Calm in the Chaos

Privacy Policy

Last updated: 20 April 2026

Calm in the Chaos (“I”, “me”, “the shop”) is a small UK-based business operated by Kayla at calm-in-the-chaos.co.uk. This policy explains what data I collect, why, and how it’s handled. It’s written in plain English on purpose.

Who the data controller is

Calm in the Chaos, UK. For any data question, contact hello@calm-in-the-chaos.co.uk.

What I collect, and why

When you buy something

  • Your name and email address — given to me by Payhip so I can send you your download link and answer questions about your order.
  • Order details (product bought, price, date, order number) — kept for accounting and tax records.
  • Your country and VAT rate — Payhip passes this on so I can comply with digital-goods VAT rules.

I do not see or store your card details. Payment processing is handled by Stripe (and optionally PayPal) through Payhip; your card information goes directly to them and never touches my systems.

When you visit the site

  • Basic analytics (which pages you visit, how you got to the site, roughly where in the world you are). Collected by Google Analytics / Plausible in aggregate — no names attached.
  • Cookies set by Payhip on the shop page so the buy buttons work.

When you email me

  • Your email address and whatever you’ve written to me, kept for as long as needed to answer you and for a reasonable period after in case you reply.

How long I keep it

  • Order records: 6 years (UK tax and accounting law requires this)
  • Email conversations: up to 2 years, then deleted unless there’s a reason to keep them
  • Analytics data: anonymous and aggregated; individual browsing data isn’t retained beyond the analytics provider’s own retention policy

Who I share it with

Only the tools that make the shop work:

  • Payhip — storefront and checkout (payhip.com/privacy)
  • Stripe — card processing (stripe.com/privacy)
  • PayPal — alternative card processing, if you use it (paypal.com/privacy)
  • My email host — for receiving and sending emails
  • Google Analytics / Plausible — traffic analytics

I do not sell or share your data with anyone for marketing or advertising purposes. Ever.

Your rights under UK GDPR

You have the right to:

  • Ask what data I hold on you
  • Ask me to correct it if it’s wrong
  • Ask me to delete it (subject to the 6-year legal retention on tax records)
  • Opt out of any marketing emails (if you ever sign up to a list — there isn’t one yet)
  • Complain to the ICO (ico.org.uk) if you think I’ve mishandled your data

To do any of the above, email hello@calm-in-the-chaos.co.uk. I’ll respond within 30 days.

Changes to this policy

If I change this policy, I’ll update the date at the top. If the change is significant (not just a wording fix), I’ll note what changed at the bottom of this page for 90 days.

Contact

hello@calm-in-the-chaos.co.uk