Privacy Policy
1. Data Controller
The controller responsible for the processing of your personal data is:
Ari Leavesley, trading as Pushing Squares
United Kingdom (sole trader; no registered company)
Privacy contact: ari@pushingsquares.com
Data Protection Officer: None appointed. The scale and nature of processing on this site does not meet the Art. 37(1) thresholds for mandatory DPO designation. Imprint and full service-provider information: Legal Notice.
2. Scope
This policy describes how Ari Leavesley processes personal data when you use pushingsquares.com — including purchasing plugins via Stripe Checkout, creating or using a locker account, downloading plugin binaries, sending a contact-form message, accepting or declining the cookie banner, or simply browsing the site. It applies to all data subjects whose personal data is processed in connection with the site.
3. Personal Data Collected
| Category | Specific items |
|---|---|
| Contact data | Email address you enter on the contact form |
| Submission content | Subject and message body you write on the contact form |
| Uploaded files | Any files or images you attach to a contact form message, and the contents of those files |
| Third-party data inside uploads | Names, faces, addresses, or messages of other people that appear in your screenshots, recordings, or documents (see warning below) |
| Account data | Email address, salted-hashed password (bcryptjs), account creation timestamp, last login timestamp |
| Purchase data | Stripe customer ID, payment method brand and last-4 digits, invoice IDs, amounts paid, currency, country of card, billing email |
| Order data | Plugin SKU(s) purchased, order timestamp, fulfilment status |
| Download data | Download token IDs, salted IP hash + user-agent at download time (anti-piracy), download timestamp |
| Technical data | Salted hash of your IP address (not the raw IP), user-agent string |
| Consent records | Timestamp of consent given, value of the ps_consent cookie |
| Analytics (with consent only) | Anonymous PostHog events and page views. No autocapture, no IP retention, no cross-site identifiers. |
Card numbers, CVCs, and full PANs never reach Pushing Squares servers. Payment is collected by Stripe-hosted Checkout and only tokenised references return to us.
Sources (Art. 14(2)(f))
Directly from you, via the contact form, cookie banner, account registration, and checkout. From your browser, in the case of technical data and analytics events.
Third-party personal data in uploads. If a file you upload contains other people’s personal data, Ari becomes a controller for that data too. Please redact names, faces, addresses, and messages that aren’t relevant before uploading. If someone identifiable in an upload contacts Ari directly, their data will be deleted on request regardless of the underlying retention schedule.
Special category data. Please do not upload special category data within the meaning of Art. 9 UK GDPR (health, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, sex life or sexual orientation). If special category data is received unsolicited, it will be deleted on sight and not used for any purpose.
4. Purposes and Legal Bases
| # | Purpose | Data categories | Legal basis | Retention |
|---|---|---|---|---|
| 1 | Receive and read your contact-form submission | Email, subject, body, uploads | Consent (Art. 6(1)(a)) | 12 months from last contact, then deleted. Uploads: 30 days. |
| 2 | Email follow-up to your contact-form message | Email, subject, body | Consent (Art. 6(1)(a)) | Same as row 1 |
| 3 | Operate the site (hosting, edge delivery via Vercel) | Standard web request metadata | Legitimate interests (Art. 6(1)(f)) | Per Vercel’s processor retention |
| 4 | Detect and block abusive or automated submissions | Salted IP hash, user-agent | Legitimate interests (Art. 6(1)(f)) | 90 days |
| 5 | Anonymous analytics (PostHog) | Anonymous events, page views | Consent (Art. 6(1)(a)) — only after Accept on cookie banner | PostHog defaults; deletion on request within 30 days |
| 6 | Demonstrate consent under Art. 7(1) | ps_consent cookie value, consent timestamp | Legal obligation (Art. 6(1)(c)) | As long as the related cookie choice exists |
| A | Operate locker accounts (sign-up, login, password reset) | Account data | Contract (Art. 6(1)(b)) | Until account deletion + 30 days |
| B | Process plugin purchases | Purchase, Order, Account | Contract (Art. 6(1)(b)) | Per row D (HMRC) |
| C | Issue receipts, deliver download link, transactional emails | Account email, Order | Contract (Art. 6(1)(b)) | Per row D |
| D | Tax and accounting record retention | Purchase, Order, billing email | Legal obligation (Art. 6(1)(c)) — UK HMRC | 6 years from end of relevant tax year |
| E | Fraud prevention on purchases | Purchase, salted IP hash, UA | Legitimate interests (Art. 6(1)(f)) | 12 months |
| F | Anti-piracy on plugin downloads | Download data | Legitimate interests (Art. 6(1)(f)) | 30 days |
| G | Respond to contact-form messages requiring legitimate-interest handling | Contact form data | Legitimate interests (Art. 6(1)(f)) | 12 months from last contact |
Withdrawal of consent (Art. 7(3)): You can withdraw consent at any time by emailing ari@pushingsquares.com. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. Withdrawal is processed within 30 days.
Legitimate Interests Assessments (Art. 6(1)(f))
Row 3 — Hosting (Vercel).
- Interest: Operating a secure, available site.
- Necessity: Hosting is required to serve the site.
- Balancing: Vercel operates under an Art. 28 DPA. Data passing through is the minimum needed. Low impact.
Row 4 — Spam and abuse prevention.
- Interest: Maintaining the integrity of a public submission form.
- Necessity: Some signal is required to detect repeat abuse; pseudonymised IP (salted hash) is the minimum effective.
- Balancing: IP is hashed, never stored raw. Retained 90 days only. No cross-site identifiers. Low impact on the data subject.
Row E — Fraud prevention on purchases.
- Interest: Preventing chargeback fraud and stolen-card abuse on plugin purchases.
- Necessity: Minimal pseudonymised signal is needed to detect repeat abuse.
- Balancing: IP is hashed, never raw. 12-month limit. No cross-site identifiers. Low impact on legitimate customers.
Row F — Anti-piracy on plugin downloads.
- Interest: Protecting paid plugin downloads from token sharing and unauthorised redistribution.
- Necessity: A per-download record is needed to invalidate abused tokens and detect mass-distribution events.
- Balancing: Salted IP hash only. 30-day limit. Never tied to identity beyond the order ID.
Row G — Contact-form messages.
- Interest: Answering customer questions efficiently.
- Necessity: Requires the sender’s email and message content.
- Balancing: Deletion on request, 12-month auto-purge. Low impact.
5. Recipients of Personal Data
Personal data is processed on Ari’s behalf by the following processors, each under a written data processing agreement that meets the requirements of Art. 28 UK GDPR.
| Recipient | Role | Purpose | Country |
|---|---|---|---|
| Vercel Inc. | Processor (Art. 28) | Hosting and edge delivery | United States |
| Neon Inc. | Processor (Art. 28) | Postgres database; stores accounts, orders, contact-form submissions | United States (US-East) |
| Cloudflare, Inc. | Processor (Art. 28) | Object storage (R2) for plugin binaries and download delivery; bot challenge (Turnstile, where used); admin access gating (Access, where used) | United States / North America |
| Stripe, Inc. | Processor (Art. 28) | Payment processing, hosted checkout, fraud signals (Radar), refunds | United States |
| PostHog Inc. | Processor (Art. 28) | Anonymous analytics; loads only after cookie consent | United States |
Personal data is not shared with anyone outside these processors except where required by law or with your explicit prior written permission.
What is not done with your data:
- Submissions are not used to train AI models.
- Data is not sold.
- Data is not used for advertising.
6. International Data Transfers
All processors above are based in the United States. Transfers from the UK rely on the UK Extension to the EU-US Data Privacy Framework (the “UK-US Data Bridge”) for processors that are certified, supplemented by Standard Contractual Clauses where appropriate.
| Recipient | Country | Mechanism | Verified at |
|---|---|---|---|
| Vercel | United States | UK Extension to the EU-US Data Privacy Framework (DPF-certified) + SCCs as fallback | https://vercel.com/docs/security/compliance |
| Neon | United States | UK Extension to the EU-US Data Privacy Framework (DPF-certified) | https://neon.com/blog/gdpr-compliance-and-neon |
| Cloudflare | United States | UK Extension to the EU-US Data Privacy Framework (DPF-certified) + SCCs | https://www.cloudflare.com/trust-hub/gdpr/ |
| Stripe | United States | UK Extension to the EU-US Data Privacy Framework (DPF-certified) + SCCs as fallback | https://stripe.com/legal/dpa |
| PostHog | United States | UK Extension to the EU-US Data Privacy Framework (DPF-certified) + SCCs | https://posthog.com/dpa |
A transfer impact assessment has been conducted with reference to each processor’s published security and disclosure posture. You may request a copy of the safeguards relied on by contacting ari@pushingsquares.com.
7. Retention
Personal data is retained only for as long as necessary for the purposes described in Section 4. Specific periods are listed in the table in Section 4. Additional retention notes:
- Purchase and invoice records: 6 years from end of the relevant tax year (HMRC statutory).
- Account data: until account deletion + 30 days.
- Download tokens and download log entries: 30 days.
Where a basis is consent, you can request earlier deletion at any time and it will be actioned within 30 days.
8. Your Rights
Subject to the conditions in UK GDPR, you have the following rights:
- Right of access (Art. 15)
- Right to rectification (Art. 16)
- Right to erasure / “right to be forgotten” (Art. 17)
- Right to restriction of processing (Art. 18)
- Right to data portability (Art. 20)
- Right to object (Art. 21)
- Right not to be subject to a solely automated decision (Art. 22)
- Right to withdraw consent at any time (Art. 7(3))
- Right to lodge a complaint with a supervisory authority (Art. 77)
To exercise any of these, email ari@pushingsquares.com. Responses are provided within 30 days.
9. Automated Decision-Making and Profiling
No solely automated decision-making, including profiling, that produces legal effects or similarly significant effects is carried out.
10. Cookies and Similar Technologies
A small ps_consent cookie records your choice on the cookie banner. Anonymous PostHog analytics load only after you click Accept. Full enumeration and details: Cookie Policy.
11. Changes to This Policy
The version and effective date at the top reflect the latest revision. Material changes will be communicated via a banner at the top of this page for 30 days.
12. Contact and Complaints
Questions or complaints about this policy: ari@pushingsquares.com.
You also have the right to lodge a complaint with a supervisory authority. The lead supervisory authority for this site is the Information Commissioner’s Office (ICO), ico.org.uk.
Full service-provider information: Legal Notice.