Order details, amounts, currency, and payment status from Stripe, Gumroad, or our bank. We do not store full card numbers.
communications
Forms, support messages and files you send us.
usage and device data
Pages viewed, browser and device info, and events for basic analytics.
marketing data
Newsletter status and preferences.
sponsor data
Contact details and creative assets for booked placements.
note
We do not seek special category data.
4. sources of data
You give it to us when you subscribe, ask for a call, or buy.
We collect it automatically through cookies and tags, after consent where required.
We receive limited purchase data from Stripe, Gumroad, or your bank.
5. why we use data and legal bases
Deliver and support purchases. Contract.
Run the site and keep it secure. Legitimate interest.
Analytics to improve content, after consent where required. Consent.
Marketing by email with your opt in, or soft opt in for similar offers to recent buyers where law allows. Consent or legitimate interest.
Tax and accounting. Legal obligation.
5A. one page data map
notes
We do not collect special category data on purpose.
Essential cookies run on legitimate interest. Analytics and marketing run only after consent.
You can refuse non essential cookies and the site will still work.
6. cookies and tracking
We use Cookiebot by Usercentrics to collect and log consent.
Cookie groups are essential, analytics, and marketing.
We use Google tags with Consent Mode version two Basic. Tags adapt to your choices.
You can change your choices at any time through the footer link.
We honor Global Privacy Control where required.
7. sharing with vendors
We use vendors as processors. They act on our instructions.
Examples include Cookiebot, Google Analytics, Google Tag Manager, Google Workspace, Stripe, PayPal, our bank, our host Loopia AB, Sitebuilder, and similar tools we add from time to time.
We do not sell your personal data.
8. international transfers
Some vendors are outside the European Union, or use servers outside the European Union.
When we transfer data, we rely on an adequacy decision, or on the EU Standard Contractual Clauses with extra measures where needed.
9. retention
We keep personal data only as long as needed for the stated purpose, or to meet law, then delete or anonymize it.
Accounting and tax records are kept for seven years from year end.
Files needed to establish, exercise, or defend legal claims are kept for up to ten years for B2B work, and at least three years for consumer matters, or longer if a claim is open.
Consent records are kept for about twelve months, then renewed.
GA4 user level analytics are kept for up to fourteen months.
Suppression lists are kept as long as needed to honor opt outs.
10. your rights
You can ask for a copy of your data. You can ask us to correct it.
You can ask us to delete it, or to restrict some uses, where the law allows.
You can object to processing based on legitimate interest, or direct marketing.
You can withdraw consent at any time.
We respond within one month, and may extend by two months for complex requests.
11. is data provision required
If you buy from us, we need identity, contact, and billing data to perform the contract. If you do not provide it, we cannot deliver.
For analytics and marketing, you can refuse. The site will still work with essential cookies only.
12. automated decisions
We do not make decisions about you that are based only on automated processing, and that have legal, or similar, significant effects.
13. security
We use access control, multi factor sign in, encryption in transit, encryption at rest, backups, and vendor reviews. No method is perfect. We monitor incidents and act to reduce risk.
14. contractors
We use vetted contractors. Access is role based and logged. Each contractor signs confidentiality and data terms. We remain responsible for their work.
15. children
Our content is for adults. We do not knowingly collect data from anyone under eighteen.
16. international users
United States. If a state privacy law applies to you, you may have rights to know, access, delete, correct, and opt out of sale or sharing. Use our contact details to make a request. We do not sell or share personal data as those laws define it.
