Musa Wellbeing

Legal

Privacy Statement

Who we are

Musa Wellbeing ("we", "us") provides online booking for nutrition, wellbeing and lifestyle consultations. This Privacy Statement explains how we collect, use and protect your personal data when you use our website and services.

For privacy questions or to exercise your rights, contact us at hello@musawellbeing.com.

What data we collect

We may collect and process:

  • Identity and contact data - name, email address, and information you provide at checkout or in your account profile.
  • Booking and payment data - chosen package, appointment times, booking reference, payment status, invoice details, and discount codes applied (not your full card number; card payments are handled by Stripe).
  • Health and consultation data - answers to pre-consultation questionnaires, notes and responses from consultations, and wellbeing reports prepared by your consultant (including reports generated with AI assistance, which are always reviewed by a qualified practitioner before delivery where applicable).
  • Communications - emails we send about bookings, reminders, follow-ups, and support correspondence.
  • Technical data - information needed to operate secure sign-in and protect the service (see our Cookie Statement for cookies).

How we use your data

We use personal data to:

  • Provide consultations you book, including scheduling, video meetings (Google Meet links created via Google Calendar), and sharing appointment details with your assigned consultant.
  • Process payments and issue VAT receipts where applicable.
  • Send service emails (confirmations, reminders, questionnaires, reports) via our email provider.
  • Improve and secure the platform, prevent fraud, and comply with legal obligations.

Our lawful bases under UK GDPR typically include contract (delivering your booking), legitimate interests (operating and securing the service), and consent where we ask for it explicitly (for example optional cookies).

Who we share data with

We use trusted processors that only act on our instructions:

  • Supabase - authentication, database hosting, and file storage for the platform.
  • Stripe - payment processing.
  • Resend - transactional email delivery.
  • Google - calendar events and Google Meet links for confirmed appointments (admin-connected Google account).
  • Google (Gemini) - optional AI assistance in drafting consultation reports; outputs are used within the consultant workflow.

Consultants and authorised administrators can access data needed to deliver your care and run the service. We do not sell your personal data.

International transfers

Some providers may process data outside the UK. Where this occurs, we rely on appropriate safeguards (such as UK adequacy regulations or standard contractual clauses) as required by law.

How long we keep data

We retain booking, consultation and payment records for as long as needed to provide the service, meet accounting and tax requirements, and resolve disputes. You may ask us about retention for your account.

Your rights

Under UK data protection law you may have the right to access, rectify, erase, restrict or object to processing, and to data portability, where applicable. You may also lodge a complaint with the Information Commissioner's Office (ICO).

To make a request, email hello@musawellbeing.com. We may need to verify your identity.

Security

We use industry-standard measures including encrypted connections (HTTPS), access controls, and role-based permissions. No method of transmission over the internet is completely secure; we work to protect your data proportionately.

Children

Our services are intended for adults. If you believe a child has provided personal data without appropriate consent, contact us and we will take appropriate steps.

Changes

We may update this Privacy Statement from time to time. The version on https://www.musawellbeing.com is the current version. Material changes will be reflected on this page.