NeuroUniverse Privacy Policy

Last updated: 13 February 2026 Introduction NeuroUniverse (“we”, “us”, or “our”) is committed to protecting your privacy and the privacy of the children and families we support. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website, membership services, or training programmes. We understand that the…

Last updated: 13 February 2026

Introduction

NeuroUniverse (“we”, “us”, or “our”) is committed to protecting your privacy and the privacy of the children and families we support. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website, membership services, or training programmes.

We understand that the information we handle is sensitive and deeply personal. We treat all data with the highest level of care and respect, and we are committed to transparency about our data practices.

Data Controller:
Jessie Hewitson & Alex Ardizzone (trading as NeuroUniverse)
Email: hello@staging.neurouniverse.org
Phone: +44 (0)7976 316 117

1. Information We Collect

1.1 Information You Provide Directly

When you use our services, you may provide us with the following information:

For Membership and Consultations:

  • Your name, email address, phone number, and postal address
  • Information about your child or children, including their age, diagnosis or suspected diagnosis, challenges they face, and support needs
  • Details about your family situation relevant to the support we provide
  • Payment information (processed securely through our payment provider, Stripe)
  • Communication preferences

For Training Bookings (Schools and Businesses):

  • Organisation name and contact details
  • Job title and role
  • Training requirements and objectives
  • Billing information

For Newsletter Subscriptions:

  • Name (first and last)
  • Email address

Through Communications:

  • Information you share during consultation calls, check-ins, or specialist sessions
  • Email correspondence and support queries
  • Feedback and testimonials (only shared publicly with your explicit consent)

1.2 Information Collected Automatically

When you visit our website, we automatically collect:

  • IP address and browser type
  • Pages visited and time spent on our site
  • Referring website or search terms
  • Device information and operating system
  • Cookies and similar tracking technologies (see Section 8 for details)

1.3 Sensitive Personal Data

We handle special category data under GDPR, including:

  • Health information about you or your child (relating to neurodivergence, ADHD, autism, anxiety, sensory needs, eating challenges, sleep issues, and related conditions)
  • Information about children under 18

We only collect this information where it is necessary to provide our services, and we have obtained your explicit consent or are processing it under another lawful basis (see Section 2).

2. Legal Basis for Processing

We process your personal data under the following lawful bases:

Contract: To provide membership services, consultations, check-ins, and training as agreed when you sign up or make a booking.

Consent: When you explicitly agree to receive newsletters, share testimonials, or provide sensitive information about your child’s needs.

Legitimate Interests: To improve our services, prevent fraud, ensure website security, and respond to enquiries where we have a legitimate interest that does not override your rights.

Legal Obligation: To comply with legal requirements, including tax and accounting obligations.

You have the right to withdraw consent at any time where we rely on consent as the legal basis.

3. How We Use Your Information

3.1 Providing Services

  • Delivering membership services, including initial consultations, personalized support plans, and monthly check-ins
  • Scheduling and conducting calls with Jessie Hewitson and our specialist team
  • Providing access to resources, tools, and guidance materials
  • Processing payments and managing subscriptions
  • Responding to support enquiries and questions

3.2 Training Services

  • Organizing and delivering training for schools and businesses
  • Customizing training content to meet organizational needs
  • Following up after training sessions

3.3 Communications

  • Sending service-related emails (appointment confirmations, payment receipts, plan updates)
  • Delivering newsletters and educational content (with your consent)
  • Responding to your enquiries and support requests
  • Sharing updates about our services that may be relevant to you

3.4 Improving Our Services

  • Analyzing website usage to improve user experience
  • Understanding how families benefit from our support
  • Developing new resources and offerings
  • Quality assurance and service improvement

3.5 Legal and Administrative

  • Complying with legal obligations
  • Protecting against fraud and ensuring payment security
  • Maintaining accurate financial records
  • Resolving disputes or issues

4. How We Share Your Information

We do not sell or rent your personal information to third parties. We only share your data in the following circumstances:

4.1 Service Providers

We work with trusted third-party service providers who process data on our behalf:

Payment Processing:

  • Stripe: Processes all membership payments and training bookings. Stripe handles your payment card information securely and never shares it with us. See Stripe’s privacy policy: https://stripe.com/gb/privacy

Website and Communications:

  • WordPress (Automattic): Powers our website and content management
  • WooCommerce: Manages our e-commerce functionality for memberships
  • Gravity Forms: Processes form submissions and newsletter signups
  • Email Service Provider: Delivers newsletters and service emails (only with your consent for marketing emails)

Analytics:

  • Website analytics tools to understand how visitors use our site (anonymized where possible)

All service providers are required to protect your data and only use it to provide services to us. We ensure they comply with GDPR and UK data protection laws.

4.2 Specialist Team

When you book additional sessions with our specialist team (SENCOs, sleep experts, dietitians, anxiety specialists, mentors, or family coaches), we share relevant information about your child’s needs with the specific specialist you’re seeing. This ensures they can provide appropriate, personalized support. All specialists are bound by confidentiality obligations.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or if necessary to protect the safety of any person or prevent illegal activity.

4.4 Business Transfers

If NeuroUniverse is acquired or merged with another organization, your data may be transferred to the new owners to ensure continuity of service. We would notify you of any such change.

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected:

Active Members:

  • Membership data, consultation records, and support plans: Retained while your membership is active and for 3 years after cancellation for quality assurance and to facilitate re-joining

Former Members:

  • Financial records: 7 years (required for tax and accounting compliance)
  • Consultation notes and support plans: 3 years after membership ends
  • Marketing consent records: Until consent is withdrawn, plus 3 years to demonstrate compliance

Training Participants:

  • Booking and attendance records: 3 years after training delivery
  • Evaluation feedback: 2 years after training

Newsletter Subscribers:

  • Subscription data: Until you unsubscribe, plus 6 months to handle any queries

Website Visitors:

  • Cookie data: As specified in cookie settings (see Section 8)
  • Analytics data: Anonymized after 26 months

Enquiries:

  • Contact form submissions and email enquiries: 2 years unless they lead to a service relationship

You can request deletion of your data at any time (see Section 6), subject to legal retention requirements.

6. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

6.1 Right of Access

You can request a copy of the personal data we hold about you. We will provide this within one month of your request.

6.2 Right to Rectification

You can ask us to correct inaccurate or incomplete personal data.

6.3 Right to Erasure (“Right to be Forgotten”)

You can request deletion of your personal data where:

  • It is no longer necessary for the purposes we collected it
  • You withdraw consent and we have no other legal basis for processing
  • You object to processing and we have no overriding legitimate grounds
  • The data has been unlawfully processed

Note: We may need to retain certain information to comply with legal obligations (e.g., financial records).

6.4 Right to Restrict Processing

You can ask us to restrict how we use your data in certain circumstances, such as while we verify its accuracy or assess whether we have legitimate grounds to process it.

6.5 Right to Data Portability

You can request a copy of your data in a structured, commonly used, machine-readable format, and ask us to transfer it to another service provider.

6.6 Right to Object

You can object to:

  • Processing based on legitimate interests (we will stop unless we can demonstrate compelling legitimate grounds)
  • Direct marketing (we will stop immediately)
  • Automated decision-making (we do not currently use automated decision-making)

6.7 Right to Withdraw Consent

Where we process your data based on consent, you can withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal.

6.8 Right to Complain

If you’re unhappy with how we’ve handled your data, you can complain to the Information Commissioner’s Office (ICO):

  • Website: https://ico.org.uk/
  • Phone: 0303 123 1113
  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

To exercise any of these rights, contact us at hello@staging.neurouniverse.org

7. Data Security

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it:

7.1 Security Measures

  • Encryption: All payment data is encrypted during transmission using SSL/TLS technology
  • Secure Storage: Personal data is stored on secure servers with restricted access
  • Access Controls: Only authorized personnel can access personal data, and only when necessary for their role
  • Regular Reviews: We regularly review our security practices and update them as needed
  • Secure Communications: Email communications are sent via secure channels

7.2 Third-Party Security

Our service providers (Stripe, WordPress, etc.) maintain high security standards and are regularly audited for compliance with data protection laws.

7.3 Data Breaches

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the ICO within 72 hours, as required by law.

7.4 Your Responsibilities

Please help keep your data secure by:

  • Using a strong, unique password for your account
  • Not sharing your login credentials
  • Logging out after using shared devices
  • Keeping your contact information up to date

8. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience on our website.

8.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us recognize your device and remember your preferences.

8.2 Types of Cookies We Use

Essential Cookies (Always Active):

  • Session management for logged-in members
  • Shopping cart and checkout functionality
  • Security and fraud prevention

Functional Cookies (Can Be Disabled):

  • Remembering your preferences (e.g., cookie consent choices)
  • Language and region settings
  • “Remember Me” login option (cookies last 2 weeks)

Analytics Cookies (Can Be Disabled):

  • Understanding how visitors use our site
  • Measuring website performance
  • Identifying popular content
  • Improving user experience

Comment Cookies:

If you leave a comment, we save cookies containing your name and email address for one year. These are for your convenience so you don’t have to re-enter this information for future comments.

8.3 Third-Party Cookies

Some cookies are set by third-party services we use:

  • Stripe: For payment processing
  • Google Analytics: For website analytics (if enabled)
  • Social Media Platforms: If you interact with embedded content (videos, social feeds)

8.4 Managing Cookies

You can control cookies through:

  • Browser Settings: Most browsers allow you to refuse cookies or delete existing ones
  • Opt-Out Tools: For analytics and advertising cookies

Note: Disabling essential cookies may affect website functionality.

8.5 Cookie Duration

  • Session cookies: Deleted when you close your browser
  • Login cookies: 2 days (14 days with “Remember Me”)
  • Comment cookies: 1 year
  • Preference cookies: 1 year
  • Analytics cookies: As specified in your cookie settings

9. Embedded Content and External Links

9.1 Embedded Content

Our website may include embedded content from third parties (e.g., YouTube videos, social media posts). When you interact with embedded content, the third party may:

  • Set cookies on your device
  • Track your interaction
  • Collect information about your visit

These third parties have their own privacy policies, which we encourage you to read.

9.2 External Links

Our website contains links to external sites (e.g., media features, partner organizations). We are not responsible for the privacy practices of these external sites. Please review their privacy policies before sharing your information.

10. Children’s Privacy

We provide services to families with neurodivergent children. We take special care to protect information about children.

10.1 Parental Consent

We only collect information about children from parents or legal guardians who have the authority to provide consent on the child’s behalf.

10.2 Limited Collection

We only collect information about children that is necessary to provide our support services (e.g., age, challenges, support needs).

10.3 Secure Handling

Information about children is treated as special category data and handled with enhanced security measures.

10.4 Access and Control

Parents and guardians can:

  • Access information we hold about their child
  • Request corrections or deletions
  • Withdraw consent for processing

10.5 No Direct Collection from Children

We do not knowingly collect personal information directly from children under 18. If you believe a child has provided us with personal information without parental consent, please contact us immediately.

11. International Data Transfers

We are based in the United Kingdom and primarily serve UK families and organizations. However, some of our service providers (e.g., Stripe) may process data outside the UK or European Economic Area (EEA).

When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the UK ICO
  • Adequacy Decisions by the UK government recognizing equivalent data protection standards
  • Certification schemes like the EU-U.S. Data Privacy Framework (where applicable)

Stripe’s international data transfer practices are detailed in their privacy policy: https://stripe.com/gb/privacy

12. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you. All decisions about your membership, support plans, and services are made by our team members.

13. Marketing Communications

13.1 Consent

We will only send you marketing emails (newsletters, updates about services) if you have opted in to receive them. You can opt in:

  • During membership signup
  • Via our newsletter signup form
  • By emailing us at hello@staging.neurouniverse.org

13.2 What We Send

Marketing communications may include:

  • Neurodiversity-affirming tips and strategies
  • Updates about new resources or services
  • Training opportunities
  • Relevant research or news

13.3 Unsubscribing

You can unsubscribe from marketing emails at any time by:

  • Clicking the “unsubscribe” link in any marketing email
  • Emailing hello@staging.neurouniverse.org
  • Updating your preferences in your member account

Note: Even if you unsubscribe from marketing emails, we will still send essential service emails related to your membership (payment confirmations, appointment reminders, plan updates).

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

  • We will update the “Last updated” date at the top of this policy
  • For significant changes, we will notify you via email or a prominent notice on our website
  • Continued use of our services after changes indicates acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: hello@staging.neurouniverse.org
Phone: +44 (0)7976 316 117
Mail: NeuroUniverse

We aim to respond to all enquiries within 5 business days.

16. Complaints and Concerns

We take your privacy seriously. If you have concerns about how we handle your data:

  1. Contact us first: Email hello@staging.neurouniverse.org so we can address your concern directly
  2. Escalate if needed: If you’re not satisfied with our response, you can contact the Information Commissioner’s Office (ICO):

Summary of Key Points

  • We collect personal information you provide (name, email, phone, address) and sensitive information about your child’s needs to provide our services
  • We use your data to deliver membership services, consultations, training, and communications
  • We share your data only with trusted service providers (Stripe for payments, email providers, specialists you book with)
  • We protect your data with encryption, secure storage, and access controls
  • You control your data and can access, correct, delete, or export it at any time
  • We retain data only as long as necessary (typically 3 years after membership ends, 7 years for financial records)
  • You can contact us at hello@staging.neurouniverse.org with any questions or concerns

This privacy policy is designed to comply with UK GDPR and Data Protection Act 2018.

Appendix: Definitions

Personal Data: Any information relating to an identified or identifiable individual.

Special Category Data: Sensitive personal data including health information, which requires enhanced protection under GDPR.

Data Controller: The organization (NeuroUniverse) that determines the purposes and means of processing personal data.

Data Processor: Third-party service providers who process data on our behalf (e.g., Stripe, email providers).

Data Subject: The individual whose personal data is being processed (you, or your child).

GDPR: General Data Protection Regulation, the European data protection law that continues to apply in the UK.

ICO: Information Commissioner’s Office, the UK’s independent regulatory office for data protection.

Consent: Freely given, specific, informed, and unambiguous indication of your agreement to processing of your personal data.