Privacy Policy

Last updated: 31 January 2026

Who I am (data controller)

This Privacy Policy explains how Alexander Shailer trading as Insight Ocean (“I”, “me”, “my”) collects and uses personal data.

Contact (privacy): alex@alexshailer.com

UK correspondence address: Insight Ocean, Unit 163081, PO Box 7169, Poole, BH15 9EL, United Kingdom

I work remotely and may access your information from outside the UK, including Mexico.

What data I collect

Depending on how you interact with me, I may collect:

  • Contact details (name, email, phone, time zone)

  • Service details (what you enquire about, booking details, attendance)

  • Coaching information you choose to share, and coaching notes I take (digital and/or handwritten)

  • Optional AI-assisted session notes (if enabled and you opt in): session content may be processed to create summaries/notes (and may involve generating a transcript)

  • Payments (billing details, payment status). I do not store your card number

  • Messages you send (emails, forms, support requests)

  • Community data (if you join my community): profile/display name and anything you post or share there

  • Feedback/testimonials you choose to provide (eg written or video)

  • Website data (essential technical logs; cookie preferences and, if enabled and consented to, analytics data)

My services are for adults. I do not intentionally collect data about children.

How I collect it

  • Directly from you (forms, emails, sessions, purchases)

  • From the platforms you use to interact with me

  • From your device/browser when you visit my website (cookies/logs)

What I use your data for (and lawful basis)

I use your data to:

  • Provide coaching and deliver services (including creating and using coaching notes)

    Lawful basis: contract (and explicit consent where special category data is involved)

  • Manage bookings, communication, and client admin

    Lawful basis: contract / legitimate interests

  • Take payment and keep accounting/tax records

    Lawful basis: contract / legal obligation

  • Run, secure, and improve my website and systems (security, abuse prevention, basic logs)

    Lawful basis: legitimate interests

  • Run a community and enable member interaction (where relevant)

    Lawful basis: contract / legitimate interests

  • Publish testimonials or case studies (only with your consent)

    Lawful basis: consent

  • Handle complaints, disputes, or insurance/legal matters

    Lawful basis: legitimate interests / legal obligation

  • Send marketing emails (eg newsletter, offers) where you’ve opted in; you can unsubscribe any time

    Lawful basis: consent

  • Website analytics (only if enabled and you consent to analytics cookies)

    Lawful basis: consent

Where I rely on legitimate interests, these are running and protecting my business and services (including security, preventing abuse, keeping appropriate records, and responding to enquiries).

Do you have to provide your data?

You must provide basic contact, booking and payment information to enter into a coaching contract and receive services. If you don’t provide it, I can’t provide coaching or take payment.

Sharing special category information is optional. If you share it and later withdraw explicit consent for me to use it in coaching notes/records, I may not be able to continue coaching in the same way.

Sensitive (special category) information

Coaching can involve sensitive information (eg health, sexuality, beliefs, or similar). If you choose to share special category data, I process it only to provide coaching and to create and keep coaching notes/records.

My condition for this under UK GDPR is your explicit consent (normally collected via your coaching agreement/onboarding, and you can also give or withhold it in writing at any time).

If optional AI-assisted notes/transcripts are enabled, I also rely on your explicit consent for that processing. You can withdraw explicit consent at any time by emailing me.

Who I share data with

I share personal data only with service providers I use to run the business, including:

  • Website hosting and forms: Squarespace

  • Email marketing: MailerLite / EmailOctopus

  • Scheduling: Calendly

  • Video calls: Zoom

  • Payments: Stripe (handles card details; I don’t store your card number)

  • Community hosting: Circle

  • Notes / file storage: Notion, Google Drive

  • Analytics (if enabled): Google Analytics

  • Forms / questionnaires: Typeform

  • Optional AI-assisted notes/transcripts (if enabled and you opt in): AI features within my tools

I may also share information with professional advisers (eg accountant, insurer, legal) where necessary, and with authorities where I’m legally required to do so. I do not sell your personal data.

Community note: other community members can see your profile/display name and anything you post or share within the community.

Some providers act as my data processors (processing on my instructions) and/or as independent controllers for certain processing they do for their own purposes (eg account management, billing, security, fraud prevention, and legal compliance). Where they act as independent controllers, their own privacy notices apply.

International access and transfers

I may access your data while outside the UK (for example, when working remotely). Some providers may store or process data outside the UK.

Where UK data protection law treats this as a restricted international transfer, I use appropriate safeguards (such as the UK IDTA and/or the UK Addendum to the EU Standard Contractual Clauses) and appropriate security measures. You can ask me for details of the safeguards relevant to your data.

How long I keep your data

I keep personal data only as long as needed for the purposes above (and up to longer periods where needed for legal obligations or to deal with disputes/claims):

  • Enquiries that don’t become clients: up to 10 years, then deleted

  • Coaching notes and coaching records: up to 10 years after your last session, then deleted or anonymised

  • Client admin and purchase records: 6 years for accounting/tax and business records

  • Marketing list data: until you unsubscribe (and I clean inactive contacts periodically)

  • Website security logs: typically up to 12 months, then deleted or anonymised

Your data protection rights

You have rights including access, correction, deletion, restriction, objection, and portability (where applicable).

If I rely on your consent (eg marketing emails, special category coaching information, analytics cookies, or optional AI notes), you can withdraw consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out before you withdraw it.

To exercise your rights, email alex@alexshailer.com.

You can object to direct marketing at any time (use the unsubscribe link or email me).

I normally respond within one month. If your request is complex or you make multiple requests, I may extend by up to a further two months and will tell you within one month if I do. I may ask for information to verify your identity before acting on a request.

Security

I use appropriate security measures for a small remote business, including access controls and reputable cloud services. Please note that standard email is not fully secure.

I do not use automated decision-making or profiling to make decisions about you.

Cookies and similar technologies

My website uses essential cookies needed for functionality, security, and fraud/abuse prevention.

Optional cookies (for example analytics cookies, and cookies set by some third-party embeds/tools) are used only if you consent via the site’s cookie banner/settings. You can change or withdraw your choices at any time via the cookie banner/settings, and you can also control cookies in your browser.

Some embedded tools or third-party content (for example scheduling/booking, video, payments, or community features) may set cookies or similar technologies. Where consent is required, the cookie banner/settings controls non-essential cookies; some features may not work unless you consent.

If my website links to other websites, their privacy policies apply to any personal data you provide to them.

Complaints

If you have concerns, please contact me first. You can also complain to the UK regulator, the Information Commissioner’s Office (ICO).

ICO postal address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK