Blossom Yoga
A neatly rolled yoga mat, folded linen blanket and closed notebook resting on a sunlit wooden floor
Privacy

How I look after your information

Plain-English notes on what Blossom Yoga collects, why, how long it is kept, and the rights you have under UK GDPR. If anything is unclear, please just ask: [email protected].

Last updated: 4 May 2026

Who I am

Blossom Yoga is run by Ania Chard from Norfolk, UK. For data-protection purposes I am the data controller for any personal information you share with me through this website, by email, by phone, or in person at a class or treatment.

Contact: Ania Chard · 01603 857337 · [email protected]

What I collect, and why

I only collect what I actually need to run a small teaching practice. In practice that means:

When you use the contact form

Your name, email address, phone number (optional), the class or service you are interested in, and the message you write. This goes by email to me at [email protected] via Resend, which is the service I use to deliver form submissions.

Lawful basis: legitimate interest: you have asked me to reply.

When you book a class or treatment

Bookings are handled through Trafft (the booking widget you see embedded on service and area pages, and the standalone booking site at book.blossom.yoga). To take a booking, Trafft collects your name, email, phone number, the service and time you have chosen, and any notes you add to the booking. I see this information in my booking dashboard so I know who is coming and when.

For massage, craniosacral, and one-to-one yoga bookings, I follow up with a confidential pre-appointment health questionnaire sent through Jotform. This covers your contact details, GP if relevant, and a health history so I can plan a session that is safe for you. Jotform stores submissions in their EU data centre under UK/EU GDPR-compliant terms; I download the response and keep my working copy on a password-protected device that only I use.

Lawful basis: contract (so I can deliver the session you booked) and, for health information, your explicit consent given on the questionnaire.

When you sign up to the newsletter

Your first name and email address, submitted through the newsletter signup form on this site. These are passed to MailerLite, the service I use to send occasional emails about classes, retreat dates, and reflections on practice. I use this information only to send those emails; I do not profile subscribers or share your details with anyone else.

You can unsubscribe at any time using the link in any email, and your details will be removed promptly.

Lawful basis: consent (you tick the box on the signup form).

When you visit the website

The site is hosted by Cloudflare Pages. Cloudflare records standard server information about every visit: IP address, browser type, the page requested, and the date and time, as part of running the site safely and protecting it from abuse. I do not personally see this information; it lives in Cloudflare's logs.

The site also uses Microsoft Clarity, a behaviour analytics tool. Clarity records anonymised session data: mouse movements, clicks, and scroll behaviour, so I can understand how people use the site and improve it. Clarity may set cookies in your browser. It does not receive your name, email, or any information you type into forms. You can opt out of Clarity tracking via your browser's privacy settings or by using a browser extension that blocks analytics scripts.

Lawful basis: legitimate interest in understanding how the site is used and improving the experience for visitors.

Cookies and similar technologies

The site itself sets no cookies of its own, and I do not use advertising or targeting cookies.

Microsoft Clarity sets cookies to enable session recording and heatmap analytics. These cookies are functional to Clarity's operation and persist for up to a year. Clarity data is anonymised and not linked to your name or contact details. You can block these cookies via your browser settings or an analytics-blocking extension.

Some pages embed a Google Map showing where a class or treatment is held. When the map loads, Google may set its own cookies in your browser. That happens under Google's privacy terms, not mine; see Google's privacy policy. If you would prefer not to share that information, you can use a browser that blocks third-party cookies, or simply use the postcode shown beside each map.

Cloudflare may set a small security cookie (__cf_bm) to distinguish humans from bots. This is essential to running the site safely and is not used for advertising.

Who I share information with

I do not sell, rent, or swap your information. I share only with the small handful of services that help me run the practice:

  • Apple (iCloud Mail): my email provider; enquiries, booking confirmations, and Jotform notifications arrive in and are stored in my Apple email account.
  • Cloudflare Pages: hosts the website.
  • Google Maps: embeds location maps on area pages.
  • Jotform: sends pre-appointment health questionnaires for therapy and one-to-one bookings; submissions are stored in their EU data centre.
  • MailerLite: sends the newsletter; holds subscriber names and email addresses.
  • Microsoft Clarity: behaviour analytics (session recordings, heatmaps); receives anonymised interaction data about how visitors use the site.
  • Resend: delivers your contact-form message to my inbox.
  • Stripe: handles card payments taken through Trafft. Stripe receives card details directly; I never see or store them.
  • Trafft: booking system, embedded on service and area pages and at book.blossom.yoga; receives your booking details and the slot you choose.

Some of these providers are based outside the UK. Where that is the case, transfers are covered either by a UK adequacy decision or by Standard Contractual Clauses, as required by UK GDPR.

I will only ever disclose your information to anyone else if I am legally required to, for example by court order, or to protect the safety of you, me, or someone else.

How long I keep things

  • Contact-form enquiries: kept for up to 24 months in my email, then deleted unless you have become a regular student or client.
  • Newsletter subscribers: held in MailerLite for as long as you remain subscribed. Unsubscribing removes your details from the mailing list; I will also delete any local copy I hold within 30 days.
  • Yoga class records: kept while you are an active student and for 12 months after your last class.
  • Booking records (Trafft): held in my Trafft dashboard for as long as the account is active, so I can manage cancellations, reschedules, and reconcile payments.
  • Payment records (Stripe): Stripe retains transaction records for the periods set out in their own terms, including the seven-year period required by HMRC for UK tax purposes.
  • Pre-appointment questionnaires (Jotform): I download each response and delete the Jotform copy once it has been transferred to my treatment-notes file.
  • Therapy intake forms and treatment notes: kept for 7 years after your last appointment, in line with insurer and professional-body guidance for bodywork practitioners.
  • Server logs: Cloudflare retains these for a short period in line with their own retention policy; I have no separate copy.

Your rights

Under UK GDPR you can ask me, at any time, to:

  • See a copy of the information I hold about you (a "subject access request");
  • Correct anything that is wrong or out of date;
  • Delete your information, where there is no overriding legal reason for me to keep it;
  • Restrict how I use it, while a query is being looked at;
  • Object to a particular use of it;
  • Receive a copy in a portable format;
  • Withdraw consent for anything you previously agreed to.

To do any of the above, email me at [email protected]. I will reply within one calendar month.

If you are not happy with how I have handled your information you also have the right to complain to the Information Commissioner's Office at ico.org.uk; though I would always rather you came to me first so I can put it right.

Children

Blossom Yoga classes are aimed at adults. I do not knowingly collect information about children under 16 through this website. If a parent or guardian becomes aware that a child has provided me with personal information without consent, please contact me and I will delete it.

Payments

Card payments are taken through Trafft using Stripe as the payment processor. When you pay for a class or treatment, your card details go directly from your browser to Stripe; I do not see them, handle them, or store them at any point. Stripe is a regulated payment provider and meets PCI DSS standards.

I can also see basic transaction information in my Trafft dashboard (your name, the service paid for, the amount, and whether the payment succeeded) so I can reconcile bookings, but the card data itself stays with Stripe.

Photography at retreats

If you attend one of our retreats, limited non-intrusive photography may take place during the event. Please see our Event Photography Notice for full details of how photographs are taken, edited, and used, including your rights regarding social media sharing and how to request removal of any image. A copy of this notice is included in your booking confirmation.

Changes to this policy

If I change anything substantive about how I handle your information, I will update this page and refresh the "last updated" date at the top. For anyone with current bookings, I will also let you know by email.

Get in touch

Anything in here you would like to discuss, please just write. I would much rather hear from you than have you wonder.

Ania Chard, Blossom Yoga
[email protected]
01603 857337