Privacy Policy

1. Information We Collect

Information You Provide Directly

We collect information that you voluntarily provide to us when you:

• Subscribe to our email list or claim a free guide (email address, first name)
• Make a purchase (name, email address, billing information processed by Stripe)
• Contact us through our contact form (name, email address, message content)
• Opt in to receive SMS communications (phone number)

Information Collected Automatically

When you visit our website, we may automatically collect certain information about your device and browsing behaviour, including your IP address, browser type, operating system, referring URLs, pages viewed, and the date and time of your visit. This information is collected using cookies and similar tracking technologies.

Payment Information

We do not store your payment card details. All payment transactions are processed securely by Stripe, Inc., a PCI-DSS compliant payment processor. Please review Stripe's privacy policy at stripe.com/privacy for information on how they handle your payment data.

2. How We Use Your Information

We use the information we collect to:

• Process and fulfil your orders and deliver digital products
• Send you the free guide and other content you have requested
• Send you marketing emails, newsletters, and promotional offers (only with your consent)
• Send you SMS messages if you have opted in to our SMS programme
• Respond to your enquiries and provide customer support
• Improve and optimise our website and services
• Comply with legal obligations and enforce our terms
• Detect and prevent fraud and abuse

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, our legal basis for collecting and using your personal information depends on the data concerned and the context in which we collect it:

• Contract: Processing necessary to fulfil a purchase you have made with us.
• Consent: Where you have given us explicit consent to process your data (e.g., subscribing to our email list or SMS programme).
• Legitimate Interests: Where processing is necessary for our legitimate business interests, such as improving our services and preventing fraud.
• Legal Obligation: Where we are required to process your data to comply with applicable law.

4. Email Marketing (Mailchimp)

We use Mailchimp (The Rocket Science Group LLC) to manage our email marketing. When you subscribe to our list, your email address and name are stored on Mailchimp's servers. Mailchimp is GDPR-compliant and acts as a data processor on our behalf.

You may unsubscribe from our email list at any time by clicking the "Unsubscribe" link at the bottom of any email we send, or by contacting us directly. We comply with the CAN-SPAM Act and will honour all unsubscribe requests promptly.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. Cookies are small data files placed on your device. We use:

• Essential cookies: Required for the website to function correctly.
• Analytics cookies: To understand how visitors interact with our website (anonymised data).
• Marketing cookies: To deliver relevant advertisements and track campaign performance.

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our website.

6. Sharing Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your information with trusted service providers who assist us in operating our website and conducting our business, including:

• Stripe: Payment processing
• Mailchimp: Email marketing and list management
• Analytics providers: Website analytics (anonymised)

All third-party service providers are contractually obligated to keep your information confidential and use it only for the purposes for which we disclose it to them.

We may also disclose your information where required by law, to protect our rights, or in connection with a business transfer.

7. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law. Specifically:

• Email subscriber data: Until you unsubscribe or request deletion
• Purchase records: 7 years (for tax and legal compliance)
• Contact form submissions: 2 years
• Analytics data: Up to 26 months (anonymised)

8. Your Rights

GDPR Rights (EEA and UK Residents)

If you are located in the EEA or UK, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Restrict Processing: Request that we limit how we use your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

CCPA Rights (California Residents)

If you are a California resident, you have the right to know what personal information we collect, the right to request deletion of your personal information, the right to opt out of the sale of your personal information (we do not sell personal information), and the right not to be discriminated against for exercising these rights.

To exercise any of these rights, please contact us at the details provided in Section 11.

9. Children's Privacy

Our website is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately and we will take steps to delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States. Where we transfer data from the EEA or UK to countries without an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses to protect your information.

11. Security

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing any personal information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of our website after any changes constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

If you are located in the EEA or UK and believe we have not addressed your concerns adequately, you have the right to lodge a complaint with your local data protection authority.