Skip to main content
FlexAura Home Physiotherapy
Back to Home

Privacy Policy

Last updated: 6 April 2026

1. Who we are

FlexAura Home Physio (“we”, “us”, “our”) is a UK home physiotherapy booking service operating at flexauraphysio.co.uk. We are the data controller for the personal information described in this policy.

2. What we collect

When you use our booking form or contact us, we may collect:

  • Your name, title, email address and phone number
  • Your postcode and home address (for home visits)
  • The reason for your appointment and any health information you choose to share
  • Booking and payment metadata (we never store full card numbers — payments are processed by Stripe)

3. Why we collect it (lawful basis)

We process your data on the following lawful bases under UK GDPR:

  • Contract — to provide the physiotherapy service you have booked.
  • Legitimate interest — to contact you if you start a booking but do not finish, and to improve our service.
  • Legal obligation — to keep clinical records as required by healthcare regulations.
  • Consent — for any optional marketing communication, which you can withdraw at any time.

4. How long we keep it

  • Incomplete enquiries / leads: automatically deleted within 30 days if no booking is made.
  • Completed bookings & clinical notes: retained for 8 years in line with NHS and CSP record-keeping guidance.
  • Account details: kept until you ask us to delete them.

5. Who we share it with

We never sell or share your data with third parties for marketing. We only share information with:

  • The physiotherapist assigned to your booking (so they can deliver care)
  • Stripe (to process payments securely)
  • Resend (to send you booking confirmation emails)
  • Supabase & Vercel (our secure UK/EU hosting providers)
  • HMRC, the police or regulators if required by law

6. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Ask us to correct or update inaccurate data
  • Ask us to delete your data (the “right to be forgotten”)
  • Object to or restrict how we use your data
  • Receive a copy of your data in a portable format
  • Lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk

7. How we keep it safe

All data is encrypted in transit (HTTPS/TLS) and at rest. Access is restricted to authorised staff and the assigned physiotherapist only. We use industry-standard authentication and audit logging.

8. Cookies

We only use essential cookies needed to keep you signed in and to remember your booking progress. We do not use advertising or tracking cookies.

9. Contact us

To exercise any of your rights, or for any questions about this policy, email us at info@flexauraphysio.co.uk. We will respond within 30 days.