← Back to kiramei.co.uk

Legal

Privacy Policy

Last updated: 29 May 2026

1. Who We Are

This Privacy Policy describes how Kira Mei ("we", "us", "our") collects, uses, stores, and protects your personal data when you visit www.kiramei.co.uk or purchase our digital products.

We are the data controller for the purposes of UK GDPR and the Data Protection Act 2018.

Contact: hello@kiramei.co.uk

2. What Data We Collect

When you make a purchase:

  • Identity data: Name
  • Contact data: Email address
  • Payment data: Processed entirely by Stripe — we do not store card details. We receive confirmation of payment status and a Stripe customer reference only.

When you visit the website (analytics):

  • Visitor ID: A randomly generated identifier stored in a cookie (km_v) that persists for 365 days, used to distinguish unique visitors
  • Session ID: A randomly generated identifier stored in a cookie (km_s) that expires after 24 hours, used to group activity within a visit
  • Pages visited: The URL path of each page you view
  • Referrer: The URL of the page you came from, if your browser provides it
  • UTM parameters: Campaign and source tags from marketing links (e.g. utm_source, utm_campaign)
  • Scroll depth: How far down a page you scroll (recorded at 25%, 50%, 75%, 100% milestones)
  • Click events: Interactions with specific buttons or links that we have explicitly tagged for tracking
  • Device type: Broadly categorised from your browser's user agent (e.g. mobile, desktop)
  • Country: Derived from your IP address by our hosting provider (Vercel). We receive the country code only — we do not store your IP address.

This analytics data is collected by our own first-party tracking system. No third-party analytics provider (e.g. Google Analytics) is used.

If you take our optional "Is this for you?" quiz:

  • Diagnostic answers: Your training experience, your main goal, and the obstacle you identify with
  • Age range: A broad band (e.g. 25–34), not your date of birth
  • Weight range (optional): A broad band (e.g. 70–80kg) which you may decline to provide. Because this relates to your physical condition, we treat it as special-category (health) data under Article 9 UK GDPR
  • Email address (optional): Only if you ask us to email your result

Your quiz result is shown to you on screen whether or not you let us keep your answers. We store these answers only if you give explicit, opt-in consent on the result screen. When stored, they are held against your random visitor cookie (km_v) — not your name — and are used in aggregate to understand which audiences our products suit. You can ask us to delete them at any time.

3. Why We Collect Your Data (Legal Basis)

We process your personal data on the following legal bases under UK GDPR:

  • Contract performance: To process your payment, send your account-activation link, provide access to the web portal, and provide order-related communications.
  • Legitimate interests: To operate first-party analytics that help us understand how the website is used and improve the experience. This automatic tracking is privacy-friendly — it uses no third-party scripts, does not profile you for advertising, and collects no sensitive personal data.
  • Consent: For optional marketing communications you opt into, and for keeping the answers you give in our optional diagnostic quiz. Where those answers include a weight range, we rely on your explicit consent as the Article 9 condition for processing special-category (health) data. You may withdraw any of these consents at any time.
  • Legal obligation: To retain payment and transaction records as required for tax and regulatory purposes.

4. How We Use Your Data

Your data is used to:

  • Process your payment and provide access to your digital products
  • Send order confirmation and account-activation emails
  • Track your progress through the programme weeks (which weeks you have unlocked and completed) so the portal can show you the right content
  • Respond to your support queries
  • Understand which pages and content are most useful (via analytics)
  • Measure the effectiveness of our marketing campaigns (via UTM data)
  • Improve the website experience based on scroll and click behaviour
  • Send occasional updates about new products or content (only with your consent; opt-out at any time)
  • Understand, in aggregate, which audiences our products suit best — using consented quiz answers — so we can improve our products and how we describe them

This aggregate analysis does not make any automated decision about you that produces legal or similarly significant effects, and it has no effect on the price you pay or the access you receive. We do not use your data for advertising profiling, and we do not sell it to any third party.

5. Cookies

We use two first-party cookies for our own analytics. No third-party tracking or advertising cookies are used.

  • km_v — Visitor ID
    A randomly generated anonymous identifier. Used to count unique visitors and understand return visit patterns. Expires after 365 days.
  • km_s — Session ID
    A randomly generated identifier scoped to your current visit. Used to group page views and events within a single session. Expires after 24 hours.

These cookies do not contain any personally identifiable information. They are not shared with any third party and are not used for advertising.

You can block or delete cookies at any time through your browser settings. Doing so will not affect your ability to use the website or purchase our products.

6. Who We Share Your Data With

We share your data with a limited number of trusted third-party processors only as necessary to operate our service:

All processors are contractually obligated to handle your data securely and in accordance with applicable data protection law.

We do not sell, rent, or trade your personal data to any third party for marketing purposes. We may disclose your data if required to do so by law, court order, or regulatory authority.

7. Data Retention

We retain your personal data only for as long as necessary:

  • Order and customer records: Retained for 7 years as required by HMRC for tax purposes
  • Analytics event data: Retained for up to 12 months, after which it is deleted or anonymised
  • Quiz answers: Retained for up to 12 months, after which they are deleted or aggregated into non-identifying statistics
  • Marketing consent records: Retained until you withdraw consent

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Ask us to correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data, subject to legal retention obligations
  • Right to restrict processing: Ask us to limit how we use your data in certain circumstances
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: Withdraw consent for marketing at any time (this does not affect processing carried out prior to withdrawal)

To exercise any of these rights, email hello@kiramei.co.uk. We will respond within 30 days. We may need to verify your identity before processing a request.

9. Security

We take the security of your data seriously. Measures in place include:

  • HTTPS encryption on all website traffic
  • Encrypted database storage via Supabase
  • No storage of payment card details
  • Analytics data is anonymous — visitor and session IDs are randomly generated and not linked to your identity

No method of transmission over the internet is 100% secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the ICO as required by law.

10. Children

Our products are not directed at anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has submitted data to us, please contact us immediately and we will delete it.

11. International Transfers

Some of our service providers (including Stripe, Vercel, and Supabase) may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions recognised under UK law.

12. Complaints

If you are unhappy with how we have handled your personal data, please contact us first at hello@kiramei.co.uk.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Helpline: 0303 123 1113

13. Changes to This Policy

We may update this Privacy Policy from time to time. The current version will always be available at www.kiramei.co.uk/privacy. Significant changes will be communicated by email to customers who have purchased from us.

Kira Mei — Digital Fitness Education