Let me do the privacy policy first, then answer the GHL cookie question after.

Privacy Policy

Effective Date: 21 March 2026

1. Introduction

Welcome to Thriving Daily. This Privacy Policy outlines how Thriving Daily Ltd ("Thriving Daily," "we," "us," or "our") collects, protects, and uses your personal data when you engage with our website (thrivingdaily.com), digital assessments, and coaching services.

We are committed to protecting your privacy in strict compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller Details: Company: Thriving Daily Ltd Company Number: 13931317 Contact Email: [email protected]

2. The Data We Collect

To provide our services, we collect the following categories of data:

Identity & Contact Data: Your name, email address, and phone number when you opt into our newsletter, apply for coaching, or purchase a digital product.

Diagnostic & Assessment Data: Information regarding your personal patterns, challenges, and life structure provided when you take the 3-Minute Blueprint, complete the Life Blueprint Assessment, or submit a coaching application.

Transaction & Financial Data: Details about payments to and from you. All payment processing is handled securely by Stripe. We do not hold or store your full card data.

Technical & Behavioural Data: Your IP address, browser type, and operating system. We use CRM tracking via GoHighLevel to monitor email open rates, link clicks, and access timestamps for our digital products.

Coaching Session Data: Notes, frameworks, communications, and recordings generated during coaching sessions.

Cookie Data: Information collected via cookies about how you interact with our website. See Section 10 for details.

3. How We Use Your Data & Our Lawful Basis

Under UK GDPR, we only process your data when we have a valid legal basis:

To deliver our services (Performance of a Contract): We use your Identity, Diagnostic, and Transaction data to generate your Assessment results, facilitate coaching sessions, and manage your Practice membership.

To enforce compliance (Legitimate Interest): We use Technical & Behavioural Data, such as timestamped link-click tracking, to verify access to digital products and enforce our refund policy under UK Consumer Contracts Regulations.

To administer merit-based rewards (Performance of a Contract / Legitimate Interest): We use Technical & Behavioural Data to track eligibility for and automatically deliver rewards such as complimentary access to The Practice for completing twelve consecutive Sweet Spot micro-actions.

To communicate and educate (Consent / Legitimate Interest): We use your Contact Data to send you The Sweet Spot newsletter and relevant updates. You may opt out at any time via the unsubscribe link in any email.

4. Confidentiality & Recordings

We treat all coaching sessions with the highest level of confidentiality.

1-on-1 Coaching Sessions: For internal quality assurance and service improvement, coaching sessions may be recorded. These recordings are strictly internal and proprietary. They are never distributed, sold, or shared publicly.

The Practice — Group Sessions: When The Practice launches, live group sessions may occasionally be recorded and made available exclusively within The Practice for member review. By participating in a group session, you acknowledge that your likeness or audio may be captured and shared within the secure Practice environment. We will notify members in advance of any session being recorded.

5. Who We Share Your Data With

We do not sell, trade, or rent your personal data. We share data only with the following vetted third-party partners necessary to operate our services:

GoHighLevel: Our CRM and marketing automation platform, used for email delivery, form hosting, and digital tracking.

Stripe: Our secure payment gateway.

Video Conferencing Platforms: Such as Zoom or Google Meet, used to host and record coaching sessions.

Legal Authorities: If required by law, court order, or to protect our legal rights.

6. International Data Transfers

Some of our infrastructure partners, including GoHighLevel and Stripe, are based outside the UK, primarily in the United States. When your data is processed outside the UK, we ensure it is protected by appropriate legal safeguards, including the UK Extension to the EU-US Data Privacy Framework or standard contractual clauses approved by the Information Commissioner's Office (ICO).

7. Data Retention

We retain your data only for as long as necessary to fulfil the purposes outlined in this policy:

Financial & Tax Records: Retained for 7 years to comply with UK law.

Life Blueprint Assessment Data: Retained for the duration of our working relationship and for up to 3 years thereafter to facilitate future assessments, unless you request deletion sooner.

Coaching Records: Retained for the duration of our working relationship and for a standard period thereafter, unless you request deletion.

Newsletter & Marketing Data: Retained until you unsubscribe or request deletion.

8. Age Requirements

Our website, products, and services are strictly intended for individuals aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we become aware that we have inadvertently collected data from a minor, we will delete it immediately.

9. Your Data Protection Rights

Under UK data protection law, you have the following rights:

The Right to be Informed: To know how your data is being used, as fulfilled by this policy.

The Right of Access: To request a copy of the data we hold about you.

The Right to Rectification: To request corrections to inaccurate data.

The Right to Erasure: To request deletion of your data, subject to our legal and tax retention obligations.

The Right to Object or Restrict: To opt out of marketing communications or object to specific processing.

The Right to Data Portability: To request the transfer of your data to another service provider.

To exercise any of these rights, please email [email protected]. If you believe we have not handled your data correctly, you have the right to lodge a complaint with the UK Information Commissioner's Office at ico.org.uk.

10. Cookies

Our website uses cookies to function and to understand how visitors use our site.

Essential cookies: Required for the website to operate. These cannot be disabled.

Analytical cookies: Help us understand how visitors interact with our site so we can improve it. These are only placed with your consent.

Marketing cookies: Used to track the effectiveness of our marketing. These are only placed with your consent.

You can manage your cookie preferences at any time via the cookie banner on our website. You can also control cookies through your browser settings.

For more information about cookies and how to manage them, visit allaboutcookies.org.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. We encourage you to review this policy periodically.

12. Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact us at [email protected].