Operated by Amy Elizabeth Ltd
Effective date: 6 March 2026
This Privacy Policy explains how we collect, use, and protect your personal data when you visit our website, use our services, or interact with The StoryBank.
Data Controller:
Amy Elizabeth Ltd, trading as The StoryBank
Contact:
amy@thestorybank.com
By providing us with your personal data, you confirm you are over the age of 13 and accept the terms of this policy.
Our services are not directed to children under 13 and we do not knowingly collect personal data from minors.
“Personal data” means any information that can identify you. We may collect and process the following categories of data:
Includes emails, form submissions, and social media messages.
Why:
To respond to enquiries and maintain communication records.
Legal basis:
Legitimate interest.
Includes name, email address, billing address, Stripe payment details, and purchase history.
Why:
To deliver services and fulfil contractual obligations.
Legal basis:
Contract performance and legal obligation.
Includes marketing opt ins, email preferences, and campaign interactions.
Why:
To send relevant updates, offers, and content.
Legal basis:
Consent or legitimate interest.
Includes IP address, browser type, time zone, pages visited, and cookies.
This may be collected through tools such as Meta Pixel or other analytics services.
Why:
To protect the website, analyse traffic, and improve advertising relevance.
Legal basis:
Legitimate interest.
In some circumstances we may collect limited special category personal data where it is voluntarily shared by clients during coaching sessions, workshops, community discussions, or related services.
This may include information relating to emotional wellbeing, health experiences, personal history, or trauma where relevant to the services provided.
This data is:
• held securely
• accessed only by those who need it to deliver services
• never shared with third parties without explicit consent unless required by law
We retain sensitive data only for as long as we work with you or as required for safeguarding or legal purposes.
Legal basis:
Explicit consent under Article 9(2)(a) UK GDPR when such information is voluntarily provided.
By working with The StoryBank you acknowledge this use and agree that limited sensitive data may be processed to support your experience.
We collect data in the following ways:
• when you fill in a form, purchase a service, or contact us
• when you interact with the website through cookies or tracking tools
• through trusted third party platforms used to operate our services
These may include:
Stripe (payment processing)
ConvertKit / Kit (email marketing)
ScoreApp (quizzes and lead generation tools)
Webflow (website hosting and management)
Meta Pixel (advertising and analytics)
Where workshops are delivered through schools or organisations, participant data may be provided to us by that organisation for the purpose of delivering the service.
We use your personal data to:
• deliver coaching, courses, workshops, and community services
• communicate with you about services and enquiries
• send newsletters or marketing communications where you have opted in
• improve our website and advertising performance
• comply with legal, accounting, or regulatory obligations
We only use your data for the purposes for which it was collected or for closely related purposes such as auditing or service improvement.
We do not use automated decision making that produces legal or similarly significant effects.
You will only receive marketing communications from us if:
• you have explicitly opted in, or
• you have previously purchased services and have not opted out.
You can unsubscribe at any time by using the unsubscribe link in any marketing email or by contacting us at:
amy@thestorybank.com
We do not sell your personal data or share it with third parties for their own marketing purposes.
We use cookies and similar technologies to:
• understand how visitors use our website
• improve website functionality and performance
• measure the effectiveness of advertising campaigns
• serve relevant advertising
Non essential cookies such as analytics or advertising cookies will only be activated after consent via our website cookie banner.
You can also manage or disable cookies through your browser settings.
We may share your data with trusted third parties where necessary to operate our services, including:
• payment providers such as Stripe
• email marketing platforms such as ConvertKit
• website hosting providers such as Webflow
• advertising platforms such as Meta
• professional advisors such as accountants, lawyers, or tax consultants
We may also disclose personal data if required by law or if our business is restructured, sold, or merged with another organisation.
All third parties are required to process your data securely and only under written agreement with us.
Some of our service providers may process personal data outside the United Kingdom or European Economic Area.
Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, to protect your data in accordance with UK GDPR.
We implement appropriate technical and organisational measures to protect your personal data, including:
• secure cloud storage
• password protection
• restricted access to authorised personnel only
If a data breach occurs that is likely to pose a risk to your rights or freedoms, we will notify the relevant regulator and affected individuals where legally required.
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected.
Typical retention periods may include:
• client records retained for up to six years for legal and tax purposes
• marketing data retained until you unsubscribe or withdraw consent
• website analytics data retained for approximately 12 to 26 months
After this period we may securely delete or anonymise the data for research or insight purposes.
Under UK data protection law you have the right to:
• request access to your personal data
• request correction of inaccurate information
• request deletion of your data
• object to or restrict certain types of processing
• withdraw consent where consent is the legal basis
• request data portability
To exercise any of these rights please contact:
amy@thestorybank.com
We may request proof of identity before processing certain requests.
If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue.
You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):
Our website may contain links to third party websites.
We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies before submitting personal data.
During coaching, workshops, or community programmes, clients may share personal stories, experiences, or reflections as part of the learning process.
We treat all such material with strict confidentiality.
From time to time, anonymised insights or examples from this work may be used for teaching, training, or educational purposes. Any such use will remove identifying details and will never reveal the identity of the individual or organisation involved.
Where a testimonial, identifiable story, or case study is used publicly, we will always seek explicit permission from the individual concerned before publication.
We may update this Privacy Policy from time to time.
The most current version will always be published on our website with the updated effective date.
If you have questions about this Privacy Policy or about how your personal data is handled, please contact:
Amy Elizabeth Ltd
Trading as The StoryBank
amy@thestorybank.com
