Privacy Policy

Introduction

We respect your privacy and are committed to protecting your personal information. This policy applies to anyone interacting with our website, products, and services, including podcast listeners and blog readers. It explains how we collect, use, and safeguard your data when you interact with our website, services, and products. We comply with UK data protection law, including the UK GDPR and the Data Protection Act 2018.

You can download a PDF version of the policy here: Privacy Policy

1. Important information

This Privacy Policy explains how Sarah & Maude collects and processes your personal data through your use of this website and your interactions with us, including when you sign up for newsletters, make purchases, or use our free or paid services.

This website is not intended for children, and we do not knowingly collect data relating to children.

Please read this Privacy Policy alongside any other privacy notice we may provide on specific occasions when collecting or processing your personal data. This policy supplements those notices and does not override them.

Data Controller

Sarah and Maude, operated by Sarah Phelps, is the data controller responsible for your personal data (referred to as “Sarah and Maude”, “we”, “us”, or “our” in this Privacy Policy).

Contact details

Website: www.sarahandmaude.com
Email: hello@sarahandmaude.com

For the purposes of UK data protection law, we are responsible for how your personal data is collected and used. If you have any questions about this Privacy Policy or your personal data, please email us.

You also have the right to complain to the Information Commissioner’s Office (ICO) at any time (www.ico.org.uk), though we would appreciate the opportunity to resolve any concerns directly first, so please contact us in the first instance.

Changes to the privacy policy and your duty to inform us of changes  

We may update this policy from time to time. The latest version will always be available on this page.

This version was last updated on 30th September 2025.

It is important that the personal data we hold about you is accurate and current. Please let us know if your personal data changes during your relationship with us.

Third-party links

Our website may include links to third-party websites, plug-ins, and applications. Clicking on these links or enabling those connections may allow third parties to collect or share data about you. We are not responsible for the privacy practices of these third-party sites. When leaving our website, we encourage you to read their privacy policies.

2. The data we collect 

We may collect and process the following categories of personal data:

  • Identity data – your first name, last name, and any username or title you provide.

  • Contact data – your email address, billing and delivery addresses, and phone number.

  • Transaction data – details of any products or services you order through our website (payments are processed securely by Stripe; we do not store your card or full payment details).

  • Technical data – information about your internet protocol (IP) address, device type, operating system and platform, browser type and version, location and time zone.

  • Usage data – information about how you use our website, products, and services.

  • Marketing and communications data – your preferences in receiving marketing and communications.from us and our service providers (e.g., Flodesk).

  • Aggregated or anonymised data – such as website traffic statistics, which cannot identify you personally. This data is not considered personal data under UK law.

3. How we collect your personal data

Some information is collected automatically, other information is provided directly by you. We collect personal data in the following ways:

  • Direct interactions – when you place an order, sign up for our newsletter, or contact us via forms or email.

  • Automated technologies – as you interact with our website, we may collect information automatically through cookies, server logs, and analytics tools, including Squarespace analytics and Google Analytics.

  • Third parties – from our service providers who help us deliver our services, such as Stripe (for payment processing), Flodesk (for email newsletters), and embedded content providers (e.g., Spotify, YouTube, Instagram).

This approach ensures we can provide our services effectively, understand how our website is used, and communicate with you in line with your preferences.

4. How we use your personal data

We process your data based on contractual necessity, consent, legitimate interests, or legal obligations, depending on the purpose. We use the personal data we collect for the following purposes:

  • To process and deliver your orders – including managing payments securely via Stripe and fulfilling physical or digital products or services (Contract).

  • To communicate with you – responding to enquiries, sending transactional emails, or providing updates about our services (Contract / Legitimate Interest).

  • To send marketing communications – such as newsletters or other updates, if you have given your consent via Flodesk (Consent).

  • To improve our website and services – using Squarespace analytics and Google Analytics to understand website use and enhance your experience (Legitimate Interest).

  • To comply with legal obligations – such as tax, accounting, or other statutory requirements (Legal Obligation).

We only use personal data for purposes that are compatible with the purposes for which it was collected. Where processing is based on consent, you can withdraw consent at any time by unsubscribing or contacting us.

5. Marketing and Promotions

We may use your personal data to send you marketing communications, such as newsletters, updates, or promotions, only if you have consented to receive them (for example, by signing up via a form).

You can unsubscribe or update your preferences at any time:

  • Click the “unsubscribe” link in any email we send, or

  • Contact us directly at hello@sarahandmaude.com

We will never share your contact details with third parties for marketing purposes without your consent.

6. Cookies and Automated Tools

We use cookies and similar technologies to improve your experience on our website, analyse site usage, and serve relevant content. For more information on how we use cookies and how to manage them, see our Cookie Policy.

You can manage cookies through your browser settings or via the cookie banner on our site, though some functionality may be affected.

7. Change of Purpose

We will only use your personal data for the purposes stated in this Privacy Policy. If we need to use your data for any new purposes, we will notify you and, where necessary, obtain your consent.

8. Disclosure of your personal data

We will not sell your personal data. We may share your data with trusted third parties who help us provide our services, including:

  • Payment providers – Stripe, to process transactions securely

  • Email marketing platform – Flodesk, to send newsletters and updates

  • Website platform and analytics – Squarespace and Google Analytics, for site hosting, functionality, and performance insights

  • Delivery and postal providers – to send physical products or materials

  • Embedded content providers – such as Spotify, YouTube, Instagram

Some of these providers may process data outside the UK/EEA. Where this happens, they are required to provide appropriate safeguards, such as Standard Contractual Clauses, to protect your data.


We may also disclose your data:

  • Where required by law or regulation

  • To protect our rights, property, or safety, or that of our users or others

9. International transfers

Some of our third-party providers are based outside the UK/EEA. Their processing of your personal data may involve a transfer internationally. Where this happens, they implement safeguards such as Standard Contractual Clauses to ensure your data is protected to the same standard as within the UK.

10. Data security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it. Access to your personal data is limited to authorised personnel and service providers who need it to provide our services. All third-party providers we use are required to maintain strong security standards. While we take reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure.



11. Data retention

We retain your personal data only as long as necessary for the purposes we collected it, or as required by law. Examples include:

  • Order and payment records – retained for at least 6 years for tax and accounting purposes

  • Newsletter subscriptions – retained until you unsubscribe or request deletion

  • General enquiries – retained for up to 12 months unless needed for ongoing services

Any anonymised or aggregated data is retained indefinitely for analytics purposes, as it does not identify you personally.

We regularly review the data we hold and securely delete or anonymise any information that is no longer required.

12. Your legal rights

Under UK data protection law, you have the following rights regarding your personal data:

  • Request access – you can request a copy of the personal data we hold about you (commonly known as a “data subject access request”).

  • Request correction – you can ask us to correct any inaccurate or incomplete data we hold.

  • Request deletion – you can request that we delete your personal data where we no longer need it or where processing is based on consent.

  • Restriction of processing – you can request that we limit how we use your data in certain circumstances.

  • Objection to processing – you can object to the processing of your data for marketing or where processing is based on legitimate interest.

  • Data portability – you can request a copy of your data in a structured, machine-readable format for transfer to another provider.

  • Withdraw consent – you can withdraw consent to processing at any time (for example, marketing emails via Flodesk).

To exercise any of these rights, please contact us at hello@sarahandmaude.com.

You also have the right to make a complaint to the Information Commissioner’s Office (ICO) if you are unhappy with how we handle your data: www.ico.org.uk. We would, however, appreciate the chance to resolve any concerns directly first, so please contact us in the first instance.