Privacy Policy

    Last Updated: 30 November 2025

    1. Introduction

    StopNightmares.org ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

    Data Controller: Dr. Justin Havens
    Email: support@stopnightmares.org

    2. Information We Collect

    Personal Information

    We may collect the following personal information:

    • Name and email address (when you create an account or make a purchase)
    • Payment information (processed securely through Stripe)
    • Programme progress and usage data
    • Communication history (emails, support requests)

    Technical Information

    • IP address and browser type
    • Device information and operating system
    • Pages visited and time spent on our site
    • Referral source and navigation patterns

    3. How We Use Your Information

    We use your information for the following purposes:

    • To provide and deliver the programme you have purchased
    • To process payments and send transaction confirmations
    • To respond to your questions and provide customer support
    • To send programme updates and important service announcements
    • To improve our website and services based on usage analytics
    • To comply with legal obligations and enforce our Terms of Service

    4. Legal Basis for Processing (GDPR & UK GDPR)

    Under GDPR and UK GDPR, we process your data based on:

    • Contract Performance: To deliver the programme you purchased
    • Legitimate Interest: To improve our services and prevent fraud
    • Consent: For marketing communications (where required)
    • Legal Obligation: To comply with tax and accounting requirements

    5. Data Sharing and Third Parties

    We may share your information with:

    • Payment Processors: Stripe (for secure payment processing)
    • Hosting Providers: Lovable Cloud/Supabase (for data storage)
    • Email Services: For transactional and programme-related emails
    • Legal Authorities: When required by law or to protect our rights

    We do not sell or rent your personal information to third parties for marketing purposes.

    6. Cookies and Tracking Technologies

    We use cookies and similar tracking technologies to enhance your experience. For detailed information, please see our Cookie Policy.

    7. Your Rights Under GDPR & UK GDPR

    You have the following rights:

    • Right to Access: Request a copy of your personal data
    • Right to Rectification: Correct inaccurate or incomplete data
    • Right to Erasure: Request deletion of your data (subject to legal obligations)
    • Right to Restrict Processing: Limit how we use your data
    • Right to Data Portability: Receive your data in a structured format
    • Right to Object: Object to processing based on legitimate interests
    • Right to Withdraw Consent: Withdraw consent for marketing communications

    To exercise any of these rights, please contact us at support@stopnightmares.org. We will respond within 30 days.

    8. Data Retention

    We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Programme access data is retained for the lifetime of your account. Financial records are kept for 7 years in accordance with UK tax regulations.

    9. Data Security

    We implement appropriate technical and organizational measures to protect your data, including encryption, secure servers, and access controls. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

    10. International Data Transfers

    Your data may be transferred to and stored on servers located outside the UK/EEA. We ensure that appropriate safeguards are in place, such as Standard Contractual Clauses, to protect your data.

    11. Children's Privacy

    Our services are intended for individuals aged 16 and over. We do not knowingly collect data from children under 16 without parental consent. If you believe we have collected such data, please contact us immediately.

    12. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our website. Continued use of our services after changes constitutes acceptance of the updated policy.

    13. Contact Us & Complaints

    For questions about this Privacy Policy or to exercise your rights, please contact:
    Email: support@stopnightmares.org

    You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or your local data protection authority.