Your privacy
How Safe Within collects, uses, and protects your personal information.
Last updated: June 2026
Who we are
Safe Within is operated by Samira Lamriouat, a psychologist and ThetaHealing® practitioner based in London, UK. For the purposes of UK GDPR, Samira Lamriouat is the data controller.
Contact: info@safewithin.co.uk · +44 7985 476227
What data we collect and why
Contact form
When you send a message via the contact form we collect your name, email address, phone number (optional), and the content of your message. We use this solely to respond to your enquiry. The legal basis is legitimate interest — you have contacted us with the expectation of a reply.
Health-related (special-category) data
Because of the nature of our work, the information you share — in a contact message, in the optional notes on a booking, or during a session — may include details about your emotional or mental wellbeing. Under UK GDPR this is special-category (health) data. We process it only on the basis of your explicit consent (UK GDPR Article 9(2)(a)), which you give by ticking the consent box on the relevant form. You can withdraw this consent at any time by emailing us. We never share this information for marketing, and we ask that you share only what you are comfortable sharing.
Booking a session
When you book and pay for a session we collect your name, email, phone (optional), any notes you choose to add, and your session details. Bookings are stored in our database, hosted by Supabase. The legal basis is performance of a contract (to provide the session you have booked), and explicit consent for any health-related notes you include.
Payments
Payments are processed by Stripe. We do not see or store your full card details — Stripe handles card data directly as a PCI-compliant payment processor. We retain a record of the transaction (amount, date, product) to fulfil the order and meet our legal accounting obligations.
Book waitlist
When you join the book waitlist we collect your name and email address. We use this to notify you when a book becomes available and to send occasional reflections from the practice. The legal basis is consent — you opted in explicitly. You may unsubscribe at any time by emailing us.
Website hosting
This site is hosted on Vercel. Vercel may collect standard server logs (IP address, browser type, pages visited, time of visit) for security and operational purposes. See Vercel's privacy policy.
Third parties who process your data
We use a small number of trusted service providers ("processors") who handle data strictly on our behalf, under contract, and never for their own marketing:
- Resend — delivers form submissions to us by email (privacy policy).
- Supabase — hosts our database, including account, booking, and any health-related notes you provide (privacy policy).
- Stripe — processes payments (privacy policy).
- Vercel — hosts this website and may collect standard server logs (privacy policy).
- Sentry — captures technical error reports so we can keep the site working; these may incidentally include your IP address or the page you were on (privacy policy).
- Zoom — sessions are delivered over Zoom; Zoom processes your data as its own controller during the call (privacy policy).
Some of these providers are based outside the UK/EU; where that is the case, transfers are protected by appropriate safeguards such as Standard Contractual Clauses. We do not sell, rent, or share your personal data with any third party for marketing purposes.
How long we keep your data
- Enquiry and waitlist data — until you ask us to remove it, or after two years of inactivity.
- Booking records and any health-related notes — for the duration of our working relationship and a reasonable period afterwards, then deleted or anonymised.
- Payment and transaction records — retained for up to 6 years to meet UK accounting and tax obligations (this is a legal exception to the right to erasure).
Cookies
This website uses Google Analytics to understand how visitors use the site so we can improve it. Analytics runs only if you accept itthrough the cookie banner. Before you choose, or if you select “only essentials”, no analytics cookies are set and no analytics data is collected about you. You can change your mind at any time by clearing your browser’s stored site data.
The only cookies set without your consent are strictly necessaryones used to keep you signed in to your account area; these are exempt from consent requirements. If you proceed to payment, Stripe sets its own cookies on its checkout pages to process your transaction securely.
Your rights under UK GDPR
You have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your data ("right to be forgotten")
- Restriction — ask us to limit how we use your data
- Portability — receive your data in a machine-readable format
- Object — object to processing based on legitimate interest
- Withdraw consent — at any time, where processing is based on consent
To exercise any of these rights, email info@safewithin.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
Changes to this policy
We may update this policy from time to time. The date at the top of this page reflects the most recent revision. Continued use of the site after changes constitutes acceptance of the updated policy.