Legal

Privacy Policy

Last updated: May 2026

This privacy policy explains how Katie Harvey MindMastery Ltd (company number 15410830), trading as b.reathe, collects, uses and protects your personal data. We are the data controller for all personal data collected through this website and our services.

1. Who we are

Katie Harvey MindMastery Ltd trading as b.reathe
Company number: 15410830
Registered address: 15 Moat Farm Close, Marston Moretaine, Bedford, MK43 0AE
Website: breatheblueprint.com
Email: [email protected]

If you have any questions about how we handle your data, or wish to exercise any of your rights, please contact us at the email address above.

2. What data we collect

We collect personal data in the following ways:

Contact forms

When you submit a contact form on our website we collect your name, email address and any information you include in your message.

Scorecard submissions

When you complete the Success Hangover Check-In we collect your name, email address, and optionally your phone number. We also record your quiz responses and result score for the purpose of delivering your personalised result and relevant follow-up communications.

Email marketing

When you opt in to receive emails from us we collect your name and email address. We use this to send you relevant content, your scorecard result, and information about our products and services. You can unsubscribe at any time using the link in any email we send.

Payment processing

When you purchase a b.reathe Together membership or trial, payment is processed securely through our payment provider. We collect your name, email address and billing information. We do not store your full card details on our systems.

Cookies

Our website uses cookies to improve your experience and understand how visitors interact with our site. You can manage your cookie preferences through the cookie banner on your first visit, or through your browser settings. For more detail see Section 8 below.

Beyond, Inner and high-tier coaching data

When you join a high-tier b.reathe coaching programme we collect and process health and biometric data with your explicit consent. This includes WHOOP biometric data (recovery score, heart rate variability, resting heart rate, sleep performance, strain, respiratory rate, skin temperature, workouts) accessed via the WHOOP API; body measurements (weight, height); blood test results processed via Forth With Life; meal logs and delivery information; workout completion logs; menstrual cycle data where applicable; and member-reported notes about energy, mood, symptoms, and lifestyle context shared during your weekly check-in.

3. How we use your data

We use your personal data for the following purposes:

  • To deliver your scorecard result and personalised follow-up emails
  • To send you marketing emails you have opted in to receive
  • To manage your b.reathe Together membership and process payments
  • To respond to enquiries submitted through our contact forms
  • To improve our website and understand how it is being used
  • To comply with our legal obligations
  • To deliver personalised coaching services to high-tier members, including weekly data-driven emails, monthly 1-1 calls, and ongoing programme support
  • To analyse biometric and lifestyle data in order to spot patterns, recommend adjustments, and produce personalised insights
  • To coordinate blood testing and meal delivery on your behalf with our service partners

4. Our lawful basis for processing

Under UK GDPR, we rely on the following lawful bases:

Consent

For email marketing and cookies. You can withdraw consent at any time by unsubscribing or adjusting your cookie settings.

Contract

For processing your membership and delivering the services you have signed up for.

Legitimate interests

For responding to contact form submissions and improving our website and services.

Legal obligation

Where we are required to retain data by law, such as financial records.

Explicit consent (UK GDPR Article 9)

For processing special category data including health and biometric information collected through high-tier coaching programmes. You give this explicit consent when you join Beyond, Inner or any tier that includes biometric tracking. You can withdraw consent at any time by contacting us at [email protected], which will end your access to those services.

5. Third parties we share data with

We do not sell your data. We share it only where necessary with the following service providers:

GoHighLevel / LeadConnector

Our CRM and email marketing platform. Stores contact data, manages email sequences and hosts our forms and scorecard.

Payment processor

Used to securely process membership payments. We use FastPayDirect for payment processing. They handle card data directly and we do not store full card details.

WHOOP, Inc.

Source of biometric data for high-tier members. With your explicit OAuth authorization, we access your WHOOP recovery, sleep, cycle and workout data via the WHOOP API. You can revoke this authorization at any time via your WHOOP account settings, which immediately stops our access. WHOOP is based in the United States and we rely on UK GDPR-compliant safeguards for international data transfer.

Make.com (Celonis)

Automation platform used to securely transfer your WHOOP data into our internal Notion-based coaching system on a scheduled basis. Data is encrypted in transit. Make.com is based in the Czech Republic (EU).

Notion Labs, Inc.

Internal database where your biometric data, check-ins, workout logs and coaching records are stored. Access is restricted to Katie Harvey only. Notion is based in the United States and we rely on UK GDPR-compliant safeguards for international data transfer.

Forth With Life

UK-based blood testing partner used for quarterly biometric panels for Beyond and Inner members. We order panels on your behalf. Forth holds your test results under its own privacy policy and we access them with your consent. Forth is based in the United Kingdom.

Meal delivery partners (Frive, HelloFresh, or your chosen provider)

Meal partners used by high-tier members. We may share your name and delivery address with them where you have asked us to coordinate delivery. Each partner operates under its own privacy policy.

All third parties are required to process your data securely and in accordance with applicable data protection law.

6. International data transfers

Some of the third parties we use (including WHOOP and Notion) are based in the United States. When your data is transferred outside the UK or EEA, we rely on appropriate safeguards required by UK GDPR, including Standard Contractual Clauses and equivalent data protection mechanisms, to ensure your personal data continues to be protected to UK standards.

7. How long we keep your data

We retain your personal data only for as long as necessary:

  • Email marketing contacts are retained until you unsubscribe
  • Membership records are retained for 7 years in line with financial record-keeping requirements
  • Contact form submissions are retained for up to 2 years
  • Scorecard data is retained for up to 2 years unless you request earlier deletion
  • Biometric and coaching data for Beyond and Inner members is retained for the duration of your membership plus 90 days, after which it is deleted from our active systems (subject to financial record-keeping requirements)
  • WHOOP API access tokens are deleted immediately when you revoke authorization or your membership ends

8. Cookies

Our website uses cookies — small text files stored on your device — to improve functionality and understand how the site is used. We use:

Essential cookies

Required for the website to function. These cannot be disabled.

Analytics cookies

Help us understand how visitors use our site so we can improve it. These are only set with your consent.

Marketing cookies

Used to track visits and personalise content. These are only set with your consent.

You can manage or withdraw your cookie consent at any time through your browser settings.

9. Your rights

Under UK GDPR you have the following rights in relation to your personal data:

  • Right of access — to request a copy of the data we hold about you
  • Right to rectification — to request we correct inaccurate data
  • Right to erasure — to request we delete your data, subject to legal obligations
  • Right to restrict processing — to request we limit how we use your data
  • Right to data portability — to receive your data in a commonly used format
  • Right to object — to object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent — where processing is based on consent, you can withdraw it at any time
  • Right to revoke WHOOP authorization — at any time, via your WHOOP account settings. We will immediately delete the corresponding access tokens and stop receiving your WHOOP data.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Coaching, not medical advice

b.reathe coaching services, including Beyond and Inner, are wellness coaching programmes. They are not medical care and should not replace advice from a qualified medical professional. The biometric data and blood test results we discuss with you are interpreted in a coaching context, not a clinical one. If we spot something that may need medical attention, we will recommend you speak with your GP or relevant specialist. You remain responsible for your own medical decisions.

11. Changes to this policy

We may update this privacy policy from time to time. The date at the top of this page will reflect the most recent update. We encourage you to review this page periodically. Continued use of our website or services after any changes constitutes acceptance of the updated policy.

Questions about this policy?

Get in touch directly.

[email protected]