Legal

Privacy Notice

Last updated: 13th January 2026

January 2026 changes

−Removed Acuity Scheduling (third-party)

+Added own booking system (booking.talktoluke.com)

What I do with your information

Here's what happens to your data, explained clearly rather than hidden in legal language.

The short version: I keep your details secure, I don't sell them to anyone, and I only share what I legally have to. Everything else stays between us.

The long version: Here's everything you need to know.

What information I collect

This is pretty straightforward:

Basic contact stuff: Name, email, phone number, age
Health information: Medical conditions, medications, relevant history
Session notes: What we talk about (but anonymised)
Your consent: That you're okay with me processing this data

How I store your information

I take security seriously. Here's what happens:

Email: Stored with iCloud - Apple's security is robust, with encryption and two-step verification enabled.

Text messages: Via iMessage or WhatsApp - both encrypted.

My computer: Password-protected, encrypted Mac. Session notes are stored separately from your personal details and anonymised.

Scheduling: My own booking system at booking.talktoluke.com handles appointments. Your name, email, phone number, and appointment details stay under my control - no third-party scheduling services involved.

Payments: The first session is paid through my booking system via Stripe. After that, UK clients pay by bank transfer; international clients continue using Stripe. I don't store your card details - Stripe handles that with bank-level encryption.

Online sessions: Zoom for video calls. They only see appointment names from my booking system.

When I have to share your information

Supervision: I meet with my supervisor twice monthly to discuss my work (it's an ethical requirement). They don't know who you are - I use first names only and they have no access to your personal data.

Emergencies: If you're at serious risk of harm and consent, I might need to contact your GP or crisis services. If you're planning to harm others, I may be legally required to inform authorities without your consent.

If I die or become incapacitated: My therapeutic executor will contact current clients to let them know. These contact details are stored securely with clinicalwill.app.

When I delete your information

Personal details: Deleted one month after we finish working together.

Session notes: Kept for up to seven years in case you return to therapy, then deleted. This is standard practice and helps if we work together again in future.

Your rights

You can:

Ask what data I hold about you (free for the first request)
Correct any mistakes
Withdraw consent
Request deletion (though I might refuse if I need the information for ethical practice)

The bottom line: I treat your information the way I'd want mine treated - securely, respectfully, and with the minimum fuss necessary.

This privacy notice forms part of our contract when we begin working together.

Questions? Just ask. I'd rather explain something clearly than hide behind legal jargon.

Get in touch →