Privacy Policy

Ascension Massage Therapy ("we", "our", "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you use our website and services.

This policy applies to information we collect through our website at amt-clinic.com, when you book appointments, and when you contact us directly.

We may collect and process the following personal information:

• Contact Information: Name, email address, phone number, and postal address when you book an appointment or contact us.

• Health Information: Relevant medical history and health conditions that you provide during consultation to ensure safe and effective treatment.

• Booking Information: Appointment dates, times, services booked, and payment details.

• Technical Data: IP address, browser type, and device information when you visit our website.

• Communication Records: Records of correspondence if you contact us via email, phone, SMS, online chat, or our contact form.

• Call Recordings & Transcripts: Audio recordings and text transcripts of phone calls made to our number, voicemails left for us, and any chat or SMS conversations you have with our AI assistant.

When you contact us by phone, SMS, or our website chat, your interaction may be handled by an automated AI assistant called "Ava" rather than a person. Ava is trained to help with bookings, answering common questions, and taking messages.

Calls to our number are recorded so that Ava can converse with you, so we can take voicemails when no one is available, and for service-quality and training purposes. Recording starts at the beginning of the call. You may ask to speak to a person at any time and the call will be transferred or you can leave a message instead.

Voicemails left for us are recorded and automatically transcribed; the transcript and recording are sent to our practitioner so they can return your call.

Ava does not provide medical advice and is not a substitute for consultation with a qualified practitioner. Ava is instructed not to ask for or store sensitive health information by phone, SMS, or chat. If you choose to share that information, we will treat it as set out in the Health Data section below.

We do not use AI to make decisions that have legal or similarly significant effects (such as deciding whether to offer you treatment). All clinical decisions are made by a qualified human practitioner.

To provide the AI assistant, the content of your conversation (audio, transcript, or text) is processed by specialist third-party AI providers on our behalf. These providers act as our data processors under written contracts and are not permitted to use your data for their own purposes.

• Twilio Inc. (United States) — handles inbound calls, SMS messages, and stores voicemail recordings.

• ElevenLabs Inc. (United States) — provides the conversational voice AI for phone calls and stores call recordings and transcripts.

• OpenRouter Inc. and the language-model providers it routes to (United States) — generate AI responses for SMS and website chat.

These services are based in the United States. Where personal data is transferred outside the UK, we rely on the UK International Data Transfer Agreement or the EU Standard Contractual Clauses with the UK Addendum as the lawful transfer mechanism, in line with UK GDPR.

We use your personal information for the following purposes:

• To provide massage therapy services and manage your appointments.

• To communicate with you about your bookings and respond to enquiries.

• To maintain accurate health records as required for safe practice.

• To send appointment reminders and follow-up communications.

• To comply with legal and regulatory requirements.

• To improve our website and services.

Under UK GDPR, we process your personal data on the following legal bases:

• Contractual Necessity: To provide the services you have requested.

• Legitimate Interests: To manage our business and communicate with you.

• Legal Obligation: To comply with healthcare regulations and legal requirements.

• Consent: Where you have explicitly agreed to receive marketing communications.

• Vital Interests: In rare cases where processing is necessary to protect your health.

As a massage therapy practice, we process special category data (health information) to:

• Assess your suitability for treatment and identify any contraindications.

• Provide safe and appropriate massage therapy services.

• Maintain professional records as required by our regulatory body.

This processing is necessary for the provision of health care services and is carried out by a health professional bound by professional confidentiality obligations.

We do not sell your personal information. We use the following service providers ("data processors") to deliver our services. Each is bound by a written data-processing agreement and may only use your data on our instructions:

• Cliniko (Red Guava Pty Ltd, Australia) — practice-management system; stores patient records, appointments, and clinical notes.

• Supabase (United States/EU) — hosts our website database and admin system.

• Vercel Inc. (United States) — hosts our website and admin application.

• Railway Corp. (United States) — hosts our backend services.

• Twilio Inc. (United States) — handles inbound and outbound phone calls, SMS messaging, and voicemail recordings.

• ElevenLabs Inc. (United States) — provides the conversational voice AI ("Ava") and stores call recordings and transcripts.

• OpenRouter Inc. and connected language-model providers (United States) — generate AI responses for SMS and chat conversations.

• Resend Inc. (United States) — sends transactional emails such as appointment confirmations and reminders.

• PostHog (EU region) — anonymous website analytics.

We may also share your data with professional bodies if required by our regulatory obligations, and with legal authorities if required by law. We do not share your data for marketing purposes with anyone.

Most of our service providers are based in the United States. When your personal data is transferred outside the United Kingdom, we rely on one of the following safeguards under UK GDPR Articles 44–49:

• The UK International Data Transfer Agreement (IDTA), or

• The EU Standard Contractual Clauses with the UK Addendum.

These contractual safeguards require the recipient to protect your data to an equivalent standard. You may request a copy of the safeguards used by contacting us.

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected:

• Treatment Records: Kept for 8 years after your last appointment (as per professional guidelines).

• Contact Enquiries: Kept for 2 years unless you become a client.

• Call Recordings & Transcripts: Kept for up to 90 days, then deleted unless we have a specific reason to retain them (e.g., a complaint or safeguarding concern).

• Voicemail Recordings & Transcripts: Kept for up to 90 days after the message is reviewed, then deleted.

• AI Chat & SMS Transcripts: Kept for up to 12 months for service-quality purposes, then deleted.

• Marketing Consent: Until you withdraw consent.

After these periods, your data will be securely deleted or anonymised.

Under UK GDPR, you have the following rights:

• Right of Access: Request a copy of your personal data, including any AI conversation transcripts and call recordings we hold.

• Right to Rectification: Request correction of inaccurate data.

• Right to Erasure: Request deletion of your data (subject to legal obligations such as the 8-year clinical-record retention requirement).

• Right to Restrict Processing: Request limited use of your data.

• Right to Data Portability: Receive your data in a portable format.

• Right to Object: Object to certain types of processing.

• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

• Right to Human Intervention: Ask to speak to a human at any point during an AI interaction. The AI assistant will transfer you or take a message.

To exercise any of these rights, email us at info@amt-clinic.com with the subject line "Data request", including your full name, the email or phone number you've used with us, and a clear description of what you'd like us to do (access, correct, delete, etc.). We will respond within one calendar month as required by UK GDPR.

We may need to verify your identity before processing your request, especially for access or erasure requests, to ensure we are not handing data to the wrong person.

Our website uses cookies to improve your experience. Cookies are small text files stored on your device.

We use:

• Essential Cookies: Required for the website to function properly.

• Analytics Cookies: Help us understand how visitors use our site.

You can control cookies through your browser settings. Disabling cookies may affect some website functionality.

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction.

These measures include secure servers, encrypted communications, and access controls.

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

We encourage you to review this policy periodically.

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: info@amt-clinic.com

Phone: +44 7727 870106

Address: Room 9, Frederick House, Beam Heath Way, Nantwich, CW5 6RF

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.