Privacy and Cookies Policy, phatic.pro and phatic.ai

Last updated: 18 August 2025

1. Who we are and how to contact us

This notice applies to visitors and users of phatic.pro and phatic.ai. “We”, “us”, and “our” mean Phatic.

Contact, privacy@phatic.pro

2. What we collect, why we collect it, and our legal bases

We only collect personal data that you choose to give us, or that is necessary for security, site operation, and measurement.

2.1 Website analytics

Tools used

Data categories

Page URLs, referrer, approximate location derived from technical signals, device and browser details, events like page views and engagement.

Legal basis

Cloudflare Web Analytics, our legitimate interests in non invasive measurement without cookies.
GA4, consent under PECR and UK GDPR. We will not set analytics cookies unless you opt in. The banner provides an equally prominent Accept analytics and Reject analytics choice, and lets you change your mind later.

2.2 Booking a lesson

What we collect

First name, last name, email address, plus any optional info you add, for example a social or company profile link.

How collected

Via Google Calendar appointment schedules on the Google booking page.
support.google.com/calendar/answer/10729749

Purpose

To schedule and manage your appointment, send confirmations and reminders, and deliver the service.

Legal basis

Performance of a contract, or steps at your request before entering a contract.

Where stored

In our Google account, for example Google Calendar entries and related emails.

2.3 Payments for bookings

Processor

Payments on the Google booking page are handled by Stripe. You connect and pay on Stripe checkout, Google Calendar does not process or store card details. All payments and refunds are handled in Stripe.
support.google.com/a/answer/13765946
support.google.com/calendar/answer/13762729

What we receive

Booking details, payment status, and basic billing information in our Stripe dashboard, not full card numbers. See Stripe’s privacy and data processing terms.
stripe.com/privacy
stripe.com/legal/dpa
stripe.com/legal/data-privacy-framework

Legal bases

Performance of a contract, and legal obligation for tax and accounting.

Where stored

In our Stripe and Google accounts.

2.4 Contacting us by email

What we collect

The information you send us, for example your name, email, and message.

Purpose

To respond to your enquiry.

Legal basis

Our legitimate interests in responding to your request.

2.5 Bot protection for email reveal

We use Cloudflare Turnstile to protect the part of the site that reveals our contact email. Turnstile is used for security and access control. In normal operation it does not set cookies, if we enable the optional pre clearance feature, Turnstile may set a short lived cf_clearance cookie to let trusted visitors bypass challenges. This is strictly necessary for security, so consent is not required.
developers.cloudflare.com/turnstile/get-started/pre-clearance/
developers.cloudflare.com/fundamentals/reference/policies-compliances/cloudflare-cookies/
developers.cloudflare.com/turnstile/turnstile-analytics/challenge-outcomes/

2.6 Security and service operation

When you visit our sites, our hosting and security provider, Cloudflare, processes network level data such as your IP address and basic device information as a necessary part of delivering pages to your browser and protecting the service from abuse. We rely on our legitimate interests in operating a secure, reliable website. We do not receive IP addresses in our analytics reports, and we do not attempt to identify individual visitors from security data.

2.7 Service and marketing emails to existing clients

If you become a one to one client, we may send you service messages and occasional emails about similar services. For individual subscribers in the UK we may rely on the “soft opt in” where permitted, and will give you the chance to opt out when we collect your details and in every message. You can opt out at any time.
ico.org.uk/for-organisations/direct-marketing-and-privacy-and-electronic-communications/guidance-on-direct-marketing-using-electronic-mail/

2.8 Information we receive from third parties

We also receive booking status from Google Calendar, and payment status and basic billing information from Stripe, so we can confirm your booking and manage refunds.

2.9 No special category data, no automated decision making

We do not ask for special category data, for example health information or political opinions, please do not include this in messages or bookings.
We do not make decisions about you that have legal or similarly significant effects based solely on automated processing.

3. Cookies and similar technologies

3.1 What we use

Essential cookies

Only those required to operate security features like Turnstile pre clearance, if enabled.

Analytics cookies

GA4 sets first party cookies only when you consent. Per Google’s documentation, GA4 sets,
_ga, default two years, used to distinguish users.
_ga_<container-id>, default two years, used to persist session state.
support.google.com/analytics/answer/11397207

3.2 Your choices

On your first visit we ask for consent to set analytics cookies. You can Accept analytics or Reject analytics, shown with equal prominence, analytics are off by default, and you can change your choice any time using Cookie settings in our footer. We will not set GA4 cookies before you consent.
ico.org.uk/for-organisations/direct-marketing-and-privacy-and-electronic-communications/guide-to-pecr/cookies-and-similar-technologies/

Cookie table

  • _ga, first party, up to two years, Google Analytics 4, used to distinguish users.
  • _ga_<container-id>, first party, up to two years, Google Analytics 4, used to persist session state.
  • cf_clearance, first party, up to 24 hours, Cloudflare Turnstile, essential security cookie used to remember that you passed a challenge, set only if pre clearance is enabled.

4. Where your data lives and international transfers

Our sites are hosted and secured by Cloudflare. We use Google Workspace and Google Calendar for email and scheduling, and Stripe for payments.

Where data is transferred to the United States, we rely on appropriate safeguards. For eligible services and vendors that participate in the EU United States Data Privacy Framework and its UK Extension, transfers can occur to certified organisations. Otherwise, we rely on Standard Contractual Clauses as applicable.
dataprivacyframework.gov/
gov.uk/government/publications/uk-us-data-bridge-supporting-documents/uk-us-data-bridge-explainer

Where helpful, we also use regional controls to keep data in the EU or UK when available, for example Google Workspace data regions, and Cloudflare’s data localisation features.

Vendor specifics

5. Who we share your information with

We do not sell your personal information. We share data with the following providers only to operate our website and services, subject to their terms.

6. How long we keep your information

Analytics

GA4 user and event level data retention is set to 14 months. Aggregated standard reports are not affected by this setting.
support.google.com/analytics/answer/7667196

Bookings

Up to 24 months after your last appointment, unless we need to keep it longer for legal or accounting reasons.

Email enquiries

12 months after we close your ticket, unless needed longer to resolve an issue.

Payments and invoices

Up to 6 years to meet UK tax record keeping requirements. If you are self employed, keep records for at least five years after the 31 January submission deadline for the relevant tax year.

7. Your rights

Under UK GDPR, and where applicable EU GDPR, you have rights to access, rectification, erasure, restriction, objection, and data portability, and the right to withdraw consent at any time. To exercise your rights, email privacy@phatic.pro.
We respond within one month of receiving your request. We may extend by up to two further months if the request is complex, we will let you know if we do.

You can complain to the Information Commissioner’s Office if you are unhappy with how we use your data. See ico.org.uk. EU residents may complain to their local supervisory authority.
ico.org.uk/

8. EU representative

If we regularly offer services to people in the EEA and have no EU establishment, we may appoint an EU representative under Article 27 GDPR, and will update this notice with their details.

9. Children

Our site and services are for adults. We do not knowingly collect personal data from children.

10. Security

We use appropriate technical and organisational measures, for example HTTPS, access controls, least privilege, and monitoring. We may process and retain limited information where necessary for security, fraud prevention, and for establishing or defending legal claims.

11. Changes to this notice

If we make material changes, we will update this page and the date at the top.

Cookie banner copy, minimal and compliant

Show this on first visit, do not set GA cookies until accepted, and include a persistent Cookie settings link in the footer.

Analytics cookies help us improve our site. We will set them only if you accept. You can change your choice any time in Cookie settings.
[Accept analytics] [Reject analytics]
Cookie Consent Settings

You have not yet made a choice regarding analytics cookies.

Changing your setting will reload the page.

Analytics cookies help us improve our site. We will set them only if you accept. You can change your choice any time in our Privacy and Cookies Policy.