Privacy Policy

Last updated: October 2025

Thriyv (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you visit our website www.thriyv.co.uk, use our services, or interact with us digitally or in person.

By using Thriyv’s website, booking system, or wellness services, you agree to be bound by this Privacy Policy.

1. Who We Are

Thriyv is a wellness company based in Manchester, United Kingdom, offering health, recovery, and performance therapies to support long-term wellbeing.

If you have any questions about this policy or how we process your data, please contact us:

info@thriyv.co.uk
www.thriyv.co.uk
Manchester, United Kingdom

2. Our Commitment to Your Privacy

We are committed to complying with all relevant data protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy regulations.

We aim to:

• Handle personal information responsibly and transparently.
• Only collect information necessary to provide our services.
• Store and process data securely.
• Never sell or rent your personal data.

3. Information We Collect

We may collect personal and non-personal information through our website, app, booking system, email communications, social media platforms, and in-person services.

Personal data you provide directly:

• Name, email address, and phone number
• Date of birth and gender (where relevant to health services)
• Billing address or payment information (processed securely via Square)
• Medical or wellness information you voluntarily share for service suitability
• Booking details and service preferences
• Feedback, testimonials, or communication history

Automatically collected information:

When you use our website or booking system, certain data is automatically collected:

• IP address and device type
• Browser type and operating system
• Date/time of access and referring pages
• Interaction data (pages visited, clicks, time spent on site)

This information helps us understand user behaviour and improve website functionality.

4. Lawful Basis for Processing

We only process your personal data where there is a lawful basis under the UK GDPR, including:

• Consent: When you opt in to marketing communications or provide health information voluntarily.
• Contract: When it’s necessary to fulfil a booking, purchase, or agreement with you.
• Legal obligation: To comply with tax, accounting, or regulatory requirements.
• Legitimate interests: To improve services, ensure security, and enhance customer experience.

5. How We Use Your Information

We use personal data for the following purposes:

• To manage bookings, appointments, and memberships
• To process payments securely via Square
• To communicate with you regarding appointments, updates, or inquiries
• To deliver marketing communications (only if you’ve opted in)
• To personalise your experience on our website and services
• To improve our business operations and service quality
• To meet legal and regulatory obligations

6. Data Storage and Processing

Thriyv uses HubSpot as our primary Customer Relationship Management (CRM) and marketing platform. HubSpot securely stores contact data, form submissions, booking details, and communication preferences.

• HubSpot servers may operate outside the UK; however, all data transfers comply with UK GDPR and use approved Standard Contractual Clauses (SCCs) to ensure adequate protection.
• Access to HubSpot is restricted to authorised Thriyv staff.

HubSpot Privacy Policy:

https://legal.hubspot.com/privacy-policy

7. Payment Processing (Square)

All card payments are processed by Square. Thriyv does not store or have access to your full card details. Square encrypts and secures all payment data.

Square Privacy Policy:

https://squareup.com/gb/en/legal/general/privacy

8. Marketing and Communications

We may contact you with news, offers, and wellness information if you have subscribed or opted in to receive such communications. You can unsubscribe at any time using the “unsubscribe” link in our emails or by contacting us directly.

All marketing communications are managed through HubSpot, which ensures compliance with GDPR consent requirements.

9. Cookies and Tracking Technologies

What Are Cookies?

Cookies are small text files placed on your device that store information about your preferences and
activity.

We use cookies to:

• Remember your preferences and login sessions
• Improve website performance and security
• Analyse site traffic and user behaviour
• Deliver relevant advertisements through third-party platforms

You can disable cookies in your browser settings, but doing so may affect website functionality.

For more information about cookies, visit www.allaboutcookies.org.

10. Meta (Facebook & Instagram) Data

Thriyv uses Meta advertising services (including the Meta Pixel) to measure, optimise, and deliver ads that are relevant to your interests.

When you visit our website, Meta may collect data such as:

• Your IP address and device information
• The pages you visit and actions you take (e.g. booking a service)
• Your interactions with Thriyv’s Facebook or Instagram ads

This data helps us understand the effectiveness of our advertising campaigns and reach users interested in our services.

How we handle Meta data:

• We only share limited, pseudonymised data (never sensitive or identifiable information).
• Meta may use cookies or similar technologies for ad delivery and measurement.
• You can manage how Meta uses your data for advertising by adjusting your settings at:
  • Facebook Ad Preferences
  • Meta Privacy Policy

Thriyv does not sell or directly share personal information with Meta for profit.

11. Google Analytics and Advertising

We use Google Analytics and Google Ads to analyse website traffic and marketing performance. Google collects anonymised data such as IP addresses, device type, and browsing patterns.

You can opt out of Google Analytics tracking here:

https://tools.google.com/dlpage/gaoptout

Google’s Privacy Policy:

https://policies.google.com/privacy

12. IP Addresses and Log Files

When you visit our website, our servers may automatically log your IP address. This helps us administer the site, monitor usage trends, and prevent fraud or security breaches.

IP addresses are not linked to identifiable personal information.

13. Non-Personal Information

We may collect non-identifiable data such as browser type, operating system, referral source, and time spent on the website. This information is used to improve user experience and analytics and cannot identify you personally.

14. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information.

Your data may be shared only with:

• HubSpot (CRM and marketing platform)
• Square (payment processor)
• Meta and Google (advertising and analytics)
• Professional service providers (IT support, accountants, or legal advisors) under confidentiality agreements

We may also disclose personal data if required by law, court order, or regulatory authority.

15. Data Security