Amplify To Thrive

Privacy Notice

Last updated: April 2026

This Privacy Notice explains how Amplify to Thrive, trading name of Nicci Lou (Legal name Nicola Yarnold), collects, uses, stores, and protects your personal data. It applies to everyone who visits our website, purchases our services, joins our community, or contacts us.

We are committed to handling your personal data with care, honesty, and respect - including the sensitive information many of our clients choose to share with us. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025.=

1. Who We Are

Data Controller: Nicci Lou, trading as Amplify to Thrive

Contact email: nicci@amplifytothrive.com

Website: www.amplifytothrive.com

If you have any questions about how we use your personal data, please contact us at the email address above.

2. What Personal Data We Collect

Website visitors

  • Technical data such as IP address, browser type, and pages visited (collected automatically via cookies and analytics tools)

  • Any information you provide via contact forms or email enquiries

Clients and programme participants

  • Your name and contact details (email address, phone number, postal address)

  • Payment information - processed securely by Stripe; we do not store your card details

  • Information you provide in our client intake form, including coaching history, 90-day goals and preferences

Special category data (sensitive personal data)

With your explicit consent, we may collect and process the following sensitive personal data through our client intake process:

  • Neurodivergence diagnoses and related conditions

  • Mental health information and diagnoses

  • Prescription medication relevant to your coaching

  • Sexual orientation and gender identity

You are never obligated to share this information. It is requested solely to help us provide you with the most appropriate, informed and safe support. This data is handled with the highest level of care and is never shared with third parties except where required by law or where there is a risk of harm to you or others. 

Email subscribers and marketing contacts

  • Your name and email address

  • Your engagement with our emails (opens and clicks), where you have consented to marketing

3. How We Use Your Personal Data and Our Legal Basis

We only process your personal data where we have a lawful basis to do so. The table below sets out how we use your data and why.

Providing coaching, programmes, and services - Legal basis: Performance of a contract

Processing payments - Legal basis: Performance of a contract

Sending you programme materials and session information - Legal basis: Performance of a contract

Responding to your enquiries - Legal basis: Legitimate interests

Sending marketing emails where you have subscribed - Legal basis: Consent (you can withdraw at any time)

Sending marketing emails to existing clients about similar services - Legal basis: Legitimate interests (soft opt-in), with opt-out always available

Processing sensitive personal data shared in your intake form - Legal basis: Explicit consent

Complying with legal obligations —-Legal basis: Legal obligation

Keeping records of complaints and data requests - Legal basis: Legal obligation

4. How We Store Your Data

Your data is stored within the following systems:

  • Simplero - our website, client management, email marketing and course delivery platform. Simplero is based in the USA and is subject to appropriate data transfer safeguards.

  • Gmail (Google Workspace) - for email correspondence in follow up emails

  • Google Meet - for video coaching sessions. Sessions are not recorded as standard and certainly not without your prior explicit consent.

  • Zoom - used as an alternative video platform where needed. Sessions are not recorded without your prior explicit consent.

  • Stripe - for secure payment processing. Stripe stores your payment data in accordance with PCI-DSS standards. We do not store your card details.

We do not use AI tools to process, store, transcribe, or analyse any personal data shared by clients. Your sessions are never recorded or transcribed using AI note-taking tools on our end.

We recognise that some clients may use AI-assisted tools as a reasonable adjustment for accessibility needs - for example, live captioning or speech-to-text software. If you use such tools, please let us know before your first session so we can discuss how to ensure your needs are met while protecting the privacy and confidentiality of all participants.

In group coaching sessions, participants are asked not to use AI recording or transcription tools without the explicit consent of all others present. Where an accessibility need requires an exception, this will be handled sensitively and agreed with the group in advance.

5. How Long We Keep Your Data

  • Client coaching records: We do not retain formal session notes. Any informal working notes made during sessions consist of brief, unnamed words only and are not linked to any individual. These notes are destroyed when the notebook is full or no longer in use, and are not stored as part of your client record. We may retain correspondence for longer where we have a legitimate reason to do so. 

  • Email correspondence with clients, including session follow-up summaries: 7 years from the end of our working relationship, for legal and contractual purposes. 

  • Financial and payment records: 7 years, as required by HMRC

  • Marketing consent records: Until you withdraw consent, plus 2 years

  • Enquiry emails: 2 years from the date of last contact. We may retain correspondence for longer where we have a legitimate reason to do so. 

  • Client welcome packs contain both contractual information and sensitive personal data provided voluntarily at onboarding. The contractual pages are retained for 7 years from the end of our working relationship for legal and contractual purposes.

  • Sensitive personal data within the welcome pack is securely deleted within 6 months of our final session. Where the welcome pack is stored as a Google Doc, we save the contractual pages as a PDF before deleting the original document entirely, ensuring complete removal including version history so that no recoverable copy remains.

  • Where a completed welcome pack has been returned as an email attachment, the attachment the personal information remains within the contractual document for the 7 years and associated email are deleted once the document has been saved to our secure storage. All deleted items are permanently removed within 30 days.

  • Our local systems and devices are protected by Avira Security Prime. Our cloud-based systems, including Google Drive, Gmail, and Simplero, are protected by their respective platform security infrastructure, each of which maintains industry-standard security certifications.

6. Who We Share Your Data With

We do not sell your personal data. We do not share your personal data with third parties for their own marketing purposes.

We share data only where necessary with the following categories of trusted service providers who process data on our behalf:

  • Simplero Inc - platform and email delivery

  • Stripe Inc - payment processing

  • Google LLC - email (Gmail) and video calls (Google Meet)

  • Zoom Video Communications - video calls (where used)

All third-party processors are required to handle your data securely and in accordance with UK GDPR. Where data is transferred outside of the UK or EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or reliance on adequacy decisions.

We may also disclose your data where required by law, or where we have a genuine belief that disclosure is necessary to protect the safety of you or another person.

7. International Data Transfers

Some of our service providers are based outside the UK, including the United States. When we transfer your data internationally, we ensure that appropriate safeguards are in place in line with UK GDPR requirements. Simplero and Stripe maintain Standard Contractual Clauses and/or adequacy mechanisms to ensure your data is protected to UK standards.

8. Cookies

Our website uses cookies. Cookies are small text files placed on your device to help the website function, remember your preferences, and (where you have consented) provide analytics information.

We use:

  • Essential cookies - necessary for the website to function. These cannot be switched off.

  • Analytics cookies - help us understand how visitors use our site. These are only placed with your consent.

You can manage your cookie preferences at any time using the cookie banner on our website. You can also control cookies through your browser settings.

9. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • The right to be informed - to know how we use your data (this notice fulfils that obligation)

  • The right of access - to request a copy of the personal data we hold about you

  • The right to rectification - to ask us to correct inaccurate data

  • The right to erasure - to ask us to delete your data in certain circumstances

  • The right to restrict processing - to ask us to limit how we use your data

  • The right to data portability —-to receive your data in a portable format

  • The right to object - to object to processing based on legitimate interests

  • Rights related to automated decision-making —-we do not use automated decision-making or profiling

  • The right to withdraw consent - at any time, where processing is based on consent

To exercise any of these rights, please contact us at nicci@amplifytothrive.com. We will respond within one calendar month. There is no charge for making a request.

10. Marketing Emails

We will only send you marketing emails where you have given your consent, or where we are permitted to do so under the soft opt-in rule (i.e. you are an existing client and we are marketing similar services).

Every marketing email we send includes an unsubscribe link. If you receive an email without an opt out this is not a marketing email but an email sent directly from Nicci or her team to you in relation to a service you asked about. You can still opt out at any time by hitting reply.  When you unsubscribe, we suppress your details rather than delete them, to ensure we do not contact you again in error.

We do not purchase email lists, scrape data, or add contacts to our mailing list without a lawful basis.

11. Data Protection Complaints

If you have a concern about how we handle your personal data, we encourage you to contact us first at nicci@amplifytothrive.com so that we can try to resolve it. We take all complaints seriously and will respond within 30 days.

If you are not satisfied with our response, or if you believe we are processing your data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: www.ico.org.uk

  • Telephone: 0303 123 1113

  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

12. Changes to This Notice

We may update this Privacy Notice from time to time to reflect changes in our practices or legal requirements. The most current version will always be available on our website. The date at the top of this notice shows when it was last updated. If we make significant changes, we will notify you by email where we hold your contact details.

Amplify to Thrive | nicci@amplifytothrive.com | www.amplifytothrive.com

Amplify to Thrive is a trading name of Nicci Lou (Nicola Yarnold). Registered in England and Wales.