• Counselling
  • Rewind Therapy for Trauma
  • Counselling Insights
  • Counsellor Training/CPD
  • More
    • Counselling
    • Rewind Therapy for Trauma
    • Counselling Insights
    • Counsellor Training/CPD
  • Counselling
  • Rewind Therapy for Trauma
  • Counselling Insights
  • Counsellor Training/CPD
Inner Insight Counselling

Privacy Policy

 

Last Updated: February 2026


I use modern technology and AI tools to help run my practice efficiently. This allows me to focus more of my energy on our therapeutic work while ensuring your data remains protected to the highest UK standards. As a registered member of the BACP and NCPS, and a Data Controller registered with the Information Commissioner’s Office (ICO), I am committed to the highest standards of confidentiality.



1. Why I Collect Your Information (Lawful Basis)


To provide you with ethical and professional counselling, I process your data under the following legal frameworks:

  • Contract: Processing is necessary to fulfil our Counselling Agreement.
  • Health and Social Care: For clinical notes, I process special category data (health information) under Article 9(2)(h) of the UK GDPR.
  • Legitimate Interests: To maintain records for insurance and legal defence purposes.



2. What Information I Collect (Stored via Kiku)


I use a specialist, UK-based practice management system called Kiku, designed specifically for counsellors to meet the highest standards of data security. The following is held within Kiku:

  • Personal Details: Your name, date of birth, contact information and details about medications.
  • Emergency Contact: Your GP’s details.
  • Clinical Notes: Notes from our sessions to help me track our therapeutic progress.
  • Financial Records: A history of appointments and payments.



3. Financial Data and Account Keeping


  • Business Bank Account: If you pay via bank transfer, these payments are made to my dedicated business bank account. I am the only individual with access to this account.
  • Accounting and Tax: To meet my professional and legal obligations for financial record-keeping, I may process relevant financial data using either strictly GDPR-compliant proprietary software or an encrypted, password-protected spreadsheet. To ensure maximum data safety, this spreadsheet is stored on a separate encrypted service and is kept independent of my main Google Workspace environment.
  • HMRC Access: For statutory tax and accounting purposes, my accountant or HMRC may request to view bank statements. Please be assured this is done with data protection and privacy regulations in mind.
  • Card Payments: If you pay through Kiku or my card terminal, your card details are processed securely by Stripe or relevant providers like Zettle or PayPal (or other services I may use). These are never visible to me or stored in my systems.



4. How Your Data is Kept Secure


System Protection (Kiku)

  • Encryption: Kiku uses high-level encryption similar to online banking.
  • Access Control: Access is protected by a secure password and Two-Factor Authentication (2FA), meaning only I can access your files.
  • Anonymisation: Kiku automatically anonymises clinical notes and diary entries so they are not directly linked to your name in the main database view.


Digital and Document Protection (Google Workspace)

I utilise Google Workspace for business operations, providing enterprise-level security far beyond standard personal accounts.

  • Secure Storage: Beyond email, other essential documents associated with my business, such as referral letters, assessment forms, and structured session summaries, are stored within this secure environment. Your referrals will also be attached to your client record in Kiku.
  • Encryption: All documents benefit from industry-standard encryption both while they are stored at rest and while they are being sent in transit.
  • Data Safety: This data is logically separated from other users and protected by secure-by-design architecture, which includes ISO 27001 certification and a Cloud Data Processing Addendum (CDPA) to ensure UK GDPR compliance.


Device Protection

  • Handset Security: I only access data on professional devices using full-disk encryption. If a device is lost or stolen, I use remote data wiping to instantly erase all information.
  • Mobile Privacy: My dedicated work phone uses biometric credentials. Privacy settings ensure no client names or message previews appear in notifications on the lock screen.


Secure Messaging

For administrative contact and scheduling, I utilise secure, encrypted platforms:

  • WhatsApp Business: This platform benefits from end-to-end encryption for professional messaging.
  • RCS Messaging: For standard text messages, I use the RCS (Rich Communication Services) encrypted messaging system, which provides end-to-end encryption between compatible devices.
  • Kiku Messaging: Encrypted and secure messaging through Kiku.


Data Redundancy and Backups

To ensure your information is protected against technical failure, I maintain an Encrypted Vault:

  • Vault Storage: Backups of client notes are stored on a separate device within a secure digital container that requires an additional, unique password to open.



5. Artificial Intelligence (AI) and Your Privacy


I use AI tools to enhance administrative efficiency, governed by strict ethical rules:

  • Clinical Summaries (Ask Gemini): I may use Ask Gemini within Google Meet to help structure session notes. It uses a live transcript but does not record audio or video. The transcript is deleted once the meeting ends. I may also use Gemini to structure your clinical notes before transferring them to Kiku.
  • No Training: Your data is not used to train Google’s public AI models.
  • Human Oversight: I review and edit every note to ensure it accurately reflects our work. AI does not make independent clinical decisions.
  • Marketing: Client data is never input into marketing AI tools. Any educational content or examples shared online are entirely fictional, or based on summaries which couldn’t identify any individual. 



6. Confidentiality and Its Limits


Our work is confidential, with exceptions in rare circumstances:

  • Safety: If I believe there is a serious risk of harm to you or others, including child protection concerns.
  • Legal Duty: If compelled by a court of law or UK legislation regarding serious crime.
  • Clinical Will: Clinical Executors are appointed to contact you only in the event of my sudden death or incapacity to ensure continuity of care.



7. Retention and Deletion


  • Archiving: Once therapy ends, Kiku automatically deletes your contact details and GP info from the active database.
  • 7-Year Rule: I retain clinical notes and appointment history for 7 years for adults, as required by professional insurance and the Statute of Limitations.
  • Minors: Records for children and young people are kept until the individual's 25th birthday, or 26th if they were 17 at the end of treatment.



8. Your Rights


You have the right to access your notes, request corrections, or request erasure. Please note that insurance and legal requirements (the 7-year rule) often take precedence over erasure requests for clinical session notes.


Contact: If you have concerns, please speak with me first. You can also contact the Information Commissioner's Office (ICO) at www.ico.org.uk.

Copyright © 2026 Inner Insight Counselling - All Rights Reserved.

  • Privacy Policy

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept