
Any third parties with whom we share your information are contractually required to implement appropriate security measures and only process your personal information for specified purposes.
9. Your Rights
Under UK data protection law, you have the following rights regarding your personal information:
- Right to access: Request a copy of the personal information we hold about you
- Right to rectification: Request correction of any inaccurate information
- Right to erasure: Request deletion of your personal information in certain circumstances
- Right to restrict processing: Request restriction of processing in certain circumstances
- Right to data portability: Request transfer of your information to you or a third party
- Right to object: Object to processing based on legitimate interests or direct marketing
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time. For cookies, use the cookie preference centre accessible from the footer of any page. For the newsletter, use the unsubscribe link in any email. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
- Rights related to automated decision-making: Not be subject to decisions based solely on automated processing
To exercise these rights, please contact us using the details provided in the "Contact Us" section. We may need to request specific information to confirm your identity. We will respond to all legitimate requests within one month, unless the request is particularly complex.
10. Children's Privacy
Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete the information.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. Material changes will be notified to you by email or a notice on our website. We encourage you to review this policy periodically.
12. Contact Us
If you have any questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us.
Thoroughgood Development Ltd
Company No. 16542049
Registered office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
13. Complaints
If you are concerned about how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO) in the UK or your local data protection authority. However, we would appreciate the opportunity to address your concerns before you approach a data protection authority, so please contact us in the first instance.