privacy policy

Last updated: 27 January 2026.

This Privacy Notice explains how we collect, use, store and share personal information when you visit our website, join our membership, purchase products, sign up to emails, or contact us.

1) What personal information we collect

Information you give us

  • Identity & contact details: name, email address, and any details you provide via forms/messages

  • Account & membership details: account login details, subscription status, member activity related to access (e.g., whether you have an active subscription)

  • Purchase details: what you bought, date/time of purchase, receipts/invoices, transaction references

  • Support & communications: emails/messages you send us.

Information collected automatically

When you browse our site, we may collect:

  • Device and usage data: IP address, browser type, device info, pages viewed, approximate location (from IP), and how you navigate the site

  • Cookie and tracking data: via cookies and similar technologies (see Cookies).

Payment information

Payments are processed via Squarespace Payments. We do not store your full card details on our own systems.

2) How we use your information (and our lawful bases)

UK GDPR requires us to have a lawful basis for processing. We use Contract, Legitimate interests, Consent, and Legal obligation, depending on the context.

A) To provide your membership and deliver purchases

What we do: create and manage your member access, deliver digital content, manage logins, and provide customer support.

Lawful basis: Contract (to provide what you’ve purchased).

B) To take payment and keep business records

What we do: process transactions, send receipts, administer refunds if applicable, and keep accounting records.

Lawful basis: Contract and Legal obligation (accounting/tax).

C) To respond to enquiries and provide support

What we do: respond to messages, troubleshoot access issues, handle complaints.

Lawful basis: Legitimate interests (running our business and helping customers) and sometimes Contract.

D) To send marketing emails via Flodesk

What we do: send newsletters, updates, and promotional emails if you opt in.

Lawful basis: usually Consent (you can unsubscribe at any time).

E) To analyse and improve our website (Google Analytics and Squarespace Analytics)

What we do: understand how people use our site, improve content and performance.

Lawful basis: typically Consent where analytics cookies are used (depending on your cookie banner settings).

F) To measure advertising performance (Meta Pixel)

What we do: measure ad performance, build audiences, and improve ad relevance.

Lawful basis: typically Consent for marketing cookies/pixels.

3) Who we share your information with

We share personal information only where needed to run the site and deliver services:

  • Squarespace (website hosting, member areas, and Squarespace Payments)

  • Flodesk (email marketing list management and email delivery)

  • Google (Google Analytics)

  • Meta (Meta Pixel / Meta Business Tools)

  • Professional advisers (e.g., accountant) where necessary

  • Authorities where required by law

These providers act as “processors” (handling data on our instructions) and/or independent controllers for certain processing (for example, payment providers and ad platforms).

4) International transfers

Some of our providers may process personal data outside the UK. Where that happens, we use providers who offer appropriate safeguards for international transfers (for example, contractual safeguards and other measures depending on the provider).

5) How long we keep your information

We keep personal information only as long as needed for the purposes described above.

Typical retention:

  • Membership/account data: while your account is active, plus up to 24 months after cancellation/inactivity (for support and admin)

  • Purchase and payment records: up to 6 years.

  • Marketing email data (Flodesk): until you unsubscribe or we remove inactive contacts

  • Support emails/messages: typically 24 months after the issue is resolved.

6) Cookies, analytics, and pixel tracking

We use cookies and similar technologies for:

  • Essential site functionality (e.g., security, login/session, preferences)

  • Analytics (Google Analytics)

  • Marketing (Meta Pixel)

Where required, we ask for your consent via a cookie banner/preferences tool before placing non-essential cookies (analytics/marketing). The ICO expects clear cookie information and consent where applicable.

Cookie settings: You can change your choices at any time via your browser settings.

7) Security

We use reasonable technical and organisational measures to protect personal information. No method of transmission or storage is 100% secure, but we take data security seriously.

8) Your rights (UK GDPR)

You may have the right to:

  • access your personal data

  • correct inaccurate data

  • request deletion (in certain circumstances)

  • restrict or object to processing

  • data portability (in certain circumstances)

  • withdraw consent at any time (where consent is the lawful basis), including for marketing.

To exercise your rights, email hello@rosycontentclub.co.uk

Complaints

You can complain to the UK Information Commissioner’s Office (ICO) if you’re unhappy with how we handle your data.

9) Children

Our website and membership are not intended for children and we do not knowingly collect personal data from children.

10) Third-party links

Our website may link to third-party websites (e.g., Instagram, payment pages). We’re not responsible for their privacy practices. Please review their privacy policies separately.

11) Changes to this notice

We may update this Privacy Notice from time to time. The latest version will always be posted on this page with the updated date at the top.

12) Contact

Email: hello@rosycontentclub.co.uk

Data controller: The Rosy Content Club

Address: Camargue Place, Godalming, GU7 1JQ, England.