Arise and Shine Consulting

Your information

Privacy Policy

Last updated: 23 June 2026

This policy explains how Arise and Shine Consulting collects, uses, shares and protects personal information when you use our website, membership platform and support services.

1. Who is responsible for your information

Arise and Shine Consulting is the data controller for the personal information described in this policy. For privacy questions or requests, email ariseandshineconsulting@gmail.com.

2. Information we collect

  • Account and identity data: name, email address, password hash, role, account status, profile details, Google identifier and avatar where you use Google sign-in.
  • Consent and security data: acceptance dates, marketing preference, IP address, browser or device information, login history, sessions, passkeys, two-factor settings and recovery information.
  • Support and assessment data: selected support areas, urgency, goals and answers used to personalise pathways. Your choices may reveal sensitive personal circumstances, including health or crisis-related needs.
  • Membership and payment data: plan, subscription status, transaction records and Stripe customer or subscription identifiers. We do not store complete payment-card details.
  • Service activity: lesson progress, resource views and downloads, bookings, appointment notes, cancellation details, notifications, forum or activity interactions and analytics events.
  • Connected-service data: provider account identifiers, access permissions and tokens needed to connect Google Calendar/Meet or Microsoft Outlook/Teams.
  • Communications: questions, feedback, support messages and marketing choices.

3. Where information comes from

Most information comes directly from you. We may also receive account details from Google when you choose social sign-in, payment and subscription information from Stripe, calendar information from Google or Microsoft when you connect those services, and technical data automatically from your use of the platform.

4. Why we use information and our lawful bases

Providing the service — contract

To create and secure your account, supply membership content, personalise pathways, process bookings and payments, provide downloads and respond to support requests.

Operating and improving the platform — legitimate interests

To monitor reliability, understand feature use, prevent misuse, improve content and administer the service. We balance these interests against your rights.

Security and legal compliance — legal obligation and legitimate interests

To keep records, prevent fraud, enforce terms, protect users and comply with accounting, consumer, safeguarding and other legal duties.

Optional marketing and connected services — consent

To send optional updates or connect third-party calendars where you choose these features. You can withdraw consent at any time.

Sensitive circumstances

Support selections may indicate health, domestic-abuse or other sensitive circumstances. We minimise this information and use it only to provide the support you request. If additional law requires a specific condition or explicit consent for further use, we will provide additional information and obtain that consent first.

5. How we use your information

  • authenticate users and maintain secure accounts;
  • recommend relevant learning pathways and resources;
  • manage memberships, payments, bookings and video-session links;
  • send service, security, booking and membership notifications;
  • support optional marketing preferences;
  • measure engagement and improve platform performance;
  • investigate abuse, errors, fraud and security incidents; and
  • meet legal, regulatory and record-keeping responsibilities.

6. Who we share information with

We share only what is necessary with:

  • hosting, database, email, security and technical service providers;
  • Stripe for billing and payment administration;
  • Google for social sign-in and, if connected, Calendar and Meet;
  • Microsoft for connected Outlook, Calendar and Teams services;
  • authorised advisers and staff who need information to provide booked support;
  • professional advisers, insurers, auditors and regulators; and
  • law-enforcement or public authorities where disclosure is required or permitted by law.

We do not sell personal information.

7. International transfers

Some technology providers may process information outside the United Kingdom. Where required, we use recognised safeguards such as UK adequacy regulations, the UK International Data Transfer Agreement or the UK Addendum to approved contractual clauses. You can contact us for information about safeguards relevant to your data.

8. How long we keep information

  • Account, membership and support-plan data: while your account is active and for a reasonable period after closure to resolve queries or legal issues.
  • Payment and transaction records: generally up to six years after the relevant transaction or relationship ends.
  • Consent and terms-acceptance records: generally up to six years after the account relationship ends.
  • Security, activity and download logs: retained only as long as reasonably needed for security, audit and service improvement.
  • Connected-service tokens: until you disconnect the integration, close your account or the token is no longer needed.

We may keep information longer where law, a dispute, safeguarding concern or regulatory requirement makes this necessary. We securely delete or anonymise information when it is no longer required.

9. Security

We use access controls, password hashing, optional two-factor authentication and passkeys, private file storage, access-controlled downloads, audit information and other organisational and technical measures. No online service can guarantee absolute security, so please use a strong unique password and keep recovery details safe.

10. Your data-protection rights

Depending on the circumstances, you may have rights to be informed, access your information, correct it, erase it, restrict its use, object to processing and receive portable data. You may also withdraw consent at any time without affecting earlier lawful processing.

Your right to object: you can object at any time to direct marketing. You may also object to processing based on legitimate interests, and we will assess your circumstances and our legal obligations.

To exercise a right, contact ariseandshineconsulting@gmail.com. We may need to verify your identity.

11. Automated recommendations

Assessment answers may be used to recommend a learning pillar or resources. These recommendations do not make legal or similarly significant decisions about you. You remain free to explore other support areas or ask for help.

12. Cookies and session storage

We use cookies and similar storage that are necessary for sign-in, security, preferences and core platform operation. If we introduce non-essential advertising or analytics cookies, we will provide appropriate information and choices before using them.

13. Complaints

Please contact us first so we can try to resolve your concern. You also have the right to complain to the Information Commissioner’s Office (ICO), the UK data-protection regulator, through ico.org.uk/make-a-complaint or by calling 0303 123 1113.

14. Changes to this policy

We may update this policy when our services, providers or legal obligations change. Material updates will be communicated through the platform or by email, and the latest update date will appear above.