Legal

Privacy Policy

Last updated: 17 March 2025 · Effective: 17 March 2025

Pyyrah Plus is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you visit our website, purchase our digital products, or otherwise interact with us.

This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU GDPR where applicable. Please read this policy carefully.

1. Who We Are

Data Controller: Pyyrah Plus
Registered in: England & Wales
Contact email: [INSERT EMAIL ADDRESS]
Registered address: [INSERT REGISTERED OR SERVICE ADDRESS]

If you have any questions about how we handle your personal data, please contact us at the email above.

2. What Data We Collect

2.1 Data You Provide Directly

  • Full name
  • Email address
  • Billing address
  • Payment information (processed securely via Stripe — we do not store card details)
  • Any information you provide when contacting us or completing forms

2.2 Data Collected Automatically

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent on our website
  • Referring website or source
  • Cookie data (see Section 10)

2.3 Data From Third Parties

  • Purchase and transaction data from Stripe (our payment processor)
  • Analytics data from Google Analytics
  • Marketing engagement data (email opens, clicks) from our email service provider

3. How We Use Your Data

3.1 To Fulfil Your Purchase

Legal basis: Contract

  • Process and confirm your order
  • Provide access to purchased digital products
  • Send receipts, invoices, and order confirmations
  • Handle refund requests where applicable

3.2 To Communicate With You

Legal basis: Contract / Legitimate Interest

  • Respond to enquiries and support requests
  • Send important notices relating to your account or purchases

3.3 Marketing Communications

Legal basis: Consent

  • Send you emails about new products, offers, and content — only where you have opted in
  • You may withdraw consent at any time by clicking ‘unsubscribe’ in any marketing email

3.4 To Improve Our Services

Legal basis: Legitimate Interest

  • Analyse website usage to improve user experience
  • Monitor the performance of our products and marketing
  • Detect and prevent fraud or misuse

3.5 Legal Obligations

Legal basis: Legal Obligation

  • Comply with tax and financial reporting requirements
  • Respond to lawful requests from regulatory authorities

4. Legal Bases for Processing

Under UK GDPR, we must have a lawful basis to process your personal data. The bases we rely on are:

  • Contract — processing necessary to fulfil your purchase or provide the service you requested
  • Legitimate Interests — processing for our business purposes where your rights and freedoms are not overridden
  • Consent — where you have actively opted in (e.g. marketing emails)
  • Legal Obligation — where we are required to process your data by law

5. Data Sharing & Third-Party Processors

We do not sell your personal data. We share your data only with trusted third parties who help us deliver our services, under strict data processing agreements.

Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the ICO or the UK International Data Transfer Agreement (IDTA).

ProcessorPurposeLocationSafeguard
KajabiCourse hosting and membership platformUnited StatesStandard Contractual Clauses
StripePayment processingUnited StatesStandard Contractual Clauses
Google AnalyticsWebsite analyticsUnited StatesStandard Contractual Clauses
[INSERT EMAIL PROVIDER]Email marketing[location]Standard Contractual Clauses / IDTA

6. Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this policy:

Data TypeRetention Period
Purchase and transaction records7 years (HMRC requirement)
Account and access dataDuration of membership + 12 months
Marketing dataUntil unsubscribe or withdrawal of consent
Website analytics data26 months (Google Analytics default)
Support correspondence2 years

7. Your Rights Under UK GDPR

As a data subject in the UK (or EU), you have the following rights. To exercise any of these rights, please contact us at [INSERT EMAIL ADDRESS]. We will respond within 30 days and may need to verify your identity before fulfilling any request.

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your data, subject to legal obligations.

Right to Restriction

Request that we limit how we use your data.

Right to Data Portability

Receive your data in a machine-readable format.

Right to Object

Object to processing based on legitimate interests or direct marketing.

We do not currently use automated profiling or decision-making.

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.

8. International Transfers

Pyyrah Plus is based in the UK and primarily processes data within the UK and EEA. Some of our third-party processors are based in the United States. Where this is the case, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) as approved by the ICO
  • The UK International Data Transfer Agreement (IDTA) where applicable
  • Adequacy decisions where relevant

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include:

  • SSL/TLS encryption on our website and checkout
  • Secure payment processing via Stripe (PCI-DSS compliant)
  • Access controls limiting who within our team can access personal data
  • Regular review of our data processing practices

No method of electronic transmission or storage is 100% secure. If you believe your data has been compromised, please contact us immediately.

10. Cookies

Our website uses cookies to enhance your experience, analyse traffic, and support our marketing. You will be asked for your consent to non-essential cookies when you first visit our website.

The types of cookies we use include:

  • Essential cookies — necessary for the website to function (cannot be disabled)
  • Analytics cookies — help us understand how visitors use our site (e.g. Google Analytics)
  • Marketing cookies — used to track and improve the effectiveness of our advertising (e.g. Meta Pixel)

For full details, please see our separate Cookie Policy.

11. Children's Privacy

Pyyrah Plus is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will take prompt steps to delete it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the ‘Last updated’ date at the top of this page and, where appropriate, notify you by email.

Continued use of our website or services after any changes constitutes your acceptance of the updated policy.

13. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data:

  • Email: [INSERT EMAIL ADDRESS]
  • Address: [INSERT REGISTERED OR SERVICE ADDRESS]
  • Website: [INSERT WEBSITE URL]

This policy is governed by the laws of England & Wales.

Questions about your data? We'll respond within 30 days.

Contact us about your data →