LOWLU LIMITED
Privacy Policy
Website: lowlu.co
Last updated: March 2026
Contact: hello@lowlu.co
This policy explains what personal data Lowlu Limited collects, why we collect it, and what we do with it. We've written it in plain English with no legal padding or waffle to make it easy to understand. If you have questions, email us at support@lowlu.co.
1. Who we are
Lowlu Limited operates sauna and cold plunge venues in the UK. Our website is lowlu.co. For data protection purposes, we are the controller of your personal data.
2. What we collect
We collect different information depending on how you interact with us:
When you make a booking or create an account:
- Your name and email address
- Your booking history and visit records
- App account information (if you use the Lowlu app)
- Your marketing preferences
When you contact us:
- Your name, email, and the content of your message
When you visit our website:
- Analytics data via Google Analytics 4 (GA4) - pages visited, time on site, device type
- Technical data such as your IP address and browser type
3. Why we collect it and our legal basis
We only collect data we actually need. Here's why we collect each type and the legal basis we rely on:
| Purpose | Data used | Legal basis |
|---|---|---|
| Managing your bookings and account | Name, email, booking history | Contract performance |
| Sending you emails about your sessions and habits (e.g. return visit nudges, milestones) | Name, email, visit history | Legitimate interest / consent |
| Customer service - responding to enquiries and complaints | Name, email, message content | Contract performance / legitimate interest |
| Improving our website and understanding how people use it | Analytics data via GA4 | Legitimate interest (with cookie consent) |
| Sending marketing emails, if you've opted in | Name, email, preferences | Consent |
4. Who we share it with
We don't sell your data. We share it only with the tools that help us run Lowlu, and only to the extent necessary:
- Klaviyo - our email marketing platform, used to send booking-related and marketing emails
- Our booking and app platform - used to manage your account and reservations
- Payment processors - to handle transactions securely (we do not store your card details)
- Google (GA4) - for website analytics
All third parties we use are required to handle your data securely and in accordance with data protection law. Where they are based outside the UK, we ensure appropriate safeguards are in place.
5. How long we keep your data
We keep your data for as long as you are an active customer, plus a reasonable period after that. Specifically:
- Booking and account data: retained for 3 years after your last visit
- Marketing data: until you unsubscribe, then deleted within 30 days
- Customer service correspondence: 2 years
- Analytics data: governed by Google's retention settings (we use a 14-month window)
When data is no longer needed, we delete or anonymise it.
6. Cookies
Our website uses cookies. Here's a plain-English breakdown:
- Essential cookies - needed for the site to function. These can't be turned off.
- Analytics cookies (GA4) - help us understand how people use the site. You can decline these via our cookie banner.
You can manage or withdraw cookie consent at any time using the cookie settings link in our website footer.
7. Your rights
Under UK GDPR, you have the right to:
- Access - ask for a copy of the data we hold about you
- Correction - ask us to fix inaccurate data
- Deletion - ask us to delete your data (subject to any legal obligations we have to retain it)
- Restriction - ask us to limit how we use your data
- Portability - receive your data in a common format
- Object - object to processing based on legitimate interest
- Withdraw consent - for any processing based on consent (e.g. marketing emails)
To exercise any of these rights, email us at support@lowlu.co. We'll respond within one month.
8. Marketing emails
We send two types of emails: transactional (related to your bookings and account, these don't require opt-in) and marketing (promotional content, you can opt in when signing up or at any time via your account settings).
You can unsubscribe from marketing emails at any time by clicking the unsubscribe link in any email, or by emailing support@lowlu.co.
9. How we protect your data
We take reasonable steps to protect your data from unauthorised access or disclosure. Our systems use encryption in transit, and we limit access to personal data to staff who need it to do their jobs.
No system is 100% secure. If you believe your data has been compromised, please contact us immediately at support@lowlu.co.
10. Complaints
If you're unhappy with how we've handled your data, please contact us first at support@lowlu.co; we'd like the chance to put it right.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
11. Changes to this policy
We'll update this policy when our practices change. If we make significant changes, we'll let you know by email or by a notice on our website. The date at the top of this page shows when it was last updated.