Privacy Policy: Éalú Therapy

Effective Date: 3rd April 2026

Data Controller: Klara Crean, Éalú Therapy

Website: www.ealutherapy.com

1. Introduction

This Privacy Policy outlines how Éalú Therapy (“I”, “me”, “the practice”) collects, uses, and protects your personal and sensitive data. As a psychotherapy practice based in Ireland, I comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

2. The Types of Data Collected

I process the following categories of information:

  • Identity Data: Name, date of birth, and contact details (email and phone).

  • Sensitive Clinical Data: Information regarding your mental health, medical history, and session notes. The legal basis for processing this is the Provision of Health or Social Care.

  • Financial Data: Records of payments made for sessions or digital products. I do not store full credit card numbers; these are handled by encrypted third-party processors.

  • Technical Data: IP addresses and cookies collected via Squarespace for website functionality and analytics.

3. How Data is Collected

  • Direct Interaction: Information you provide via contact forms, intake forms, or during therapy sessions.

  • Automated Technologies: Cookies and tracking pixels used by Squarespace.

  • Third-Party Tools: Data provided when you schedule via Calendly or purchase a product via Payhip.

4. Third-Party Data Processors

To provide a professional service, I share specific data with the following GDPR-compliant processors:

Squarespace: Website hosting and internal analytics.
Calendly: Appointment scheduling and booking management.
Stripe: Payment processing for 1:1 sessions (post-session billing).
Payhip: Merchant of Record for digital worksheets (handles global tax/delivery).
Zoom: Secure, encrypted video conferencing for telehealth sessions.
Namecheap: Technical domain management.

5. Data Retention

  • Clinical Records: In accordance with Irish professional indemnity insurance and clinical guidelines (IACP/PSI), clinical notes are retained for 7 years following the conclusion of therapy. For minors, records are kept until the client reaches age 25.

  • Administrative/Tax Data: Financial records are kept for 6 years to comply with Revenue Commissioner requirements.

6. Your Legal Rights

Under the GDPR, you have the following rights:

  • Right of Access: You may request a copy of the personal data I hold about you.

  • Right to Rectification: You may request that I correct inaccurate or incomplete information.

  • Right to Erasure: You may request the deletion of your data, provided it does not conflict with my legal or ethical obligations for clinical record retention.

  • Right to Data Portability: You may request a transfer of your data to another provider.

7. Security

I employ high-level security measures to protect your data, including the use of encrypted communication platforms (Zoom), password-protected hardware, and secure, professional-grade software. All financial payouts are managed through a dedicated AIB Business Account to ensure clear separation of professional and personal funds.

8. Contact Information

For any questions regarding this policy or to exercise your data rights, please contact:

Klara Crean

Email: hello@ealutherapy.com