Last updated: 7 May 2026

Privacy Policy

1. Introduction

Lucid ADHD is a trading style of Botonics Limited (“we”, “us”, or “our”). We are committed to protecting your privacy and ensuring the security of your personal data. This policy outlines how we collect, utilise, and safeguard your information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

Botonics Limited is the Data Controller for all personal information collected through the Lucid ADHD service.

3. The Data we Collect

We process different categories of personal data depending on your interaction with us:

  • Identity & Contact Data: Name, email address, phone number, and date of birth.
  • Financial Data: Payment card details (processed securely via Stripe and Trustpayments; we do not store full card numbers).
  • Special Category (Health) Data: ADHD screener results, clinical history, medical records, and assessment reports.
  • Technical Data: IP address, browser type, and usage data collected via cookies for marketing optimisation.

4. Legal Basis for Processing

We only process your data when we have a lawful basis to do so:

  • Consent: When you opt-in to receive nurture emails or download resources.
  • Contract: To fulfil your booking for a clinical assessment.
  • Legal Obligation: To comply with medical record-keeping regulations.
  • Healthcare Purposes (Article 9 GDPR): Processing special category data is necessary for the provision of health or social care or treatment.

5. How we Share your Data

We never sell your data. We share information only with authorised third parties necessary for our service:

  • Clinical Team: UK-registered clinicians performing your assessment.
  • Keap (Infusionsoft): Our CRM for marketing automation and patient communication.
  • Stripe/Trustpayments: For secure payment processing.
  • Jotform: For secure collection of clinical medical history.
  • Nexus Healthcare: Our marketing partner (utilising anonymised aggregate data for ad optimisation).

6. International Transfers

Some of our service providers (e.g., Keap) are based in the US. We ensure standard contractual clauses (SCCs) are in place to guarantee a level of data protection equivalent to UK law.

7. Data Retention

  • Marketing Leads: Retained for 24 months unless you unsubscribe.
  • Clinical Records: Personal health records are stored for a minimum of 20 years in accordance with British medical guidelines and medico-legal requirements.

8. Your Rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate information.
  • Erase your data (the “right to be forgotten”), subject to medical record retention laws.
  • Restrict or object to processing.
  • Withdraw consent at any time.

9. Complaints

If you have concerns, please contact our Data Protection Officer. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Book a 90-minute consultation for personalised guidance and practical next steps.

Book Your 90-minute Consultation