Privacy & Cookie Policy

This policy explains what personal data Gather Training collects when you visit www.gather.training, why we collect it, who we share it with, how long we keep it, and the rights you have over it. We try to keep it plain English. If anything is unclear, email hello@gather.training and we'll explain.

1. Who we are (the data controller)

Gather Training (“Gather”, “we”, “us”) operates a coaching studio at 20 Cutter Lane, North Greenwich, London SE10 0XW. We are the data controller for any personal data collected through this site. You can reach us:

• Email: hello@gather.training
• Phone: +44 161 524 5592
• Post: 20 Cutter Lane, London SE10 0XW

2. What we collect and why

We only collect information that helps us run the business and respond to you. Specifically:

2.1 When you submit a form on the site

On forms such as “Book a call”, Foundations sign-up, Academy application, newsletter and contact, we collect:

• The email address you give us (always).
• Where applicable, your name, phone number, the message you send us, and any questionnaire answers (e.g. Academy applicants confirming availability and London base).
• The page you submitted from, your referring URL, and any campaign tags (utm_source / utm_medium / utm_campaign).
• Your approximate city, region and country, derived from the IP address Vercel attaches to your request (we never store the raw IP).

Our lawful basis is your consent (you submitted the form to start a conversation) and legitimate interest in following up to help you start training.

2.2 When you book an intro call

The booking flow on this site mirrors our calendar in GoHighLevel. When you choose a slot we send your name, email, phone and chosen time to GoHighLevel so an appointment is created in our coaches' calendar. We also store a copy of the booking in our own database so it appears in our admin tools.

2.3 When you browse the site

Even without filling in a form we record some lightweight analytics data so we can improve the site: the page you visited, your referrer, the rough geographic location of your network, and a randomly-generated visitor and session identifier stored in a first-party cookie. This data is stored on our own servers, not shared with third parties.

2.4 Third-party analytics (only after consent)

If you accept the cookie banner, or if you submit a form (which counts as explicit opt-in to analytics — see section 5), we additionally load:

• Google Analytics 4— aggregate behaviour analytics (anonymised IP).
• Microsoft Clarity— anonymised session replays and heatmaps so we can see where the site confuses people.

Before you grant consent these scripts are not loaded at all, and no analytics cookies are placed by them.

3. Who we share your data with

We do not sell personal data, ever. We share the data above with a small number of trusted processors so the site can function:

• GoHighLevel(Lead Connector LLC) — our CRM. Stores contact details, booking history and tags so our team can follow up.
• Vercel Inc.— hosts the site and runs its server-side code. Sees your IP and request headers as a normal part of serving the page.
• Neon(database hosting) — stores the leads, bookings and admin records in an EU region.
• Google LLC— runs Google Analytics 4 if you have consented.
• Microsoft Corporation— runs Microsoft Clarity if you have consented.

All of these are bound by their own privacy commitments and act as our data processors under appropriate UK / EU data-protection contracts.

4. Cookies and similar technologies

We use three categories of cookie:

• Strictly necessary— a session cookie that keeps you signed into the admin area, a first-party visitor cookie used to deduplicate analytics events, and a CSRF / lead-capture cookie. These always load, because the site can't function without them.
• Consent — gather_consent stores whether you accepted or declined analytics. 12-month lifetime.
• Analytics (optional)— Google Analytics (_ga*) and Microsoft Clarity (_clck, _clsk). Only set after you grant consent. Used to understand aggregate site usage.

You can withdraw consent at any time by clearing the gather_consentcookie in your browser (or using its “clear site data” tool). The banner will reappear next time and you can choose again.

5. Auto-opt-in via form submission

When you submit any form on this site (newsletter, intro call booking, contact, Academy application, etc.) we treat that as your explicit consent to load the analytics tools in section 2.4. This is because:

• You are voluntarily giving us your details to start a conversation.
• We need to understand how that conversation reached us so we can improve the experience for the next person.
• The link to this policy is visible on every form so you are informed before submitting.

If you would prefer to submit a form withoutturning on analytics, decline the cookie banner first — your choice is remembered and form submission no longer changes it.

6. How long we keep your data

• Leads & bookings: kept for as long as you are an active prospect or member, plus 6 years after our last meaningful contact (UK tax retention).
• Academy applications: kept for 2 years after the cohort ends.
• Newsletter subscribers: until you unsubscribe (every email has a one-click unsubscribe link).
• Analytics data on our own servers: 14 months by default.
• Google Analytics + Clarity: data retention managed inside each provider's console — we keep both at 14 months.

7. Your rights

Under UK GDPR you have the right to:

• Request a copy of your personal data.
• Ask us to correct or delete data we hold about you.
• Ask us to restrict or stop a particular use of it.
• Withdraw consent for analytics at any time.
• Receive your data in a portable format.
• Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) if you believe we have mishandled your data.

To exercise any of these rights, email hello@gather.training with the subject “Data request”. We respond within 30 days as required by law.

8. Security

All data is transmitted over HTTPS. Admin access is restricted by email/password with bcrypt-hashed passwords and signed session cookies. Database backups are encrypted at rest by our hosting provider. We never store payment card details on our own systems.

9. Children

Our teen programmes (ages 12–17) require a parent or guardian to submit the booking form. We do not knowingly collect data directly from children under 13. If you believe a child has given us data without parental consent, email us and we will delete it.

10. Changes to this policy

We update this page whenever we materially change how we handle data. The “Last updated” date at the top reflects the most recent revision.