She BelievedLuke 1:45
HomeAboutBlogContact
Legal

Privacy Policy

How She Believed collects, uses, and protects your personal data.

Last updated: 22 March 2026

1. Overview

This Privacy Policy explains how She Believed (“we”, “us”) processes personal data when you use She Believed (the “Site”). We respect your privacy and process data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and (where applicable) the EU GDPR.

2. Data controller

For the purposes of applicable data protection law, the data controller is She Believed. Contact: info@sheblieved.com.

3. Personal data we collect

We may collect and process the following categories of personal data:

  • Identity and contact data: name, email address, and any other information you provide via our contact form or when communicating with us.

  • Account and authentication data: if you have a staff or admin account, identifiers and session data processed by our authentication provider (e.g. user ID, email, sign-in timestamps), including data stored in cookies or similar technologies as described in our Cookie Policy.

  • Technical data: IP address, browser type and version, time zone, device information, and similar data collected automatically when you use the Site (via server logs or our service providers).

  • Usage data: pages viewed, approximate location derived from IP, and interactions with the Site, where we use analytics tools you have consented to.

  • Content data: the text of messages you send us through the contact form or other channels.

4. How and why we use your data (legal bases)

We process personal data only where we have a valid legal basis under UK GDPR / GDPR:

  • Contract / steps prior to contract: where necessary to respond to your enquiries or provide services you request.

  • Legitimate interests: operating and securing the Site, improving content and user experience, analysing aggregated usage (where not requiring consent), and preventing fraud or abuse — balanced against your rights.

  • Legal obligation: where we must comply with law or regulatory requests.

  • Consent: for non-essential cookies and similar technologies, and for marketing communications where we ask for your consent — you may withdraw consent at any time via cookie settings or by contacting us.

5. Cookies and similar technologies

We use cookies and local storage as described in our Cookie Policy. Essential cookies are needed for security and core functionality (e.g. authentication). For optional categories (functional, analytics, marketing), we rely on your consent where required. You can change your choices at any time using the cookie banner or the “Cookie settings” link in the footer.

6. Recipients and processors

We use trusted service providers who process data on our instructions (processors), including:

  • Hosting, database, and authentication (e.g. Supabase) — to run the Site, store content, and manage secure sign-in for staff.

  • Email or transactional messaging providers, if we use them to send operational emails.

  • Analytics or marketing tools, only where you have consented to the relevant cookie category.

We require processors to implement appropriate security measures and to process data only as we instruct. We do not sell your personal data.

7. International transfers

Some processors may store or process data outside the UK or EEA. Where we transfer personal data to such providers, we ensure appropriate safeguards apply (for example UK / EU standard contractual clauses or adequacy decisions), as required by applicable law.

8. Retention

We retain personal data only as long as necessary for the purposes described in this policy, unless a longer period is required by law. Contact form submissions are retained for as long as needed to respond and handle follow-up, and for a reasonable period thereafter for operational and legal purposes. Staff account data is retained while the account is active and for a limited period after closure for security and legal compliance.

9. Your rights

Depending on your location and applicable law, you may have the right to:

  • Access the personal data we hold about you.

  • Rectify inaccurate data.

  • Erase your data in certain circumstances (“right to be forgotten”).

  • Restrict processing in certain circumstances.

  • Data portability, where processing is based on consent or contract and carried out by automated means.

  • Object to processing based on legitimate interests or for direct marketing.

  • Withdraw consent at any time, where processing is based on consent — without affecting the lawfulness of processing before withdrawal.

  • Lodge a complaint with a supervisory authority (in the UK, the Information Commissioner’s Office — ICO).

To exercise these rights, contact info@sheblieved.com. ICO complaints: https://ico.org.uk/make-a-complaint/

10. Children

The Site is directed at a general adult audience. We do not knowingly collect personal data from children under 16 (or the age required in your jurisdiction) without parental authority. If you believe we have collected such data, please contact us and we will take steps to delete it.

11. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. No method of transmission over the Internet is completely secure; we cannot guarantee absolute security.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the “Last updated” date. For material changes, we may provide additional notice where appropriate.

13. Contact

Privacy enquiries: info@sheblieved.com