Purposeful Pathways - Your path to thriving

Last updated: 13 June 2026

Privacy & Data Retention Policy

Your trust matters. This page explains what information Purposeful Pathways Coaching ("we", "us", "Nicole Gupta") collects, why we collect it, how long we keep it, and the rights you have over it.

1. Who we are

Purposeful Pathways Coaching is operated by Nicole Gupta. For any privacy questions or to exercise your rights, contact nicolegupta.coaching@gmail.com. We are the data controller for the personal data described below.

2. What we collect

  • Contact details you submit through forms (name, email, and any message you choose to share).
  • Newsletter sign-ups (email, optional name, the page you signed up from).
  • Group session registrations (name, email, event chosen).
  • Discovery call bookings handled by our scheduling partner (Delenta) - they collect what you enter on their booking page.
  • Technical data from analytics tools (Google Analytics, Microsoft Clarity, Meta Pixel) such as anonymised IP, device, browser, pages viewed, and approximate location.
  • Coaching notes created during 1:1 work. These are kept in a private, access-controlled system and never shared.

We do not intentionally collect special-category health data through the website. Please don't include diagnoses, medication, or detailed health information in web forms - share that only inside a coaching session.

3. Why we use it (legal basis)

  • Contract: to deliver coaching you've booked.
  • Consent: for the newsletter and non-essential analytics. You can withdraw consent any time.
  • Legitimate interests: to keep the site secure, fix bugs, and improve content.
  • Legal obligation: tax and accounting records.

4. How long we keep it

  • Contact form messages: up to 24 months, then deleted.
  • Newsletter subscribers: until you unsubscribe (one-click link in every email), then suppressed and removed within 30 days.
  • Group session registrations: 12 months after the event.
  • Active client records (invoices, agreements): 7 years to meet accounting requirements.
  • Coaching session notes: up to 3 years after our work ends, then deleted.
  • Analytics data: 14 months (Google Analytics default).
  • Email send logs: 12 months for deliverability and audit.

5. Where your data is stored

Website and form data is stored in our backend (Supabase, hosted in the EU) with row-level security policies that restrict access. The site is delivered through Cloudflare. Email is sent via our authenticated sending domain. Bookings go through Delenta. Each processor has its own privacy notice and applies appropriate safeguards for any international transfers (UK/EU Standard Contractual Clauses).

6. Who we share it with

We never sell your data. We share it only with service providers needed to run the practice: hosting/database, email delivery, scheduling, analytics, and accounting - and only the minimum needed.

7. How we protect it

  • Encryption in transit (HTTPS) and at rest.
  • Row-level security on every database table.
  • Access limited to Nicole; no shared logins.
  • Strong, unique passwords and multi-factor authentication on all admin accounts.
  • Regular review of who can access what.

8. Your rights (UK & EU GDPR)

You have the right to:

  • Access the data we hold about you.
  • Have inaccurate data corrected.
  • Have your data erased ("right to be forgotten").
  • Restrict or object to processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time.
  • Lodge a complaint with the UK ICO ( ico.org.uk) or your local EU supervisory authority.

To exercise any right, email nicolegupta.coaching@gmail.com. We respond within 30 days.

9. Cookies & tracking

We use a small number of analytics and advertising cookies (Google Analytics, Microsoft Clarity, Meta Pixel). You can block these in your browser or with an ad-blocker. Essential cookies needed to make the site work are always on.

10. A note on HIPAA

HIPAA is a US healthcare law that applies to "covered entities" (clinicians, health plans, clearing-houses) and their business associates. Coaching is not a regulated healthcare service and this website is not a HIPAA-covered platform. If you need HIPAA-grade handling of protected health information, please speak with a licensed healthcare provider.

11. Changes

We may update this policy. Material changes will be flagged on this page with a new "last updated" date.