Data Protection & Privacy
We believe privacy is a right, not a requirement. This Notice explains who we are, what personal data we collect, why we collect it, and exactly what you can do about it.
Last updated: June 2026
At Callin, privacy, dignity, and trust are not values we aspire to: they are values we build upon. We operate a non-clinical emotional support platform, and we understand that the people who use our services are often sharing something deeply personal. That places a significant responsibility on us, and we take it seriously.
This GDPR Privacy Notice ("Notice") explains how Callin collects, uses, stores, and protects your personal data. It also explains your rights and how you can exercise them. We have written this Notice in plain language because we believe transparency should be accessible to everyone, not just privacy professionals.
This Notice applies to all individuals whose personal data Callin processes, including visitors to our website, account holders, customers, prospective customers, and newsletter subscribers.
Please read this Notice carefully. If you have any questions, our contact details are set out in the final section.
For the purposes of the UK GDPR and the EU GDPR, the data controller responsible for your personal data is:
Where you have any questions about how your personal data is handled, or wish to exercise any of your rights, please contact us at the privacy email address above.
This Notice applies to the personal data of the following individuals:
This Notice does not apply to third-party websites, services, or platforms linked to or integrated with the Callin Platform. Those third parties operate under their own privacy policies, for which Callin accepts no responsibility.
We collect and process the following categories of personal data, depending on how you interact with us:
Your name, username, display name, and any other information you use to identify yourself on the Platform.
Your email address and, where provided, phone number. This data is used to communicate with you about your account, bookings, and support requests.
Login credentials (in encrypted form), account preferences, communication settings, and any profile information you choose to provide.
Records of sessions purchased, subscriptions held, payment amounts, and transaction history. We do not store full payment card details: these are handled by our third-party payment processor.
Messages submitted through our support system, feedback forms, or email. This includes any correspondence you initiate with Callin.
IP address, browser type and version, operating system, device identifiers, time zone, and other technical identifiers collected automatically when you access the Platform.
Information about how you interact with the Platform, including pages visited, features used, session durations, and engagement patterns. This data is aggregated and used to improve platform performance and user experience.
Your communication preferences, consent records, marketing opt-in or opt-out status, and records of any communications sent to you.
Callin is not a healthcare provider, therapy service, or clinical platform. Conversations with Callin listeners are non-clinical in nature and do not constitute medical or therapeutic treatment of any kind.
We recognise that users may voluntarily share personal, emotional, or sensitive information during conversations with Callin listeners. We approach this with the utmost care and discretion.
Where information shared during a session could be considered sensitive under data protection law (for example, information relating to mental health, personal wellbeing, or life circumstances), the following principles apply:
Confidentiality has legal limitations. In circumstances involving serious risk of harm, or where required by law, Callin may be obligated to take action or disclose information to appropriate authorities. We will always act proportionately and with care in such circumstances.
We collect personal data through the following means:
Direct collection: When you create an account, complete a booking, make a purchase, contact our support team, or submit any form on the Platform, you provide us with data directly.
Automated collection: When you visit our website or use the Platform, we automatically collect Technical Data and Usage Data through cookies, server logs, and similar technologies. Please refer to our Cookie Policy for full details.
Third-party sources: We may receive limited personal data from third-party services integrated with the Platform, such as payment processors confirming a transaction or scheduling tools confirming a booking. We use such data only for the purpose for which it was shared.
Marketing interactions: If you sign up for our newsletter or respond to a marketing communication, we record that interaction and your associated preferences.
Under the UK GDPR and EU GDPR, we are required to have a valid legal basis for every processing activity. We rely on the following legal bases:
Where you have given us explicit, informed, and freely given consent to process your data. This applies to:
You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
Where processing is necessary to fulfil a contract with you or to take steps at your request before entering into a contract. This applies to:
Where processing is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not overridden by your rights and freedoms. This applies to:
We conduct a balancing assessment before relying on legitimate interests to ensure your rights are appropriately protected.
Where processing is necessary to comply with a legal obligation. This applies to:
In rare and serious circumstances, we may process data where it is necessary to protect the vital interests of you or another person. This applies in situations involving an immediate risk of serious harm.
We use your personal data only for the purposes described in this Notice and in a manner consistent with the legal basis identified for each purpose. Our main uses include:
| Purpose | Legal Basis |
|---|---|
| Creating and managing your account | Contract performance |
| Processing bookings and payments | Contract performance |
| Delivering sessions and platform services | Contract performance |
| Customer and technical support | Contract performance; Legitimate interests |
| Fraud prevention and platform security | Legitimate interests; Legal obligation |
| Improving the Platform and user experience | Legitimate interests |
| Sending service-related communications | Contract performance; Legitimate interests |
| Sending marketing communications | Consent |
| Complying with legal and regulatory obligations | Legal obligation |
| Responding to safety or emergency concerns | Vital interests; Legal obligation |
| Analytics and internal reporting | Legitimate interests |
We do not use your personal data to make automated decisions that produce significant legal or similarly significant effects without providing appropriate safeguards. See Section 16 for more on automated processing.
We send marketing communications only to individuals who have given us explicit consent to do so. We will never send unsolicited commercial communications.
You have the right to opt out of marketing communications at any time, without affecting your account or access to Callin's services. You can do this by:
We will process your opt-out request promptly. Please allow up to ten working days for changes to take full effect across all systems.
Please note that opting out of marketing does not prevent us from sending service-related communications, such as booking confirmations, account updates, or notices required by law.
Callin uses cookies and similar tracking technologies to support Platform functionality, understand how the site is used, and where you have consented, to support marketing activities.
Our Cookie Policy sets out a full explanation of the cookies we use, why we use them, how long they are stored, and how you can manage your cookie preferences. The Cookie Policy forms part of this Privacy Notice.
In summary:
You can manage your cookie preferences at any time through the cookie settings panel on our website.
Callin does not sell your personal data. We do not trade, rent, or otherwise transfer your personal information to third parties for their own commercial purposes.
We share your data only in the following limited and controlled circumstances:
We share necessary transaction data with our third-party payment processor (such as Stripe) to facilitate secure payment processing. Your full payment card details are handled exclusively by the payment processor and are not stored on Callin's systems.
We use trusted cloud service providers to host and operate the Platform. These providers process data on our behalf under strict data processing agreements and are not permitted to use your data for any purpose beyond providing their services to us.
Where we use third-party scheduling tools or communication services, limited data (such as your name, email address, and booking details) may be shared with those providers to facilitate the delivery of your session.
We may share anonymised, aggregated usage data with analytics providers to help us understand Platform performance. We ensure that such data does not identify individual users.
We may disclose personal data to law enforcement, regulators, or other public authorities where required to do so by applicable law, or where we reasonably believe disclosure is necessary to prevent or address a serious risk of harm.
In the event of a merger, acquisition, or sale of all or part of our business, personal data held by Callin may be transferred as part of that transaction. We will provide notice before your data is transferred and becomes subject to a different privacy policy.
Some of our service providers and infrastructure partners may be located outside the United Kingdom or the European Economic Area. Where your personal data is transferred internationally, we ensure that appropriate safeguards are in place to protect your rights and maintain the security of your data.
These safeguards may include:
You may request a copy of the relevant transfer mechanism in place for any specific transfer by contacting us at hello@call-in.org.
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Our retention decisions are guided by the following principles:
When personal data is no longer required, it is securely deleted or anonymised in a manner that means it can no longer be associated with you.
Specific retention periods for particular categories of data are available on request by contacting hello@call-in.org.
We take the security of your personal data seriously and implement a range of technical and organisational measures to protect it against unauthorised access, loss, alteration, or disclosure.
Our security measures include:
No system is completely immune to security risks. While we take substantial precautions, we cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with our legal obligations.
Under the UK GDPR and EU GDPR, you have a number of rights in relation to your personal data. We are committed to respecting and facilitating those rights promptly and without unnecessary barriers.
You have the right to request a copy of the personal data we hold about you, along with information about how we use it. This is sometimes called a Subject Access Request (SAR).
If the personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it without undue delay.
Sometimes called the "right to be forgotten," this allows you to request deletion of your personal data where there is no compelling reason for us to continue holding it.
You have the right to request that we limit how we use your personal data in certain circumstances, for example while a complaint or query is being investigated.
Where processing is based on your consent or on a contract with you, and is carried out by automated means, you have the right to receive your data in a structured, commonly used, machine-readable format.
You have the right to object to our processing of your personal data where we rely on legitimate interests as our legal basis. You also have an absolute right to object to processing for direct marketing purposes.
Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
You have the right not to be subject to decisions based solely on automated processing (including profiling) where those decisions produce significant legal or similarly significant effects on you.
How to exercise your rights: To exercise any of these rights, please contact us at hello@call-in.org. We will respond to your request within one calendar month of receipt. Where a request is particularly complex or numerous, we may extend this period by a further two months, in which case we will notify you accordingly.
We will not charge a fee for responding to your request unless it is manifestly unfounded or excessive. We may ask for proof of your identity before processing any request, in order to protect your data from unauthorised access.
Callin is not intended for use by individuals under the age of 18. We do not knowingly collect, process, or store personal data relating to children.
If you are a parent or guardian and believe that a child under the age of 18 has provided personal data to Callin without your consent, please contact us immediately at hello@call-in.org. We will take prompt steps to delete any such data from our systems.
Where we become aware that data has been collected from a minor, we will take appropriate action to delete that data without undue delay.
The Callin Platform may contain links to third-party websites, tools, or services. This Notice does not apply to those external sites, and Callin accepts no responsibility for their content, data practices, or privacy policies.
We recommend that you review the privacy policy of any third-party website or service before providing them with your personal data. The presence of a link on the Callin Platform does not constitute an endorsement of that third party's privacy practices.
If you have a concern about how we handle your personal data, we would ask that you contact us in the first instance so that we can try to resolve the matter directly. We take all privacy concerns seriously and will investigate and respond in good faith.
However, you also have the right to lodge a complaint directly with the relevant supervisory authority at any time:
You do not need to exhaust our internal process before contacting a supervisory authority, but we genuinely welcome the opportunity to address concerns directly.
We may update this Privacy Notice from time to time to reflect changes in our data practices, legal requirements, or business operations. When we make changes, we will update the "Last updated" date at the top of this page.
Where changes are material, we will take reasonable steps to notify you, for example by sending an email to the address associated with your account or by displaying a prominent notice on the Platform.
We encourage you to review this Notice periodically. Your continued use of the Platform after any update constitutes your acknowledgment of the revised Notice.
If you have any questions, concerns, or requests relating to this Privacy Notice or the way in which Callin handles your personal data, please contact us using the details below:
We aim to respond to all privacy-related enquiries and rights requests within one calendar month, and to support-related enquiries within five working days.
At Callin, we handle personal information with the same care and discretion we would want applied to our own. The people who use this Platform trust us with something valuable: their time, their openness, and sometimes their vulnerability. We consider that trust to be a privilege, not a given.
We will continue to maintain, improve, and be accountable for the way we manage your data. If you ever have a concern or a question, we are always here to listen.
