AuthorSHED is a brand of Stargazing Turtle Ltd, a company registered in England and Wales (Company No. 12985258), with its registered office at Union House, 111 New Union Street, Coventry, England, CV1 2NT.

This policy explains what personal data we collect through our websites, products, and services, how we use it, and the rights you have over it. We are the data controller for the information described here.

If anything in this policy is unclear, email us at ###contact###@dotauthorshed.dottools###.

---

1. Who this policy covers

This policy applies to your use of:

• Our websites at authorshed.tools and app.authorshed.tools
• Our marketing communications, including emails sent via MailerLite
• Our digital products, courses, workflows, quizzes, and downloadable resources
• Our course interest registration pages (registering interest is not the same as enrolling in a paid course; when paid courses launch, additional information will be provided at the point of enrolment)
• Our free live webinars and online events
• Our direct communication with you by email, WhatsApp, or Instagram messaging
• Any AuthorSHED-branded short link at go.authorshed.tools
• Our link-in-bio page hosted on Linktree

References to "we," "our," and "us" mean Stargazing Turtle Ltd acting under the AuthorSHED brand.

---

2. The data we collect

We collect only what we need to run AuthorSHED and serve you well.

Information you give us directly:

• Your name and email address when you register interest in a course, download a free resource, register for a webinar, join a community space, or contact us
• Your answers to surveys, quizzes, and feedback forms
• Any content or information you include in emails, support requests, or messages to us

Information from purchases:

When you buy a digital product, our sales platform Payhip collects the information needed to process your order and handle any applicable VAT. Payhip acts as merchant of record for these transactions. Payment card details go to Payhip directly; we do not see or store them.

From Payhip, we receive: your name, email, billing country, order ID, product purchased, purchase date, and the amount paid. We use this information to fulfil your order, provide customer service, handle refunds where applicable, and meet UK tax record-keeping requirements.

We may send you transactional emails related to your purchase, such as order confirmations, download links, or product-specific welcome messages. These are part of delivering what you bought and are separate from marketing emails.

Information collected automatically:

• Language preference and locale (en-GB, en-US, pl), set by you or derived from your browser
• Approximate country, derived from your IP address by our service providers for regional display and compliance purposes
• Basic technical information such as browser type, device type, and pages visited, collected in aggregated form by our hosting provider
• Email engagement data, such as whether you opened a message or clicked a link, provided by our email platform
• Click data on our branded short links, provided by our link platform

We do not knowingly collect data from children under 16. Our services are not directed at children.

---

3. How we use your data

We use your data for specific purposes, each with a legal basis under UK GDPR.

To deliver what you asked for. If you register interest, request a free download, register for a webinar, or buy a product, we use your name and email to send what you signed up for and to follow up where that is part of the service, including the welcome sequence for any free resource you received. Legal basis: performance of a contract, or steps taken at your request before entering one.

To send you marketing communications. If you consent, we send you updates about AuthorSHED products, resources, events, and occasional surveys that shape what we build next. You can unsubscribe at any time. Legal basis: consent.

To shape our products through surveys and quizzes. When you complete one of our surveys or quizzes, we use your answers to understand our audience and improve what we offer. Legal basis: consent.

To fulfil paid orders and meet tax obligations. We keep records of purchases for customer service, refunds where applicable, and UK tax compliance. Legal basis: performance of a contract, and legal obligation.

To provide customer support. If you email us, we use your message and contact details to reply and keep a record of the conversation. Legal basis: performance of a contract, or our legitimate interest in running our business responsibly.

To operate and protect our services. We use technical data to run our websites, prevent abuse, investigate technical problems, and keep our services secure. Legal basis: our legitimate interest in running a secure and reliable service.

We do not sell your data. We do not share it with third parties for their own marketing.

---

4. Email communications

We use MailerLite to send our emails. This includes free resource delivery, welcome sequences, webinar invitations, course updates, surveys, and general newsletters to people who have signed up to hear from us.

Our marketing emails are sent from ###hello###@dotauthorshed.dottools###. You can reply to that address and we will read it. For anything formal, privacy-related, or time-sensitive, use ###contact###@dotauthorshed.dottools###.

If you contact us for support or a general enquiry, we will not add your email to our marketing list. You only receive marketing from us if you have separately signed up for it.

Every marketing email includes a one-click unsubscribe link. When you unsubscribe, we stop sending you marketing emails but your record stays in our system in an inactive state. If you change your mind, you can rejoin by submitting our signup form again.

If you ask us to delete your data entirely, we will remove your record from our marketing systems. We keep a minimal internal note of your email address so we do not accidentally email you again if your address re-enters our systems through another route. You can ask us to remove even this note, but we cannot then prevent re-contact if your address arrives again from elsewhere.

MailerLite collects engagement data for emails we send, such as opens and clicks, to help us understand what is useful to our audience and improve future communications.

---

5. Surveys, quizzes, and prefilled links

When we send you a survey or quiz, the link in the email may include your name and email as URL parameters so you do not have to re-type them. These fields are prefilled but editable, and the information is passed to our survey platform along with the rest of your answers. You can change or remove them before submitting.

Survey and quiz responses are stored with our survey platform and may be transferred to our cloud database for aggregation and analysis. We use responses to understand our audience and shape our products. After twelve months, we pseudonymise individual responses and keep only the aggregated insights.

---

6. Short links

Our branded short links at go.authorshed.tools are provided by Short.io. When you click a short link, Short.io records the click, including the IP address of the requesting device, for aggregated click statistics and fraud prevention. We may use this data to understand which of our campaigns are reaching people. We do not use it to profile you or match it to your identity.

Our short links may carry UTM parameters that identify the campaign source, so we can see which channel brought you to a particular page. UTM parameters are visible in the URL; they do not contain personal data about you.

---

7. AI-assisted products

Our products teach and guide the use of third-party AI tools such as Claude, ChatGPT, and Gemini. When you follow our prompts using one of these tools, you are using that provider's service directly, subject to their terms and privacy policy. We do not see, store, or process your prompts or the AI's responses, unless you choose to share them with us for support.

When our own web application at app.authorshed.tools uses AI on your behalf, separate product-specific information will be provided at the point of use, including what data is sent to AI providers, whether it is retained, and whether it is used to train models. We choose AI providers that do not train on customer data by default.

---

8. Cookies, local storage, and similar technologies

Our main websites use only technologies that are strictly necessary, or that fall within the statistical purposes exception under UK law (the Data Use and Access Act 2025), which allows us to understand how our services are used without identifying individual visitors.

What we use today:

• Essential form storage. When you submit a form, our email platform places a small identifier in your browser's local storage so your submission can be recorded correctly. This is necessary for the form to work.
• Privacy-respecting website analytics. Our hosting provider (Vercel) collects aggregated visitor statistics that do not identify individuals and do not rely on cookies. Because this data is aggregated and not linked to you personally, there is nothing to opt out of.
• Cloudflare security cookies. On some of our domains, Cloudflare sets strictly necessary cookies such as __cf_bm to protect against automated abuse. See section 10 for more on Cloudflare.
• Short link click logging. When you click a short link at go.authorshed.tools, the click is logged by our link platform. No cookies are set in your browser for this purpose.

What we do not use today:

We do not currently use Google Analytics, advertising cookies, or tracking pixels on our main websites. When this changes, we will update this policy and, where required by law, ask for your consent through a cookie banner before any non-essential storage takes place.

---

9. Webinars, WhatsApp, Instagram, and community spaces

Webinars and live events. When you register for a webinar, we add your email to our mailing list (via MailerLite). Live webinars are recorded, and the recording may be shared with registrants, used in our marketing, or repurposed as a recorded resource. If you turn on your camera or microphone during a webinar, anything you say or show is part of the recording. Our terms of service include the full terms for webinar participation.

WhatsApp. If you join a WhatsApp group we run, your phone number and messages are visible to other members of that group and are processed by WhatsApp under its own terms. We may use our WhatsApp groups to share updates about our products, services, events, and offers relevant to the group's purpose, as well as for direct support and one-to-one conversations where you have asked us to reach out. We do not send unsolicited marketing to anyone who has not joined a group or asked us to contact them directly. You can leave any group or ask us to stop messaging you at any time.

Instagram. If you message us on Instagram, our Instagram messaging automation platform (ManyChat) may respond on our behalf and record our conversation. Information you share in those messages, including any email address or preferences you provide, is processed by ManyChat and may be added to our contact systems if you have asked us to send you something or signed up for a resource.

Other community spaces. If we launch community spaces on other platforms in future, we will update this policy to reflect them.

Social media generally. When you interact with us on public social media platforms such as Instagram, Facebook, YouTube, X, LinkedIn, or TikTok, those platforms process your data under their own terms and privacy policies. We only see what the platform shows us. We recommend reviewing each platform's privacy settings to understand what you share with them.

---

10. Service providers we share data with

To run AuthorSHED, we use a small number of carefully chosen service providers. Each is bound by appropriate data protection terms. The main ones are:

• MailerLite (Ireland) — email marketing and delivery
• Payhip (United Kingdom) — product sales and payment processing, acting as merchant of record
• Vercel (United States, EU hosting regions) — website hosting and privacy-respecting analytics
• Cloudflare — DNS for our domains, and content delivery, redirection, and security on some of them (see below)
• A cloud database provider (EU region) — secure storage of application and survey data
• A survey and feedback platform — survey and quiz delivery and response collection
• Short.io (United States) — branded short link redirects and click tracking
• Linktree (Australia) — our link-in-bio page on social media profiles
• ManyChat (United States) — Instagram messaging automation
• WhatsApp (Meta Platforms Ireland) — group and direct messaging where you choose to use it

About Cloudflare. Cloudflare provides DNS resolution for all our domains. On some domains (currently authorshed.com, which redirects to our main site), Cloudflare also proxies traffic, which means it handles requests before they reach our servers. In this role, Cloudflare may process request metadata, including IP addresses, and may set strictly necessary security cookies such as __cf_bm to protect against automated abuse. We may extend our use of Cloudflare to additional domains in future for performance and security reasons. Cloudflare acts as our processor.

We will update this list when providers change. If a change is material, we will flag it when we notify you of the policy update.

---

11. International data transfers

Some of our service providers are based outside the United Kingdom. Where your data is transferred outside the UK or the European Economic Area, we rely on safeguards approved under UK GDPR, such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or adequacy decisions where they exist.

---

12. How long we keep your data

We keep data only as long as we need it for the purpose we collected it.

• Waitlist and interest contacts: until you unsubscribe or ask us to delete your data
• Customer order records: seven years, to meet UK tax record-keeping requirements
• Support correspondence: deleted within twenty-four months of the matter being resolved, unless you have an ongoing relationship with us, in which case we may keep it longer for continuity of service
• Survey and quiz responses: individual responses pseudonymised after twelve months; aggregated insights kept indefinitely
• Webinar recordings: kept for as long as they are useful for marketing or as recorded resources, typically no more than three years
• Unsubscribe record: kept indefinitely unless you request full removal

We may keep data longer if we have a legal obligation to do so, or delete it sooner if a longer period is no longer justified.

---

13. Security

We use reasonable technical and organisational measures to protect your data, including encryption in transit, access controls on our internal tools, and service providers selected for their security practices. No system is perfectly secure. If a breach occurs that is likely to affect your rights, we will notify you and the Information Commissioner's Office as required by law.

---

14. Your rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Rectify data that is inaccurate or incomplete
• Erase your data, subject to our legal retention requirements
• Restrict how we process your data in certain circumstances
• Object to processing based on our legitimate interests
• Data portability for data you gave us, where technically possible
• Withdraw consent at any time, without affecting processing we did before

To exercise any of these rights, email ###contact###@dotauthorshed.dottools###. We will respond within one month.

You also have the right to complain to the UK Information Commissioner's Office at ico.org.uk or by calling 0303 123 1113. If you live outside the UK, you can complain to your local data protection authority instead.

---

15. Changes to this policy

We may update this policy as our services grow or as the law changes. The version shown on this page is always the current one, and the effective date appears at the top.

For material changes, such as a change in what data we collect, how we use it, or who we share it with, we will notify current subscribers, customers, and community members at least fourteen days before the change takes effect, by email or in-platform message. For minor changes, we will update this page without separate notification.

Previous versions of this policy remain available for reference at /privacy/v1, /privacy/v2, and so on.

---

16. Contact

For privacy questions, rights requests, or any concern about how we handle your data: ###contact###@dotauthorshed.dottools###

For help with a product you have bought or downloaded, use ###support###@dotauthorshed.dottools###.