Privacy policy.
Last updated: 9 June 2026
This Privacy Policy explains how Aieutics ("we", "us") collects and processes personal data through the website aieutics.com.
1. Data controller
Aieutics, operated by Alexandra Najdanovic, Major Draper Street, Lodnon United Kingdom. Contact: hello@aieutics.com.
2. What we collect and why
Contact form submissions. When you use the contact form, we collect your name, email address, and the content of your message. We use this to respond to your enquiry and, where relevant, to take pre-contract steps at your request. Legal basis: legitimate interests and pre-contract steps (UK GDPR Art. 6(1)(b) and (f)). We retain these messages for 24 months after our last contact, then delete them.
Purchases. When you purchase a paid resource, Stripe collects your name, email, billing details, and payment information directly. We receive a confirmation of the transaction (name, email, amount, date) but never see or store your card details. Legal basis: performance of a contract and compliance with a legal obligation (UK GDPR Art. 6(1)(b) and (c)). We retain transaction records for 6 years to meet HMRC requirements.
Site usage. We use Squarespace Analytics and Vercel Analytics to understand how the site is used (pages visited, approximate location, device type). Squarespace Analytics uses first-party cookies. Vercel Analytics is cookieless and uses a hashed daily visitor identifier with no personal data. Legal basis: legitimate interests (UK GDPR Art. 6(1)(f)), with consent for non-essential cookies under PECR. Retention: 14 months (Squarespace), 30 days (Vercel).
Server logs. Our hosting providers (Squarespace, Vercel, GitHub) automatically log technical information such as IP address, browser type, and request timestamps for security, abuse prevention, and service delivery. Legal basis: legitimate interests (UK GDPR Art. 6(1)(f)). Retention is set by each provider.
We do not sell personal data, profile users, or use automated decision-making.
3. Who we share data with
Data is shared with the following processors, each bound by a data processing agreement:
Squarespace, Inc. (US) — website hosting, analytics, contact form storage.
Stripe Payments UK Ltd / Stripe, Inc. (UK/US) — payment processing. Stripe acts as an independent controller for card data.
Vercel, Inc. (US) — hosting of certain resources, anonymous analytics.
GitHub, Inc. (US) — hosting of certain resources.
Google LLC (Google Workspace, US) — email correspondence and contact form forwarding.
4. International transfers
Squarespace, Stripe, Vercel, GitHub, and Google process data in the United States. Transfers rely on the UK Extension to the EU-US Data Privacy Framework where the provider is certified, and otherwise on the UK International Data Transfer Agreement (IDTA) or the International Data Transfer Addendum to the EU Standard Contractual Clauses.
5. Your rights
Under the UK GDPR and the Data Protection Act 2018, you have the right to access, rectify, erase, restrict, port, or object to processing of your personal data, and to withdraw consent where processing is based on consent. To exercise these rights, contact [CONTACT EMAIL]. We respond within one month.
You may lodge a complaint with the Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, .
6. Security
We use providers with industry-standard security practices (TLS encryption, access controls). Payment data is handled exclusively by Stripe and never stored on our servers.
7. Changes
We may update this policy. The "last updated" date above reflects the current version. Material changes will be notified by a banner on the site.