Skip to content
Kiara Allesshah

Legal

Privacy policy

Last updated: 12 May 2026

1. Who I am

This site is operated by Kiara Allesshah, a coaching business based in the United Kingdom. I am the data controller for the personal information you provide through this site.

Contact for privacy matters: contact form.

2. What I collect

  • Information you give me through forms: name, email, phone, Instagram handle, business stage, application answers, and any message you send.
  • Newsletter opt-in details (if you subscribe): email address and any preferences you indicate.
  • Usage information: pages visited, referrer, basic device metadata (browser, language).
  • Traffic source markers: UTM tags and the referring URL, used to understand how you found the site.
  • Cookies, see the cookie policy. Only essential cookies load without your consent.

3. Why I collect it (lawful basis under UK GDPR)

  • To respond to your enquiry or application, lawful basis: legitimate interest (replying to a message you sent) or pre-contractual steps if you've applied for coaching.
  • To deliver coaching services if we work together, lawful basis: contract.
  • To send the newsletter or marketing emails, lawful basis: your consent. You can withdraw consent at any time via the unsubscribe link in every email.
  • To understand how the site is used, lawful basis: consent (analytics cookies, only if you accept them).
  • To meet legal obligations (e.g. accounting, tax records), lawful basis: legal obligation.

4. Who I share it with

I use trusted third-party processors to operate this site and my coaching business. Each processes data on my behalf under a data processing agreement:

  • Resend, sending transactional emails (form submissions, replies). Resend is based in the US and provides UK GDPR-compliant transfers.
  • Vercel, hosting this website. Vercel processes basic request logs.
  • Cal.com, booking discovery calls (when you reach that stage).
  • Newsletter provider, to be named once selected; only used if you opt in.

I do not sell your personal data. I do not share it with third parties for advertising.

5. International transfers

Some of the processors above are based outside the UK (mostly the US). Where this is the case, the transfer is covered by the UK International Data Transfer Agreement, Standard Contractual Clauses, or an adequacy decision, whichever applies for the specific processor.

6. How long I keep your information

  • Enquiry / application data: up to 24 months after our last contact, then deleted.
  • Client records: for the duration of the engagement plus 6 years afterwards (HMRC accounting record requirement).
  • Newsletter subscribers: until you unsubscribe, plus a short suppression record afterwards so I don't accidentally re-add you.
  • Analytics: aggregated and anonymised; raw cookie data subject to the analytics provider's retention (typically 14–26 months).

7. Your rights under UK GDPR

You have the right to access your data, correct it, erase it, restrict or object to processing, and request portability. To exercise any of these rights, get in touch via the contact form. I'll respond within one month.

If you're not happy with how I've handled your data, you can complain to the UK's data protection regulator, the Information Commissioner's Office (ICO):ico.org.uk.

8. Security

I take reasonable technical and organisational measures to protect your data, including HTTPS everywhere, access controls on third-party services, and principle-of-least-privilege for anyone who needs access.

9. Changes to this policy

I'll update this page when practices change. The “Last updated” date at the top reflects the current version.