top of page

Privacy Policy

Last updated: 18 October 2025

 

This Privacy Policy explains how Third Eye ("we", "us", "our") collects, uses, discloses and protects personal information when you visit thirdeyenow.com, use our courses (including Orientation and Stages 1–7), mentoring, timers and forms, participate in our community features, or otherwise interact with us. We are committed to handling personal information lawfully, fairly and transparently under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018). We also follow the Privacy and Electronic Communications Regulations (PECR) for cookies and similar technologies.

1) Who we are (Controller)

Controller: Third Eye

 

Contact for privacy matters: privacy@thirdeyenow.com

 

If you are based in the UK or EU/EEA and wish to exercise your privacy rights, contact us using the details above.

2) What this policy covers

This policy applies to:

- Our public website pages and member-only areas (including Orientation and Stages 1–7).

- Mentoring (including chat and scheduled check‑ins), help forms, feedback forms and support requests.

- Email/SMS communications and automations.

- Account administration for courses and memberships (all courses are free).

This policy does not cover third‑party websites, services or platforms that we link to. Those providers have their own privacy notices.

3) What we collect

We collect and process the categories of personal data listed below. You may provide some data directly (e.g., when creating an account or completing a form). Some data is collected automatically (e.g., via cookies or similar technologies).

 

A. Identity & contact data

Name, email address, country/region, account ID, usernames/handles you choose to share.

 

B. Account & membership data

Account credentials (hashed passwords), membership tier, enrolments, support history, preferences and settings (e.g., timer lengths).

 

C. Training progress & mentoring data

Responses in session check‑ins and mentoring tools (for example: session length, clarity level, focus stability, shape activity, notes/observations you choose to record), your messages in mentoring chat, course progress (e.g., stage unlock timing), preferences and settings (e.g., timer lengths).

 

D. Communications

Email and SMS preferences, your communications with us (e.g., support requests, mentorship messages), and our replies.

 

E. Technical & usage data

IP address, device and browser type, operating system, approximate location (derived from IP), device identifiers, pages viewed, time on page, referral URLs, event logs (e.g., button clicks, errors), and similar analytics.

 

F. Cookies & similar technologies

Cookies, local storage, and similar technologies used for essential site functions (e.g., security, log‑in), performance/analytics, preferences, and (if enabled) marketing.

 

G. Special category data (optional)

We do not ask for special category data (e.g., health, religion) to use our services. However, if you choose to disclose such information in free‑text fields (e.g., notes, mentoring chat), we will process it only with your explicit consent or another valid condition under Article 9 UK GDPR. You can avoid sharing such information by not including it in free‑text fields.

4) Research & scientific collaboration

We aim to advance understanding of the human visual system and may collaborate with scientists, research institutions and relevant bodies.

 

5) Cookies & similar technologies

We use cookies and similar technologies:

- Strictly necessary: security, network management, authentication, load balancing.

- Preferences: remembering settings (e.g., timer options, interface choices).

- Performance/analytics: understanding site usage to improve the service. 

- Marketing (if enabled): measuring campaigns and reach.

 

6) Sharing your data

We share personal data with trusted recipients:

- Service platform & hosting: our website is built and hosted on a managed platform and their subprocessors (e.g., data hosting, content delivery, security).

- Email/SMS providers: to send transactional and (if you opt‑in) marketing messages.

- Analytics & performance: to understand usage and improve the service. 

- Professional advisors: accountants, auditors, legal counsel (bound by confidentiality).

- Authorities: where required by law or to protect rights, safety, or enforce terms.

- All third parties are required to handle personal data securely and only according to our written instructions where acting as processors.

 

7) International transfers

Our service providers and their subprocessors may process data in countries outside the UK. Where such transfers occur, we use one or more of the following safeguards: - UK adequacy regulations (where the destination is deemed adequate), and/or - the UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs, plus transfer risk assessments and additional safeguards as needed.

This may include transfers to research partners and scientific advisors in other countries. You can contact us for a list of relevant transfer mechanisms and key processors.

 

8) How we protect your data

We apply appropriate technical and organisational measures proportionate to the risk, including encryption in transit (TLS), access controls, role‑based permissions, back‑ups, staff confidentiality obligations, and vendor due‑diligence. No system can be 100% secure; we maintain and improve controls over time.

 

9) Data retention

We keep personal data only as long as necessary for the purposes set out above, and to meet legal, accounting or reporting requirements. Typical periods:

 

- Account/profile & membership records: duration of your account + up to 3 years (to resolve issues and maintain service records).

- Training progress & mentoring data (check‑ins, notes, chat): duration of your active membership + 24 months (to support continuity if you return) unless you delete it sooner.

- Research data (identifiable): retained only with your explicit consent for the duration described at the point of consent (or until you withdraw consent).

- Aggregated/anonymised research datasets: may be kept indefinitely for longitudinal analysis and publications, as they no longer identify you.

- Transactional/service communications: up to 3 years (record keeping of service delivery).

- Marketing data: until you opt out (we keep minimal suppression records to honour your choice).

- Technical logs/analytics: 3–24 months, aggregated or anonymised sooner where possible. Where data is no longer needed, we delete or anonymise it.

 

10) Your rights

Under UK data protection law, you have rights over your personal data, including: access, rectification, erasure, restriction, portability, objection to processing (including where based on legitimate interests), and the right to withdraw consent. You also have rights related to automated decision‑making where it produces legal or similarly significant effects. To exercise any right, contact us using the details above. We will respond within one month (extensions may apply in complex cases).

11) Children

Our services are intended for people 16+. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data, please contact us and we will take appropriate steps to delete it.

 

12) Automated decision‑making

We do not carry out automated decision‑making that produces legal or similarly significant effects about you. Automated features such as staged course unlocks and reminder schedules are service functions under your account and do not have such effects.

13) How to contact us & complaints

If you have questions or concerns about privacy, contact us at privacy@thirdeyenow.com

 

14) Changes to this policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. We will post any changes here and update the “Last updated” date. For significant changes, we may provide additional notice (e.g., by email or within your account).

 

15) Additional details for transparency (who we use)

To help you understand how your data flows through our service, here are examples of the types of providers we use. The exact providers may change over time; we will keep records and contracts in place with each provider.

 

- Website platform & hosting: managed website platform and its subprocessors for hosting, content delivery, DDoS protection, metrics.

- Email/SMS: transactional email and SMS providers for service and (if you opt‑in) marketing communications.

- Analytics/performance: tools for site usage measurement, error tracking, A/B testing, performance monitoring.

- Research partners & scientific advisors: universities, laboratories and independent researchers engaged under data‑sharing agreements for aggregated/anonymised analysis; identifiable data only with explicit consent.

- Customer support/mentoring: helpdesk/chat tools used to respond to your requests and facilitate mentoring conversations.

- We can provide a current list of core processors on request, including their roles, locations, and transfer safeguards. If we materially change core processors, we will update our records and (where required) notify users.

- We may use anonymised or aggregated check‑in data to collaborate with scientists and publish or register findings; we’ll ask for explicit consent before sharing anything that identifies you.

- You’re in control of optional marketing and what you share in free‑text fields.

- We keep data only as long as needed; you can ask us to access, correct or delete it.

- Some providers are outside the UK; we use recognised safeguards for transfers. 

- Cookies help the site function and improve; you can control non‑essential cookies.

bottom of page