Privacy Policy
Last updated: 7 June 2026
Who we are
This Privacy Policy explains how Little Hearts ("we", "us") collects, uses and shares your personal data when you visit our website or use our subscription service. For the purposes of data protection law, Little Hearts is the data controller for the personal data described below.
What we collect and why
| Category | Examples | Why we use it |
|---|---|---|
| Account data | Name, email address, password (hashed) | To create and secure your account and provide the Service (contract performance). |
| Subscription data | Plan, subscription status, renewal date | To give you the correct access to content (contract performance). |
| Support messages | The content of your messages to us | To respond to your questions (legitimate interests). |
| Usage & device data | Pages viewed, device type, browser, IP address | Security, fraud prevention, and improving the Service (legitimate interests). |
| Marketing preferences | Whether you've opted into emails | To send occasional updates if you've asked us to (consent). |
Payment details (card number, billing address, tax ID) are collected and processed by Paddle, not by us. See "Who we share data with" below.
Cookies
We use a small number of essential cookies to keep you signed in and to remember your preferences. If we add analytics or marketing cookies, we'll ask for your consent and you'll be able to manage them at any time.
Who we share data with
- Paddle — our Merchant of Record for the sale of subscriptions, subscription management, payments, tax compliance, invoicing, and refunds. Paddle collects payment data directly from you at checkout. Paddle privacy policy.
- Service providers we rely on to run the Service (hosting, database, email delivery, customer support tooling) under written contracts that require them to protect your data.
- Professional advisers (legal, accounting) where strictly necessary.
- Authorities where we're required to share data by law.
How long we keep data
We keep account data for as long as your account is active, and for a reasonable period afterwards to comply with legal and accounting obligations. We delete or anonymise personal data when it is no longer needed.
International transfers
Some of our service providers (including Paddle) are based outside the UK and EEA. Where personal data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.
Your rights
Subject to the laws that apply to you, you have the right to access, correct, delete, restrict or object to our processing of your personal data, to data portability, and to withdraw consent at any time. You also have the right to lodge a complaint with your local data protection authority.
Security
We use appropriate technical and organisational measures — including encryption in transit, access controls, and least- privilege administration — to protect your personal data.
Changes to this notice
We may update this Privacy Notice from time to time. Material changes will be communicated by email or via the Service.
Contact
For privacy questions or to exercise any of your rights, contact us through the support form linked from the Service.