Last Updated: March 2026
This Privacy Policy explains how Elaine Malone trading as XOmisse (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit xomisse.com (the “Site”), purchase our digital products, or engage our 1-1 services.
We are committed to protecting your privacy in accordance with the UK GDPR and the Data Protection Act 2018. For the purposes of these regulations, Elaine Malone is the Data Controller.
1. The Data We Collect
We collect and process the following categories of data:
- Identity & Contact Data: Name and email address provided when you subscribe to our newsletter, download free resources, or contact us for services.
- Financial & Transaction Data: When you purchase products, payments are processed by LemonSqueezy (our Merchant of Record). We do not store your credit card details. We receive confirmation of your purchase, your name, email, and geographic location (for tax compliance).
- Technical Data: Your IP address, browser type, and operating system, collected via cookies managed by our Complianz plugin.
- Client Data: Any business-related information, credentials, or assets you share with us during a 1-1 design or marketing project. We recommend the use of secure password-sharing tools (e.g., LastPass or 1Password) rather than sending credentials via email.
2. Lawful Basis for Processing
Under the UK GDPR, we only process your data where we have a legal reason to do so:
- Consent: When you explicitly sign up for our newsletter via Kit.
- Contractual Necessity: When we need your data to deliver a product you bought or to complete a 1-1 service project.
- Legitimate Interests: To respond to inquiries, improve our website, and ensure our Site remains secure.
- Legal Obligation: To maintain records for UK tax (HMRC) purposes.
3. Third-Party Processors & International Transfers
We use a small number of trusted third-party services to run our business. Some of these are based outside the UK (primarily in the USA):
- Kit (formerly ConvertKit): Our email marketing provider.
- LemonSqueezy: Our merchant of record for digital sales.
- Google Analytics: For anonymised website traffic analysis.
International Transfers: Where data is transferred to the USA, we ensure it is protected by the UK-US Data Bridge or via Standard Contractual Clauses (SCCs) with the UK Addendum, ensuring your data receives a level of protection equivalent to that in the UK.
4. Data Security & Retention
- Security: We use secure, password-protected systems and encrypted connections (HTTPS) to protect your data.
- Retention (Newsletter): We keep your email data for as long as you remain a subscriber. You can unsubscribe at any time via the link in our emails.
- Retention (Financial): We are required by UK law to keep records of financial transactions for 6 years for tax purposes.
- Retention (Client Projects): We retain 1-1 project files for the duration of our contract plus a reasonable period thereafter for support or insurance purposes.
5. Your Legal Rights
Under UK data protection law, you have the right to:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request that we fix any inaccurate information.
- Erasure: Request that we delete your data (the “right to be forgotten”).
- Object/Restrict: Object to our processing of your data for marketing purposes.
- Withdraw Consent: Where we rely on consent (e.g., newsletters), you can withdraw it at any time.
To exercise these rights, please contact us at contact@xomisse.com.
6. Cookies
Our Site uses cookies to enhance your experience. These are managed by the Complianz plugin. You can view our full Cookie Policy and adjust your preferences at any time via the “Cookie Settings” link in our footer.
7. Complaints
If you have concerns about how we use your data, please contact us first so we can resolve the issue. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection (www.ico.org.uk).