Privacy Policy

Revised Privacy Policy

Privacy Policy Effective Date: February 10, 2026

1. Introduction This Privacy Policy explains how spennypiggy.cc (the “Platform”) collects, uses, stores, discloses, and protects your personal information (“Personal Data”). By accessing or using the Platform, you consent to the practices described here. If you do not agree, please do not use the Platform. We are committed to protecting your privacy in compliance with applicable laws, including the UK General Data Protection Regulation (UK GDPR) and other relevant regulations.

We act as the data controller for Personal Data collected through the Platform. For questions, contact us at miliao@brattys.cc

2. Information We Collect We collect the following types of Personal Data:

  • Account and registration data: Name, email address, username, password, and other details you provide when creating an account or page.
  • Transaction and payment data: Details related to purchases of digital products (e.g., courses, podcasts, guides) or wishlist items, processed securely via Stripe. We do not collect or store sensitive payment information (e.g., full card numbers, CVV)—this is handled directly by Stripe.
  • User-generated content: Descriptions, digital product details, or wishlist items you upload or create.
  • Usage and analytics data: IP address, browser type, device information, pages visited, time spent, referral sources, and interaction data (collected via cookies and similar technologies).
  • Communication data: Emails or messages you send to us.

We collect this to provide services, process transactions, improve the Platform, and comply with legal obligations.

3. How We Use Your Information We use Personal Data for:

  • Providing and maintaining the Platform (e.g., account management, page creation, wishlist sharing).
  • Processing payments and subscriptions for digital products and wishlist purchases via Stripe.
  • Communicating with you (e.g., account updates, transaction confirmations, support responses).
  • Improving services, detecting fraud, enhancing security, and analyzing usage trends.
  • Enforcing our Terms of Use and complying with legal requirements.

Our lawful bases under UK GDPR include: contract performance (for account/services), legitimate interests (e.g., fraud prevention, improvements), legal obligations, and consent (where applicable, e.g., marketing emails).

4. Data Sharing and Disclosure We do not sell your Personal Data. We may share it with:

  • Stripe (our payment processor) for transaction processing, fraud prevention, and compliance—subject to Stripe's Privacy Policy and Data Processing Agreement.
  • Service providers (e.g., hosting, analytics, email tools) who process data on our behalf under strict contracts.
  • Legal authorities if required by law, to protect rights/safety, or in response to valid requests.

Personal Data may be transferred to, processed, and stored outside the UK (e.g., in the US or other countries by Stripe or providers). Such transfers use appropriate safeguards (e.g., UK International Data Transfer Agreement or adequacy decisions). For details, see Stripe's policies.

5. Data Security We implement reasonable technical and organizational measures (e.g., encryption, access controls, secure hosting) to protect Personal Data from unauthorized access, loss, or misuse. However, no system is completely secure—use strong passwords and report suspicious activity. Stripe handles payment security under PCI DSS standards.

6. Data Retention We retain Personal Data only as long as necessary:

  • Account data: While your account is active, plus a reasonable period after deletion for backups/legal reasons.
  • Transaction data: As required by law (e.g., tax/anti-money laundering, typically 6-7 years).
  • Analytics/usage data: Up to 2 years or anonymized sooner.

Upon account deletion request, we delete or anonymize data except where legally required to retain it.

7. Your Rights Under UK GDPR (and similar laws), you may have rights to:

  • Access your Personal Data.
  • Correct inaccurate data.
  • Delete data (right to be forgotten).
  • Restrict processing.
  • Object to processing (e.g., for legitimate interests).
  • Data portability.
  • Withdraw consent (where used).

To exercise rights, email miliao@brattys.cc. We respond within one month (extendable if complex). You can complain to the UK Information Commissioner's Office (ICO) at https://ico.org.uk/ or ico@ico.org.uk.

8. Cookies and Tracking Technologies We use cookies, pixels, and similar tools for functionality, analytics, and performance. Essential cookies are necessary; others improve experience (e.g., remembering preferences). Manage settings via your browser or our cookie banner (if implemented). Disabling may limit features. For details, see our Cookie Policy (add if separate).

9. Children's Privacy The Platform is not intended for individuals under 18. We do not knowingly collect data from children under 18. If we learn of such collection, we will delete it promptly.

10. Changes to This Privacy Policy We may update this Policy to reflect changes in practices or law. Post updates here with a revised effective date. Continued use after changes constitutes acceptance. Review periodically.

 

11. Contact Us For privacy questions, rights requests, or concerns: Email: miliao@brattys.cc