top of page

Good Girl Deprogramming Community - Privacy Policy

Last updated: April 2026

 

1. Who we are

This Privacy Policy explains how Michelle Minnikin, trading as The Deprogramming Company ("we," "us," "our"), collects, uses, and protects your personal data when you use the Good Girl Deprogramming Community (the "Community").

We are the data controller for the purposes of UK GDPR.

Contact: Michelle Minnikin michelle@deprogramming.company

If you have any questions about how we handle your data, please contact us at michelle@deprogramming.company.

 

2. What data we collect

We collect the following categories of personal data:

When you register:

  • Name

  • Email address

  • Payment information (processed by Stripe - we do not store card details)

  • Country of residence

When you use the Community:

  • Profile information you choose to provide (such as a profile photo or bio)

  • Content you post, share, or contribute within the Community

  • Messages you send to other members or to us

  • Your engagement and activity within the platform

Automatically collected:

  • Device and browser information

  • IP address

  • Usage data (pages visited, features used, time spent)

From third parties:

  • If you were referred to the Community via our referral programme, we may receive your name and email address from Rewardful

  • If you joined via our Kit email list, we may hold the date you subscribed and your email engagement history

 

3. How we use your data

We use your personal data for the following purposes:

To provide the Community:

  • Creating and managing your membership account

  • Processing payments and managing subscriptions

  • Sending you access to Community features and live sessions

  • Communicating with you about your membership

To run the referral programme:

  • Tracking referrals and calculating commissions via Rewardful

To improve the Community:

  • Understanding how members use the platform

  • Improving content, features, and the member experience

To communicate with you:

  • Sending you emails about your membership, upcoming sessions, and Community updates

  • Responding to your questions or concerns

To comply with legal obligations:

  • Maintaining records as required by law

  • Responding to lawful requests from authorities

 

4. Our legal basis for processing

Under UK GDPR, we rely on the following legal bases:

  • Contract: Processing necessary to provide your membership and fulfil our obligations to you

  • Legitimate interests: Improving the Community, preventing misuse, and communicating relevant updates

  • Legal obligation: Where we are required to process data by law

  • Consent: Where you have explicitly opted in - for example, to receive our email newsletter

 

5. Who we share your data with

We do not sell your personal data. We may share it with the following third parties who help us operate the Community:

  • Movement (movement.so) - our Community platform provider. Your membership data and Community activity is hosted on Movement's infrastructure. Movement's Privacy Policy is available at movement.so.

  • Stripe - our payment processor. Stripe processes your payment information securely. Stripe's Privacy Policy is available at stripe.com.

  • Rewardful - our referral programme provider. Rewardful tracks referrals and manages commission payouts. Rewardful's Privacy Policy is available at rewardful.com.

  • Kit (formerly ConvertKit) - our email marketing platform. If you are on our email list, your name and email address are stored in Kit. Kit's Privacy Policy is available at kit.com.

  • Zoom - used for live Community sessions. Zoom's Privacy Policy is available at zoom.us.

All third-party providers are required to handle your data in accordance with applicable data protection law. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses where required.

 

6. Data retention

We retain your personal data for as long as your membership is active and for a reasonable period afterwards, typically 24 months, in case of queries, disputes, or legal requirements.

Payment records are retained for 7 years in accordance with HMRC requirements.

If you request deletion of your data, we will action this within 30 days, subject to any legal obligations that require us to retain certain records.

 

7. Your rights

Under UK GDPR, you have the following rights:

Right of access - you can request a copy of the personal data we hold about you.

Right to rectification - you can ask us to correct inaccurate or incomplete data.

Right to erasure - you can ask us to delete your personal data, subject to certain conditions.

Right to restrict processing - you can ask us to limit how we use your data in certain circumstances.

Right to data portability - you can ask us to provide your data in a commonly used, machine-readable format.

Right to object - you can object to processing based on legitimate interests.

Right to withdraw consent - where we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at michelle@deprogramming.company. We will respond within one calendar month.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

​

8. Cookies

The Community platform (Movement) uses cookies and similar technologies to operate the service. You can manage cookie preferences through your browser settings.

Our website (michelleminnikin.com) may also use cookies for analytics purposes. For full details of cookies used on our website, please see our Cookie Policy at https://www.michelleminnikin.com/cookies.

 

9. Children

The Community is not intended for anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, please contact us and we will delete it promptly.

​

10. Security

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or misuse.

However, no online service is completely secure. We cannot guarantee the absolute security of data transmitted over the internet.

If you believe your account has been compromised, please contact us immediately at michelle@deprogramming.company

​

11. Third-party platforms

The Community is hosted on Movement (movement.so). By joining the Community, you also agree to Movement's Terms of Service and Privacy Policy. We are not responsible for Movement's data practices beyond our contractual arrangements with them.

​

12. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or within the Community. The "last updated" date at the top of this page will always reflect the most recent version.

Continued use of the Community after changes take effect constitutes acceptance of the updated policy.

​

13. Contact

For any data protection queries or to exercise your rights:

Michelle Minnikin michelle@deprogramming.company

For complaints: Information Commissioner's Office - ico.org.uk

bottom of page