Legal
Privacy Policy
Last updated: July 2026
This Privacy Policy explains how Inner Bloom (“we”, “us”) collects, uses and protects your personal data when you visit our website or interact with us. We handle personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Who we are
Inner Bloom is the operator of this website and acts as the data controller for the personal data described here. You can reach us at innerbloomadmin@gmail.com.
What we collect
- Information you give us — for example when you email us or sign up for the membership or Ambassador Programme (name, email, and any message you send).
- Technical data — device, browser, approximate location and pages visited, only where you have consented to analytics cookies.
- Cookie preferences — stored locally in your browser so we remember your choice.
How we use it
- To respond to enquiries you send us.
- To operate and secure the website.
- Where you have opted in, to send you marketing emails about Inner Bloom content, challenges, offers and updates.
- To understand how the site is used (only with your analytics consent).
Lawful bases
We rely on the following lawful bases under UK GDPR:
- Consent — for analytics and marketing cookies, and for marketing emails.
- Legitimate interests — for responding to your enquiries, keeping the site secure, and preventing fraud or abuse.
- Contract — where you sign up to a paid membership, to provide it to you.
Sharing your data
We do not sell your personal data. We may share it with trusted service providers who help us run the site, process payments (for memberships), and deliver emails you have opted into. These providers act on our instructions and are contractually bound to protect your data.
Payments
Memberships are processed by ThriveCart. When you click a plan you are taken to ThriveCart’s secure checkout, where you enter your payment details directly with them. Inner Bloom does not see or store your card details. ThriveCart’s handling of your data is governed by their own privacy policy.
Third-party services we currently use
- ThriveCart — checkout and payments for memberships.
- Email inbox provider — used to receive and reply to messages sent to innerbloomadmin@gmail.com.
We do not currently run analytics, advertising pixels, or third-party embeds. If we add any in future they will only load with your consent.
International transfers
Some providers may process data outside the UK. Where they do, we rely on appropriate safeguards such as UK adequacy regulations or the International Data Transfer Addendum to the EU Standard Contractual Clauses.
How long we keep it
We keep personal data only as long as needed for the purpose it was collected — for example, we keep enquiry emails long enough to respond and follow up, and marketing contacts until you unsubscribe.
Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you.
- Ask us to correct inaccurate data.
- Ask us to erase your data (“right to be forgotten”).
- Restrict or object to certain processing.
- Data portability.
- Withdraw consent at any time (without affecting prior processing).
- Complain to the Information Commissioner’s Office (ICO) at ico.org.uk.
To exercise any of these rights, email innerbloomadmin@gmail.com.
Marketing emails
We only send marketing emails to people who have specifically opted in. You can unsubscribe at any time using the link in any email, or by emailing us.
Cookies
For information about the cookies we use and how to change your choices, see our Cookie Policy.
Changes
We may update this Policy from time to time. Material changes will be reflected by an updated “last updated” date at the top of this page.