Privacy Policy and Data Protection Notice
Last updated: 18 May 2026. Version 1.0.
THIS PRIVACY POLICY DESCRIBES HOW AUDDICT COLLECTS, USES, STORES, AND DISCLOSES YOUR PERSONAL DATA WHEN YOU ACCESS OUR WEBSITE, PURCHASE PRODUCTS, SUBSCRIBE TO COMMUNICATIONS, OR OTHERWISE INTERACT WITH OUR SERVICES. BY USING THE WEBSITE YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS POLICY. IF YOU DO NOT AGREE, YOU MUST NOT USE THE WEBSITE OR PROVIDE PERSONAL DATA TO US.
1. Introduction and Data Controller
Auddict (“we”, “us”, “our”) is committed to processing personal data in accordance with applicable data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. For the purposes of such legislation, Auddict acts as the data controller in respect of personal data described in this Privacy Policy (“Policy”).
This Policy applies to personal data collected through auddict.com and all subdomains, in connection with product purchases, account registration, newsletter subscriptions, support enquiries, and general Website use. If you have any questions about this Policy or wish to exercise your data protection rights, please contact us using the support button at the bottom of this page.
2. Categories of Personal Data Collected
Depending on your interaction with us, we may collect and process the following categories of personal data. Not all categories will apply to every user.
2.1 Data You Provide Directly
- Account information: name, email address, password (stored in hashed form where applicable), and related credentials when you create or maintain an Auddict account at account.auddict.com.
- Purchase and transaction information: name, email address, billing address, order history, and transaction identifiers when you purchase a Product. Payment card details are collected and processed exclusively by our merchant of record (FastSpring); we do not receive or store your full payment card number.
- Marketing communications: email address and associated subscription preferences when you opt in to our mailing list or newsletter.
- Support and correspondence: any information you voluntarily provide when contacting us via the support button or other channels, including message content and attachments.
2.2 Data Collected Automatically
- Usage and technical data: pages visited, session duration, referring URLs, browser type and version, device type, operating system, and similar technical identifiers.
- IP address and location-derived data: collected for analytics, security monitoring, fraud prevention, and approximate geolocation (country/region level) where available.
- Cookies and similar technologies: as described in Section 7 below.
3. Purposes and Lawful Bases for Processing
We process personal data only where we have a valid lawful basis under UK GDPR. The table below sets out the principal purposes and corresponding lawful bases. Where processing is based on legitimate interests, we have assessed that such interests are not overridden by your rights and freedoms.
| Purpose of Processing | Lawful Basis (UK GDPR Art. 6) |
|---|---|
| Fulfilling orders, delivering digital Products, and providing download or account access | Performance of a contract (Art. 6(1)(b)) |
| Creating and administering your Auddict account | Performance of a contract (Art. 6(1)(b)) |
| Sending transactional communications (order confirmations, delivery notifications) | Performance of a contract (Art. 6(1)(b)) |
| Sending marketing newsletters and promotional communications | Consent (Art. 6(1)(a)) — withdrawable at any time |
| Website analytics, performance monitoring, and service improvement | Legitimate interests (Art. 6(1)(f)) |
| Advertising measurement and conversion tracking (e.g. Meta Pixel) | Consent (Art. 6(1)(a)) — via cookie consent mechanism |
| Fraud prevention, security, and abuse detection | Legitimate interests (Art. 6(1)(f)) |
| Responding to support requests and enquiries | Legitimate interests / performance of a contract (Art. 6(1)(f) / (b)) |
| Compliance with legal, tax, and regulatory obligations | Legal obligation (Art. 6(1)(c)) |
4. Recipients and Categories of Third Parties
We do not sell, rent, or trade your personal data. We may disclose personal data to the following categories of recipients, strictly to the extent necessary for the purposes described in this Policy:
- FastSpring (Bright Market, LLC) — payment processor and merchant of record; processes payments, calculates tax, and maintains transaction records under its own privacy policy.
- Email marketing service providers — manage newsletter subscriptions and dispatch marketing communications on our behalf, subject to your consent where required.
- Analytics providers — assist in understanding Website usage; data is aggregated or pseudonymised where practicable.
- Advertising platforms — conversion tracking and measurement (including Meta Pixel), activated only following your consent via our cookie banner.
- Hosting and infrastructure providers — including Cloudflare (hosting, CDN, and security services).
- Support and ticketing platforms — to receive, manage, and respond to your support requests.
Each recipient processes data either as our processor (under contract) or as an independent controller under its own terms. We require appropriate contractual safeguards where data is transferred outside the United Kingdom.
5. International Transfers
Certain of our service providers are located outside the United Kingdom, including in the United States. Where personal data is transferred to a country not subject to an adequacy decision, we implement appropriate safeguards, which may include: (a) UK International Data Transfer Agreement or Addendum to EU Standard Contractual Clauses; (b) the UK Extension to the EU-US Data Privacy Framework, where applicable; or (c) other mechanisms recognised under UK data protection law. You may request further information regarding applicable safeguards by contacting us using the support button at the bottom of this page.
6. Retention Periods
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Indicative retention periods are as follows:
- Purchase and transaction records: seven (7) years from the date of transaction, for tax and accounting compliance.
- Account data: for the duration of account activity plus a reasonable period thereafter to permit reactivation or resolve disputes.
- Newsletter subscriptions: until you unsubscribe or withdraw consent.
- Analytics data: in aggregated or anonymised form for up to twenty-six (26) months, after which it is not linked to identifiable individuals.
- Support correspondence: up to three (3) years following resolution of the enquiry.
7. Cookies and Similar Technologies
The Website uses cookies, web beacons, and similar tracking technologies. A cookie is a small text file stored on your device. We use cookies to operate the Website, remember preferences, analyse traffic, and (with your consent) measure advertising effectiveness.
7.1 Cookie Categories
| Category | Purpose and Description | Consent |
|---|---|---|
| Strictly necessary | Required for core Website functionality, including cookie consent storage, session management, and security. Cannot be disabled without impairing operation. | Not required |
| Analytics | Collect aggregated information about how visitors use the Website (pages viewed, traffic sources, session duration) to improve performance and content. | Required |
| Marketing / advertising | Used for conversion tracking and measurement of advertising campaigns (including Meta Pixel). May involve cross-site tracking by third parties. | Required |
7.2 Managing Your Preferences
On your first visit, a cookie consent banner will be displayed requesting your consent for non-essential cookies. You may accept, reject, or customise preferences. Your choice is stored so the banner will not reappear on subsequent visits unless you clear cookies or change settings via the cookie settings link in the Website footer. You may also manage cookies through your browser settings; disabling certain cookies may limit Website functionality.
8. Your Rights Under UK GDPR
Subject to applicable law and certain exceptions, you have the following rights in respect of your personal data:
- Right of access (Art. 15) — to obtain confirmation of processing and a copy of your personal data.
- Right to rectification (Art. 16) — to request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17) — to request deletion, subject to legal retention obligations.
- Right to restrict processing (Art. 18) — to request limitation of processing in specified circumstances.
- Right to data portability (Art. 20) — to receive data in a structured, commonly used, machine-readable format where processing is based on contract or consent and carried out by automated means.
- Right to object (Art. 21) — to object to processing based on legitimate interests, and to object at any time to processing for direct marketing.
- Right to withdraw consent — where processing is based on consent, without affecting the lawfulness of processing prior to withdrawal.
To exercise any of these rights, please contact us using the support button at the bottom of this page. We will respond within one (1) month, subject to extension where permitted by law. We may request verification of your identity before processing your request.
If you remain dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority, at ico.org.uk.
9. Children
Our Products and services are not directed at individuals under eighteen (18) years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us using the support button at the bottom of this page and we will take steps to delete it promptly.
10. Third-Party Embeds and Content
The Website may embed audio, video, or other content from third-party platforms (including YouTube, Vimeo, and SoundCloud). Such embeds may cause those third parties to collect data about you in accordance with their own privacy policies. Where available, we use privacy-enhanced embedding modes (e.g. youtube-nocookie.com). We do not control third-party data practices.
11. Security Measures
We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, or destruction, including encryption in transit (HTTPS/TLS), access controls, and periodic review of security practices. Notwithstanding the foregoing, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
12. Changes to This Policy
We may update this Policy from time to time. The revised version will be posted on this page with an updated “Last updated” date. Material changes may, where appropriate, be communicated via email or prominent notice on the Website. Your continued use of the Website following publication of changes constitutes acknowledgment of the revised Policy.
13. Contact and Registered Office
For privacy-related enquiries or to exercise your data protection rights, please contact us using the support button at the bottom of this page.
Auddict — Morrit House, 54–60 Station Approach, South Ruislip, United Kingdom, HA4 6SA.