Privacy Policy

Last updated: 2 May 2026

1. Who we are

This Privacy Policy applies to Hypnotrack™, a company registered in Northern Ireland.

Registered office: Suite 313, 7 Donegall Square West, Belfast BT1 6JH, Northern Ireland
ICO registration: ZC126937
Email: hello@hypnotrack.com

For the purposes of UK GDPR and the Data Protection Act 2018, Hypnotrack™ is the data controller of the personal information described in this policy. Our day-to-day data protection contact is the founders' team — you can reach us at the email above.

2. What we collect

We collect three categories of information.

2.1 Information you give us directly

When you use Hypnotrack, we ask you to provide:

  • Your first name, email address and date of birth (so we can verify you're 18 or older and address you personally)
  • Information about how you're feeling and what you'd like to work on (mood, stress, energy, body tension, the situation you're describing)
  • Voice recordings of you describing your situation, your inner critic and your future self
  • Free-text answers about identity beliefs, what soothes you, places that feel safe to you and other personal anchors
  • Optional details such as a meaningful person, place, pet or word you'd like included in your session
  • Your safeguarding answers (whether you have certain conditions that mean Hypnotrack isn't suitable for you)
  • Your digital signature (when you complete a paid session)

2.2 Information we collect automatically

  • Basic technical information about your device and browser, used to make the site work properly
  • Usage information (which pages you visited, how long you spent on each)
  • Your IP address (used briefly for security and abuse prevention, not stored long-term)

2.3 Information we receive from third parties

  • Payment confirmation from Stripe (we don't see or store your card details — Stripe handles that directly)
  • Analysis of your voice recordings from Hume AI and ElevenLabs, used to make your session more personal

2.4 Special category data

Some of the information you share with us is what UK GDPR calls "special category" data — including details about your mental health, emotional wellbeing and sometimes physical health. We treat this with extra care. We only collect it because you've explicitly chosen to share it for the specific purpose of receiving a personalised hypnotherapy session and we ask for your explicit consent before processing it.

3. Why we collect it

We collect your information for one reason: to make Hypnotrack work for you. Specifically:

  • To create a personalised hypnotherapy session that addresses your specific situation, in your own words
  • To send you the session and let you re-access it from your portal
  • To process your payment
  • To communicate with you about your account and sessions
  • To keep our service safe (preventing abuse, fraud and misuse)
  • To improve Hypnotrack over time, using anonymised insights only

We don't use your information for advertising. We don't profile you to sell to other companies. We don't pass your data to anyone for marketing purposes.

4. How we use it

When you complete a Hypnotrack session, here's what happens to your data:

  1. Your answers and voice recordings are sent to our secure servers (hosted by AWS in the UK).
  2. Your voice recordings are analysed for emotional tone (by Hume AI) and used to generate your session script (by Anthropic Claude).
  3. Your script is converted to spoken audio (by ElevenLabs) using your name, your specific situation and the personal details you've shared.
  4. Your finished session is delivered to you by email and saved in your portal.

The personalisation is the product. Your data isn't used for anything beyond making your session and the next time you come back, making the next one.

Under UK GDPR, we need a lawful basis to process your information. Ours are:

  • Consent. You give us explicit consent before we process your sensitive data (your emotional disclosures, voice recordings and health-adjacent answers). You can withdraw this consent at any time by emailing us — though it doesn't affect anything we processed before you withdrew.
  • Contract. When you pay for a session, we process certain data because you've entered into a contract with us (we have to have your name and email to deliver what you bought).
  • Legitimate interest. For things like preventing abuse, securing our systems and keeping our records of paid orders, we rely on legitimate interest. We've considered your privacy carefully and only do this where it's proportionate.
  • Legal obligation. Where we have to keep records (for tax, accounting or regulatory purposes), we rely on this basis.

6. Who we share your data with

We share data with a small number of trusted companies that help us run Hypnotrack. We've chosen each one carefully and only share what's necessary. They are not allowed to use your data for anything other than helping us deliver the service.

  • AWS (Amazon Web Services) — hosts our servers and stores your data securely. Based in the UK and EU.
  • Vercel — hosts our website. Based in the US but operates under EU-equivalent data protection commitments.
  • Stripe — processes your payments. Stripe sees your card details; we don't.
  • Anthropic — provides the AI (Claude) that generates your personalised hypnotherapy script. Your data is sent to Anthropic for the purpose of generating your session and is not used to train their models.
  • ElevenLabs — converts your script into audio.
  • Hume AI — analyses the emotional tone of your voice recordings.
  • SendGrid (Twilio) — delivers our emails to you.
  • Google (Cloud / fonts) — provides supporting infrastructure for the site.

We also share data when we're legally required to (for example, in response to a valid legal request from law enforcement). We will challenge any request that seems overbroad.

We will never sell your personal data. Ever.

7. How we keep your data safe

We take your data seriously and protect it with industry-standard security measures:

  • All data is transmitted over encrypted connections (HTTPS / TLS)
  • Stored data is encrypted at rest using AES-256
  • Access to your information is limited to authorised people who need it to do their work
  • Our systems are monitored for unusual activity
  • We never store your payment card details — those go directly to Stripe
  • We carry out regular reviews of who has access to what

No system is ever 100% secure but we work hard to make ours as safe as we reasonably can. If something ever goes wrong, we'll let affected users know promptly and report any qualifying breach to the ICO within 72 hours, as required by law.

8. How long we keep your data

We hold different categories of data for different periods, in line with the principle of "no longer than necessary":

  • Account information (name, email, date of birth) — kept while your account is active. If you ask us to close your account, we'll remove this within 30 days.
  • Voice recordings and personal answers from your intake — kept indefinitely while your account exists, so that you can return and create related future sessions that build on your earlier work. You can ask us to delete them at any time.
  • Generated session audio (your finished hypnotherapy track) — kept indefinitely while your account exists, so you can re-access your sessions whenever you want. Deleted on account closure.
  • Payment records — kept for at least 7 years after the transaction, as required by UK tax law.
  • Email correspondence — kept for up to 24 months unless related to a legal or regulatory matter.
  • Hardship fund applications — kept for 90 days after we've responded, then deleted. We don't keep these long-term.
  • Anonymised analytics — kept indefinitely (this contains no information that identifies you personally).

If your account has been completely inactive for 24 months, we may contact you to confirm whether you'd like us to keep your data or close your account on your behalf.

9. International data transfers

Hypnotrack is available worldwide and some of the third parties we use (Stripe, Vercel, Anthropic, ElevenLabs, Hume AI, SendGrid) are based in the United States or operate globally. When your data is transferred outside the UK or EEA, we make sure it's protected by safeguards equivalent to UK and EU law — most commonly via Standard Contractual Clauses approved by the UK Government and the European Commission or the UK-US Data Bridge where relevant.

You can ask us for more detail on any specific transfer at any time.

10. Your rights

Under UK and EU data protection law, you have the following rights, free of charge:

  • Right to be informed — that's what this policy is for.
  • Right of access — you can ask for a copy of all the personal data we hold about you. We'll respond within 30 days.
  • Right to rectification — if anything we hold about you is wrong, tell us and we'll fix it.
  • Right to erasure ("right to be forgotten") — you can ask us to delete your data. We'll do so unless we have a legal reason to keep it (e.g. tax records).
  • Right to restrict processing — you can ask us to pause our use of your data while we sort out any disputes.
  • Right to data portability — you can ask for your data in a portable format so you can take it elsewhere.
  • Right to object — you can object to our processing your data based on legitimate interest.
  • Right to withdraw consent — where we process your data based on consent, you can withdraw that consent at any time.
  • Right not to be subject to automated decision-making — Hypnotrack uses AI to generate your session but no automated decision is made about you that has legal or significant effect. You always make the choice to use the service.

To exercise any of these rights, email hello@hypnotrack.com. We'll respond within 30 days. We may need to verify your identity before acting on a request, to make sure we're not giving someone else's data to the wrong person.

11. Cookies and similar technologies

Hypnotrack uses a small number of cookies to make the site work. We don't use advertising cookies and we don't track you across other websites.

  • Essential cookies — required for the site to function (session management, security, payment processing). These can't be turned off.
  • Functional cookies — remember your preferences (such as whether you've seen our cookie banner).
  • Analytics cookies (when enabled) — help us understand how the site is used in aggregate. Set only if you choose "Accept All" on our cookie banner.

You can change your cookie preferences at any time by clearing your cookies in your browser settings.

12. Children

Hypnotrack is for adults aged 18 and over. We don't knowingly collect personal data from anyone under 18. If you become aware that a child has provided us with personal information, please contact us immediately so we can remove it.

13. If you're in crisis

Hypnotrack is a wellness tool, not a crisis service. If you're struggling with thoughts of self-harm, suicide or feel unable to cope, please reach a real human:

  • Samaritans: 116 123 (free, 24/7)
  • SHOUT: text 85258
  • NHS 111: for urgent mental health support
  • In a medical emergency: dial 999

If you share content during your intake that suggests you're in crisis, we may automatically send you a supportive email pointing you toward these services. Our team may also receive an internal alert so we can check in if appropriate. We do this because your wellbeing matters more than anything else and we'd rather err on the side of care.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we make significant changes, we'll let registered customers know by email. The "last updated" date at the top of this page tells you when the most recent changes were made.

Older versions of this policy are available on request — just email us.

15. Contact us and your right to complain

If you have any questions about this policy or how we handle your data, please get in touch:

Email: hello@hypnotrack.com
Post: Hypnotrack™, Suite 313, 7 Donegall Square West, Belfast BT1 6JH, Northern Ireland

If you're not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority:

ICO: ico.org.uk · 0303 123 1113
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

If you're based outside the UK, you may also be entitled to complain to your local data protection authority.

16. Accessibility

We are committed to making Hypnotrack™ accessible to as many people as possible. We aim to meet the Web Content Accessibility Guidelines (WCAG) 2.1 at level AA across our website and intake form.

Our current accessibility provisions include:

  • Semantic HTML structure with appropriate heading hierarchy
  • Sufficient colour contrast ratios across text and interactive elements
  • Keyboard-navigable interface throughout the intake form and portal
  • Alt text on meaningful images; decorative images are hidden from assistive technology
  • ARIA labels on interactive controls where native semantics are insufficient
  • Responsive layout that adapts to zoom levels up to 200% without horizontal scrolling

We know we won't always get it right. If you encounter a barrier or find something difficult to use, please contact us and we'll do our best to help:

Email: hello@hypnotrack.com

We'll respond within five working days. If you need the content of this site in an alternative format, we'll do our best to accommodate you.

This statement was last reviewed on 12 May 2026.