• Home
  • /
  • Blog
  • /
  • Complying with Privacy and Email Marketing Regulations: A Guide for Hypnotherapists

Complying with Privacy and Email Marketing Regulations: A Guide for Hypnotherapists

Just recently, I (Keith Livingston) got an email from a hypnotherapist. They talked about how their practice was changing, what new services they were offering, and their new location. Very exciting! There was a problem, however. 

I had never signed up to receive emails from them. It was SPAM!

Keep your emails out of people's spam folders.

What Is Spam?

Most of us are used to thinking of spam as scam emails about winning the lottery, or promoting some questionable product. And while that covers some of it, there are rules that define whether an email is spam, and they are pretty simple: 

Spam is unsolicited, commercial email.

Unsolicited:  This just means the receiver did not ask for the email. Regarding the hypnotherapist that sent me unsolicited email, I didn’t opt in, or choose to be part of this hypnotherapist’s email list, and I not only didn’t know them, but never signed up to receive anything from them.

Commercial:  According to Dictionary.com, "commercial" is an adjective that means “of, connected with, or engaged in commerce; mercantile”.

In other words, if the email is from a business and not directly related to your personal account with that business (i.e. a bill, or a receipt, etc), then it is commercial. It is intended to market to you or sell you something, even if there is no direct sales pitch. Newsletters from businesses are considered commercial.

An example from the IHA: 

We recently had a move from one membership platform to another. A member update was sent to all members because this directly affected their personal profiles. There was necessary information regarding their membership and their ability to log into their accounts.

We sent an email about that to all existing members because it was necessary information, and not trying to market to them or sell them anything.

If we send an email that is more general, just talking about “What’s New at the IHA” without any necessary action or impact on personal accounts, that would be considered commercial. We would only send that email to members that have agreed to receive a newsletter or marketing emails.

So Don't Just Email A Random List Promoting Your Services

Don't just send marketing email to a random list of strangers.

Even though your hypnotherapy practice may be a small, neighborhood business, you can't just send email promoting it to everyone.

Back to the spam I received from that hypnotherapist:

When I say there was a problem with the email, that wasn't exactly true...

There were many problems.

That email had everyone's email address either in the To: or the Cc: field.  

Meaning I could see the name and email addresses of everyone else the email was sent to. Think about that for a moment. Your name and email address, sent by someone you don’t know, to a whole lot of people that you don’t know.

So now, all of the people on that list have everyone else’s information. Some of those people were probably clients!!!

So much for privacy.

AND the email was sent from the hypnotherapist’s personal email account with no unsubscribe link. This would violate several regulations in almost any country, and subject the sender to thousands of dollars in fines.

So I thought it was time to do a write-up about marketing and privacy, to help you all comply and operate your business successfully and ethically.

Important Disclaimer 

The IHA does NOT offer legal advice, nor claim expertise in the law regarding email and personal data in all countries. As always, the regulations in your area may vary. DO NOT take any of this content as legal advice. This article contains useful and somewhat general information and is not a complete guide covering every aspect of this issue. It is meant to encourage readers to investigate further on their own for information regarding the regional and international laws pertaining specifically to their business and region.

Introduction To Privacy And Data For Hypnotherapists & NLP Practitioners

As a hypnotherapist or NLP practitioner, you understand the importance of building strong relationships with your clients.

Email marketing (and other marketing channels) can be valuable tools to keep in touch, share information, and promote your services.

However . . .

Privacy and Data

It is crucial to meet privacy and electronic communications marketing regulations to ensure compliance and protect both your clients and your practice. This goes for any physical records you keep, as well. 

In this article, you’ll get some general guidelines to help you comply with these regulations.

Understanding Privacy and Data Protection Laws

You may need to familiarize yourself with the relevant privacy and data protection laws in your area, for example the General Data Protection Regulation (GDPR) in the European Union or the California Consumer Privacy Act (CCPA) in the United States.

Here are some key points that almost all of the data and privacy laws include:

  1. 1
    Obtain consent: You need explicit permission from someone before collecting or storing their personal information, or sending them marketing communication.
  2. 2
    Protect Personal Data: You need to have secure data storage to protect the data you collect, via methods such as encryption and secure servers.
  3. 3
    Have a Retention Policy: Establish a policy for how long you will retain client data and regularly review and delete unnecessary information. 

Building Your Email List

Building your email list as a hypnotherapist.

Growing an engaged email list is an effective way to reach your clients and prospects.

However, it's important to follow best practices and respect privacy regulations.

Here's how:

  • Permission-based approach: Only send emails to people who have explicitly opted in to receive marketing communications from you. Do NOT buy or rent email lists.
  • Opt-in forms: Have clear messages on your opt-in forms, ensuring clients and potential clients understand what they're subscribing to and how their information will be used. Clearly communicate that subscribers may receive marketing emails from your practice.
  • Unsubscribe option: Include a visible and easily accessible unsubscribe link in all your marketing emails, allowing recipients to opt out at any time. Any professional ESP (email service provider) will provide this option automatically.
  • Have Your Business Address Visible: Most ESPs will require you to have a visible, physical address in your marketing email. Even if they don’t - put it there anyway.

Content and Email Practices

People get lots of email these days, sometimes subscribing to a newsletter to get a free download, and then forgetting about the subscription.

Your subscribers might not remember who you are or recognize you from your email address.

If they don’t remember you ...

Or your subject line doesn’t interest them...

Or your messages are annoying...

They might mark your messages as spam rather than using the unsubscribe link - especially if the "Unsubscribe" is not easy to find.

Make your Unsubscribe link easy to find.

I have seen a lot of marketing emails that have the unsubscribe link in tiny text that is a color that is hard to see, and mixed in with other text rather than standing out and easy to find. 

Maybe the people that do that hope that their subscribers will NOT unsubscribe. Maybe they think that keeping people on a list so the list is BIG is a smart move.

If that is what they think...

they are wrong.

You WANT people that don’t want your emails to unsubscribe.

This keeps your email list full of people who want your emails so that they engage with the emails by opening them, reading them, clicking on links, etc.

If the emails are annoying or the unsubscribe link is hard to find, and people just mark the email as spam … that’s bad for you.

Getting emails marked as SPAM will affect
your ability to deliver future email to legitimate subscribers.

Compelling Content

Crafting compelling and relevant content is one key to successful email marketing, and to keeping the emails you send in front of your audience and OUT of the spam folder. 

Keep the following email content guidelines in mind

Clear identification

Clearly identify yourself as the sender and provide accurate contact information in every email you send. Remind your audience how they know you.

Honest subject lines

Avoid deceptive or misleading subject lines that may confuse or mislead recipients. If possible, have a short subject line that is interesting AND includes some kind of identification in the subject or first line of the email.

Consistent Branding

Maintain a consistent brand image across your emails, aligning with your website, social media, and other marketing materials. You want folks to recognize your emails and associate them with you and your other types of content.

Personalization and segmentation

Tailor your emails to specific client segments where possible, ensuring your messages are relevant and valuable to each recipient. For instance, the hypnotherapist that sent me the SPAM email was thousands of miles away from me. AND I’m not a client. The email was completely irrelevant to me. 

If they had a way to segment their email list into those that lived within driving distance and those who did not, they could have a better response to their emails.

Email Regularly

If you email every six months, a lot of people aren’t going to know who you are, so for an email list to be useful and productive, consistency is key.

Email regularly and often, but not TOO often. There’s a balance between staying in touch and top-of-mind with potential clients, and being annoying (which will get you spam complaints). 

I would suggest at least once a month, minimum.

Handling Personal Information

As a hypnotherapist, you will need to collect personal information from your clients.

Make sure you take the necessary steps to protect their privacy.

A quick overview of these steps includes (but is not limited to) the following:

Be careful handling personal information.
  • Confidentiality and consent: Obtain informed consent from your clients to collect and store their personal information. Clearly communicate how their data will be used and inform them of your data storage, privacy, and confidentiality policies.
  • Secure storage and access: Implement robust security measures to safeguard client data, both in electronic and physical form. Limit access to personal information and regularly update your security protocols.
  • Data breach response: Have a plan in place to respond to a data breach promptly and effectively. Notify affected individuals and relevant authorities as required by law.

This plan can be as simple as “If a data breach occurs, I will send an email to any affected persons, and post a web page with the information. I will notify any government authorities I’m required to notify.”

A data breach would likely not occur from you, but perhaps from your credit card processor, or other service you use.

For example, if you use PayPal to process payments, and PayPal has a data breach, you will receive a notice from them telling you what happened and relevant dates and information. Anyone that paid you during the affected time should be notified by you. They may also be notified by PayPal, but you’ll want to contact them, let them know, tell them what they need to do as well as what you are doing.

Consider Healthcare Privacy Regulations

Consider healthcare regulations when thinking about privacy for hypnotherapy clients.

It can be unclear whether healthcare privacy and data storage regulations cover hypnotherapists.

However, it is safest for your clients and your business if you exercise an abundance of caution and comply with healthcare data laws and standards.

Consider the following:

  • Treat client information with care: Apply the same level of professionalism and confidentiality to client data as you would with any healthcare-related information.
  • Secure Written Records: Any written client records should be stored in a locked area, with access to the keys limited to authorized personnel only. You may consider keeping identifying information separate from written records in a secure file, and using a coding system to identify records.
  • Secure electronic records: If you maintain electronic records, ensure they are securely stored, encrypted if necessary, and accessible only to authorized individuals.

Maintain Records of Consent

To comply with email marketing regulations, it's important to be able to produce records proving that individuals signed up to receive marketing emails from your practice.

 Legitimate email marketing software and services provide this functionality for you.

Take can take the following steps:

As a hypnotherapist, you should maintain records of consent.
  • Choose a reputable email marketing service: Select a trusted provider that offers managing subscriber consent and maintaining a record of opt-ins.
  • Retain consent records: Keep a secure backup of the consent records, including timestamps and IP addresses, as required by applicable regulations (your ESP will provide this, but you need a secure backup).
  • Regularly review and update records: Periodically review your records to ensure they are accurate, up to date, and reflect the preferences of your subscribers.

Utilize Intake Paperwork to Obtain Consent

Hypnotherapists and NLP practitioners should have intake paperwork.

In addition to online opt-in forms, you can include a checkbox on your hypnotherapy intake paperwork to gain consent for future marketing communication.

This checkbox should explicitly state that you may follow up with the client, providing information about future offerings and news about your hypnotherapy practice. 

Remember the following about the consent checkbox on your intake paperwork:

Clearly explain the purpose: Inform clients that by checking the box, they are giving permission for you to contact them for marketing purposes.

Ensure that it's optional: Make sure the checkbox is not pre-checked, allowing clients to freely choose whether they wish to receive marketing communications.

Honoring Data Deletion Requests

Honor data deletion requests.

People have the right to request the deletion of their personal information in certain circumstances.

As a hypnotherapist, you must comply with such requests, unless the removal of personal data violates a regulation.

Consider the following:

  • Establish a process: Develop a procedure for handling data deletion requests, ensuring they are promptly addressed and properly documented.
  • Verify identity: Take necessary precautions to confirm the identity of the individual making the deletion request to protect against unauthorized data removal.
  • Retain necessary records: Retain basic records that protect you (i.e. consent records, etc), and maintain records of the data deletion requests and actions taken to comply with them, in case of future inquiries or audits.

Here's a look at how The International Hypnosis Association deals with some of these issues.

We don't see clients, so we don't have patient confidentiality to take into account. However, when someone activates an IHA membership, they check a box indicating that they have read our Code of Ethics and Terms and Conditions, as well as giving us permission to send them email. 

The wording of the checkbox is as follows . . .

By becoming an IHA member you agree to abide by the IHA Code of Ethics and IHA Terms and Conditions, as well as to receiving emails concerning your account status, member updates, and member promotions or newsletters. You will be able to unsubscribe from any promotional email at any time.

Please check the box, and then click the “Next” or "Continue To Payment" button to continue.

We use VBout as our email service provider. For anyone signing up to email services via VBout, they maintain records of email signups, including IP addresses and time of signup. Here is an example (private information redacted):

Vbout Contact Information
Vbout collect information including IP addresses.
Type of activity information that Vbout collects.

Credit Card And Financial Data

In the old days of the internet, businesses stored credit card information to make future purchases easier.

Regulations have changed, and small businesses typically offload the storage of any crucial data, such as credit card numbers, to services that specialize in secure data storage for financial information.

Protecting credit card information.

An Example From the IHA

The International Hypnosis Association is never in possession of your credit card number. When a charge is placed, the financial information goes from our shopping cart program to our credit card processor.

We never see your credit card number. We literally don't have access to it, so we can’t lose it or expose it to hackers. Our shopping cart provider also does not store credit card numbers.

You will probably do the same when charging clients. In other words, PayPal, Stripe, or other credit card processing services will be in charge of encrypting and storing financial data.

Our full privacy policy can be found here.

Common misconceptions about email marketing. 

  1. "I can send marketing emails to anyone who is already a customer/client."
    Wrong: Just because someone is a client doesn't mean you can send them marketing emails. It's best to get explicit permission to send marketing emails.
  2. "They sent ME a marketing email, so I can send THEM a marketing email."
    Nope: Just because someone has sent you a marketing email doesn't mean you can send them a marketing email. Again, you must get explicit permission from anyone you're going to send email to.
  3. “Yeah, but this person and I have a business relationship!”
    Again: I'm going to sound like a broken record here. Get permission to send marketing emails.
  4. I can pre-check consent/permission check boxes.
    Absolutely Not: You can have online forms that will not allow the form to be submitted without a box checked (i.e. if the user must agree to terms and conditions before proceeding). However, you should NEVER precheck that box, and if it includes consent for marketing emails, remain true to the "Unsubscribe" information shared above.

Privacy Policy

You should have a privacy policy on your web site, and a privacy policy for your practice. If you'd like to see suggested wording for these, please contact us. If we get a few requests, we'll put something together for the members' area.

Social Media

Hypnotherapy privacy regarding social media.

When posting on Facebook or other social media, don't give away any client information unless you have permission to do so.

If a client posts on your wall that the session you just gave them was fantastic, you can thank them. But don't give away anything else about the session. And don't reveal any additional information about them.

In short, it's ok to respond to a client on social media, but don't provide any information beyond what they themselves revealed. 

General posting without identifying information is fine, such as: "Another successful smoking cessation client today. It's very rewarding to think I'm helping clients lead healthier lives. Of course, most of the credit goes to them!".

IHA’s Email Marketing Choice

VBout is our choice for email marketing as of 2023. It's working well for us, so far. It's overkill for most hypnotherapists as it includes a landing page builder, automations, sms (in conjunction with an sms sending platform) and a social media scheduler, as well as email marketing.

If you're at a point in your business plan that those services make sense, contact us and we can set you up with a plan that you couldn't get as an individual.

What About Email To Individual Clients?

Can you send an email to one of your clients, asking how they're doing after a session? You may have seen this before: Only with their prior permission. 

That includes voicemail as well.

Just remember: Get Permission! - and you'll be fine.

As proud as you may be of your work, some folks might not want anyone to know they’ve been to a hypnotherapist.

And many wouldn’t want the reason they visited you to be exposed to anyone.

So just think first, and consider this before emailing or messaging clients:

Get permission prior to contacting a client via email, social media, or phone.

Perhaps they’re using their work email and their boss has the right to review any communications that come to that address. Or maybe they get email on a shared computer. Even someone seeing that they received an email from a hypnotherapist might be a concern for them.

So, ask for permission to send them follow-up email on your intake form. Point out that email is not the most secure mode of communication and if they have any privacy concerns, don’t send email with sensitive content.

Other family members or business associates may have access to those recordings. (Not to mention if you see them out in public. ALWAYS leave the initial contact up to them, and do not greet them unless they greet you. Follow their lead about how they know you.)

Finally - even if you have permission to email a client, don’t include any information about the session(s) in your email. Keep all email as devoid of private information as possible.

What Do Healthcare Providers Do?

healthcafre forms

In the US, most major healthcare providers won’t communicate much in email.

They will have a secure online portal through which most, if not all communications happen.

That’s probably beyond the reach of most local hypnotherapists.

However, you can make sure you have permission to communicate with your clients, make them aware of any security risks, and communicate via secure channels.

Some chat applications have the ability to encrypt messages, some do not. Whether the encrypted communications meet local regulations is another matter. Please research your local regulations thoroughly.

What About Online Sessions?

Whether hypnotherapists need to meet the data and privacy standards of healthcare providers could be debated. However, consider the level of security most people, including yourself, would want for private information.

None of us wants everyone to have access to the most sensitive aspects of our lives, whether financial or otherwise.

Privacy during online hypnotherapy sessions.

If you do online sessions, and you’re concerned about meeting the standards of healthcare providers, be aware that some video chat apps have premium versions which meet higher privacy and data protection standards.

Zoom, for instance, offers services that may address those concerns.


Respecting privacy and complying with email marketing regulations is essential for hypnotherapists seeking to build trust, maintain professionalism, and avoid legal issues.

Protecting data and privacy is part of operating ethically.

Use the guidelines here to help establish your own internal privacy, data, and ethical marketing policies. 

About the author

Keith Livingston

Keith Livingston is the Director of Education & Operations for the International Hypnosis Association. He's been training Hypnotherapists and NLP Master Practitioners for more than 20 years, and have created, or co-created more than 20 NLP/Hypnosis related programs.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
Posted in Business Practices on June 22, 2023 by  Keith Livingston 0