PRIVACY POLICY

PRIVACY POLICY

Last Updated: 12 June 2026

This Privacy Policy explains how DEATH DOULA LTD, a private limited company incorporated in England and Wales (Company Number 17171845), with its registered office at 54 Mead Way, High Wycombe, England, HP11 1RH ("Company", "we", "us", or "our") collects, stores, uses, discloses, and protects your personal data when you use our website, purchase digital courses, use paid digital services (including the AI-assisted chat), or otherwise interact with our platform (the "Platform").

We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. DATA CONTROLLER

DEATH DOULA LTD is the data controller responsible for personal data collected through the Platform.

Email: [email protected]

Where professional training requires admission to or certification by an affiliated non-profit organisation, that organisation may process separate application or certification data as an independent controller under its own documents. DEATH DOULA LTD processes only the information necessary to provide platform access, course administration, payment confirmation, and technical support.

2. THE DATA WE COLLECT ABOUT YOU

We practice data minimization and only request information that is necessary to provide our digital services. We collect and process the following categories of personal data:

Identity & Account Data: when you register an account, we collect your email address and a securely hashed password. We do not request your full name, phone number, or date of birth during ordinary account registration.
Application Data: if you submit an application form on the Platform (for example, for a course with admission requirements), we may collect your full name, country, city, educational background, and motivation text.
Transaction & Checkout Data: for purchases we store the transaction amount, currency, locale, origin domain, timestamp, payment status, and provider-level transaction identifiers.
AI Chat Data: messages you send to the AI-assisted chat and the responses generated, together with thread metadata (timestamps, usage counters). See Section 5 for details.
Technical & Usage Data: IP address, browser type and version, user agent string, operating system, and security/diagnostic logs collected automatically to ensure application security and stability.
Communication Preferences: if you sign up for our newsletter, we store your email address, language locale, and topic preferences.

Data we do not collect:

No financial card data: we never collect, view, transmit, or store your credit/debit card numbers, CVV/CVC codes, or expiration dates.
No crypto credentials: we do not collect private keys, seed phrases, or crypto wallet credentials.
Shipping data: we do not collect shipping data unless you purchase a product that requires physical delivery.

3. HOW YOUR PERSONAL DATA IS COLLECTED

Direct interaction: you provide your email, password, application details, and chat messages by using forms and features on the Platform.
Automated technologies: as you interact with the Platform, we automatically collect technical data via server logs and browser storage (see our Cookie Policy).
Third parties: when you complete a transaction, we receive payment confirmation data from our payment providers.

4. PAYMENT PROCESSORS

Stripe (card and other supported fiat payments, including recurring subscription billing). When you pay by card, our backend creates a Stripe Hosted Checkout Session and redirects your browser to Stripe's infrastructure, where all card details are entered. We receive and store only provider-level identifiers (such as Checkout Session IDs, PaymentIntent IDs, or customer tokens) and payment status confirmations transmitted via cryptographically signed webhooks. For auto-renewing subscriptions, Stripe stores your payment method and processes renewal charges on our instruction.

NOWPayments (cryptocurrency payments). NOWPayments is used to process cryptocurrency payments. We do not collect private keys, seed phrases, or crypto wallet credentials. We may receive limited payment metadata, such as transaction status, transaction identifier, amount, currency, timestamp, and provider reference.

5. AI CHAT AND NEURODOULA DATA

5.1. The Platform includes an AI-assisted informational chat ("AI Chat"). Because of the nature of our subject matter, you may choose to enter emotionally sensitive text, including information about grief, illness, or loss. You decide what information you share; we ask that you do not enter personal data of third parties without a lawful basis.

5.1a. Special category data: information you choose to provide may include special category data under the UK GDPR, such as health-related information. We do not require you to provide such data unless clearly indicated. Where you provide such data through AI Chat or related features, we process it only to provide the requested service, maintain safety and security, and comply with applicable law, relying on your explicit consent given by submitting the information, or another applicable lawful basis under Article 9 UK GDPR.

5.2. Storage of conversations: your chat messages and the generated responses are stored in your account as conversation threads so that you can return to them. Usage counters (for daily fair-use limits) are also stored.

5.3. External AI provider: to generate responses, your messages are transmitted to a third-party AI model provider acting as our processor. We use providers that state they do not use API content to train their general-purpose models, unless otherwise disclosed to you.

5.4. No model training by us: we do not use your chat content to train machine-learning models.

5.5. Access: chat content is accessible to you and to a limited number of authorised personnel strictly for support, security, and abuse-prevention purposes, under confidentiality obligations.

5.6. Your controls: you may request deletion or export of your chat history at any time by contacting [email protected]; see Section 9 for your rights.

5.7. Not a crisis service: AI Chat is not an emergency, crisis-intervention, or medical service. If you are in immediate danger, contact your local emergency services.

6. PURPOSES AND LEGAL BASIS FOR PROCESSING

Performance of a contract: to register your account, manage course enrolments and paid access, process payments and renewals, deliver digital content, and provide the AI Chat service you purchased.
Legitimate interests: to maintain system security, prevent fraud and abuse, keep audit and diagnostic logs, and ensure the operational integrity of the Platform.
Consent: to send newsletters or promotional updates where you have opted in (you can withdraw at any time via the unsubscribe link), and to set non-essential cookies (see Cookie Policy).
Legal obligation: to retain transaction records for tax and accounting purposes.

7. DATA RETENTION

We retain personal data only as long as necessary for the purposes described, including legal, accounting, and reporting requirements. Indicative retention periods:

Account data (email, password hash, preferences): while your account is active; deleted or anonymised within 12 months of verified account deletion request.
Payment and transaction records: 6 years from the transaction (UK tax and accounting requirements).
Course progress and quiz results: while your account is active and access entitlement is retained.
Certificates of completion: retained while your account is active; certificate issuance records up to 6 years for verification purposes.
AI Chat conversation data: while your account is active or until you delete the thread or request erasure.
Technical and security logs: up to 12 months, unless needed for an ongoing security investigation.
Marketing preferences and newsletter data: until you unsubscribe or withdraw consent; your email is then retained on a suppression list solely to ensure we do not contact you again, unless you re-subscribe.

Account deactivation: when an account is deactivated, the profile is marked inactive to prevent malicious re-registration and to protect transaction history. For complete erasure of your account and profile data (subject to legal retention of transaction records), submit a request to [email protected].

8. DATA SHARING

We share personal data only with:

payment providers (Stripe, NOWPayments) for payment processing;
an AI model provider, as processor, to generate AI Chat responses;
cloud infrastructure and email delivery providers, as processors;
the affiliated non-profit organisation, only where you apply for professional certification and only the data needed for that purpose;
public authorities where required by law.

We do not sell personal data.

9. YOUR LEGAL RIGHTS

Under the UK GDPR, you have the right to:

request access to your personal data;
request correction of incomplete or inaccurate data;
request erasure of your personal data (subject to legal retention constraints on transaction records);
object to processing or request restriction of processing;
request transfer of your data to another party (data portability);
withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at [email protected]. We respond to all legitimate requests within one calendar month.

Right to complain: you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk. We would appreciate the chance to address your concerns first, but you may contact the ICO at any time.

10. INTERNATIONAL TRANSFERS

Our operations use global cloud infrastructure. Whenever we transfer data outside the UK or EEA, we ensure an adequate level of protection through appropriate safeguards, including the UK International Data Transfer Agreement or standard data protection clauses approved by the UK ICO and, where relevant, the European Commission.

11. SECURITY

We apply technical and organisational measures appropriate to the risk, including encrypted transport (HTTPS), hashed passwords, HttpOnly session cookies with rotation and revocation, role-based access control for administrative functions, and audit logging of administrative actions.

12. CHILDREN

The Platform is not intended for children under 18, and accounts and purchases are limited to persons aged 18 or over. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us at [email protected] and we will delete it.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date, and material changes will be notified through the Platform or by email.

14. CONTACT

DEATH DOULA LTD

Company Number: 17171845 (England and Wales)

Registered Office: 54 Mead Way, High Wycombe, England, HP11 1RH

Email: [email protected]