Privacy Policy

1. Introduction

Heal Root (“we”, “our”, “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website healroot.ai, use our services, or purchase products from our shop. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

We may collect the following types of personal information:

• Contact information: name, email address, telephone number, and postal address.
• Health information: details you share during consultations about your health, lifestyle, and wellbeing. This is classified as special category data under GDPR.
• Payment information: processed securely through Stripe. We do not store your card details.
• Website usage data: IP address, browser type, pages visited, and time spent on the site, collected via cookies and analytics tools.
• Communication data: messages you send via our contact form, email, or chatbot.

3. How We Use Your Information

• To provide and improve our holistic healing services and consultations.
• To process orders and payments for products purchased through our shop.
• To respond to your enquiries and provide customer support.
• To send you information about our services, workshops, and products (only with your consent).
• To improve our website, services, and user experience.
• To comply with legal obligations.

4. Legal Basis for Processing

We process your personal data on the following legal bases: your explicit consent (particularly for health-related data), performance of a contract (when providing services or fulfilling orders), legitimate interests (improving our services and website), and compliance with legal obligations.

5. Data Sharing

We do not sell your personal information. We may share your data with trusted third-party service providers who assist us in operating our website and business, including Stripe (payment processing), Vercel (website hosting), and email service providers. All third parties are required to respect the security of your data and treat it in accordance with the law.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Health-related consultation records are retained for a minimum of 8 years in accordance with professional guidelines. You may request deletion of your data at any time, subject to our legal obligations.

7. Your Rights

Under the UK GDPR, you have the following rights:

• The right to access your personal data.
• The right to rectification of inaccurate data.
• The right to erasure (“right to be forgotten”).
• The right to restrict processing.
• The right to data portability.
• The right to object to processing.
• The right to withdraw consent at any time.

To exercise any of these rights, please contact us at hello@healroot.ai.

8. Cookies

Our website uses cookies to enhance your browsing experience. Essential cookies are necessary for the website to function properly. Analytics cookies help us understand how visitors use the site. You can manage your cookie preferences through your browser settings.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

10. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.