Privacy Policy
How we collect, use, and protect your personal information.
This Privacy Policy explains how Everything Art Ltd (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you visit our website www.everything-art.com (“the Site”) and use our services, including courses and subscription products.
We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data Controller
The data controller responsible for your personal data is:
Everything Art Ltd
Company number: 09111832
Registered address: Lower Stables, Main Street, Sudbury, Ashbourne, DE6 5HT, United Kingdom
Email: hello@everything-art.com
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us using the details above.
2. What Personal Data We Collect
We may collect and process the following types of personal data:
| Category | Examples |
|---|---|
| Identity data | First name, last name, username |
| Contact data | Email address, postal address |
| Account data | Username, password (encrypted), account preferences |
| Transaction data | Details of courses or subscriptions purchased, payment amounts, dates |
| Technical data | IP address, browser type and version, device type, operating system, time zone, referral source |
| Usage data | Pages visited, course progress, features used, time spent on pages |
| Marketing data | Email subscription preferences, communication opt-ins |
We do not collect any special category data (such as information about your health, ethnicity, religious beliefs, or political opinions).
If you choose not to provide personal data: You may browse our Site anonymously. However, if you do not provide certain personal data (such as an email address), you will not be able to register for an account, purchase courses, or subscribe to our services.
3. How We Collect Your Data
We collect personal data through the following means:
- Directly from you — when you create an account, purchase a course, subscribe to a service, sign up for our newsletter, fill in a contact form, or correspond with us by email.
- Automatically — as you navigate our Site, we may automatically collect technical and usage data using cookies and similar technologies (see Section 10 below).
- From third parties — we may receive data from our platform provider (Teachable), payment processor (Stripe), and email marketing service (Kit) in connection with services you have used.
4. Lawful Basis for Processing
Under UK GDPR, we must have a lawful basis for processing your personal data. The bases we rely on are:
| Purpose | Lawful Basis |
|---|---|
| Providing courses and subscriptions you have purchased | Performance of a contract |
| Processing payments | Performance of a contract |
| Managing your account | Performance of a contract |
| Sending transactional emails (order confirmations, access details) | Performance of a contract |
| Sending marketing emails and newsletters | Consent (you can withdraw at any time) |
| Improving our Site and services | Legitimate interest |
| Analysing Site usage and trends | Legitimate interest |
| Responding to enquiries and customer support | Legitimate interest |
| Complying with legal obligations (e.g. tax records) | Legal obligation |
5. How We Use Your Data
We use the personal data we collect for the following purposes:
- To provide our services — delivering courses, subscription content, digital magazines, and community features you have purchased or subscribed to.
- To process payments — handling transactions through our payment processor. We do not store your card details (see Section 7).
- To manage your account — maintaining your login, course progress, subscription status, and preferences.
- To communicate with you — sending order confirmations, course access details, subscription updates, and responding to enquiries.
- To send marketing communications — newsletters, product updates, and promotional offers, but only where you have opted in. You can unsubscribe at any time.
- To improve our services — analysing how our Site and courses are used to improve the experience for all users.
- To ensure security — protecting our Site and users from fraud, abuse, and unauthorised access.
6. Who We Share Your Data With
We do not sell, trade, or rent your personal data to third parties. We may share your data with the following service providers who process data on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Teachable | Course and subscription platform | Name, email, account data, course progress |
| Stripe | Payment processing | Payment and transaction data |
| Kit (formerly ConvertKit) | Email marketing and newsletters | Name, email, subscription preferences |
| Heyzine | Digital magazine delivery | Email (for magazine access) |
| Google Analytics | Website analytics | Anonymised usage and technical data |
These providers are contractually bound to process your data only as instructed by us and in accordance with applicable data protection laws. We may also disclose your data if required to do so by law or in response to a valid legal request.
7. Payment Security
All payment transactions are processed by Stripe. We do not have access to, store, or come into contact with your credit or debit card details. Stripe is PCI DSS Level 1 compliant, the highest level of certification available in the payments industry. For more information, see Stripe’s Privacy Policy.
8. How Long We Keep Your Data
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:
- Account data — retained for as long as your account is active, and for a reasonable period after closure to allow for reactivation or enquiries.
- Transaction records — retained for 6 years after the transaction date, as required by UK tax and accounting law.
- Marketing data — retained until you unsubscribe or withdraw consent. We will remove your data from our mailing lists promptly upon request.
- Technical and usage data — typically retained for up to 26 months.
When data is no longer needed, we will securely delete or anonymise it.
9. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
- Right of access — you can request a copy of the personal data we hold about you.
- Right to rectification — you can ask us to correct any inaccurate or incomplete data.
- Right to erasure — you can ask us to delete your personal data in certain circumstances (also known as the “right to be forgotten”).
- Right to restrict processing — you can ask us to limit how we use your data in certain circumstances.
- Right to data portability — you can request your data in a structured, commonly used, machine-readable format.
- Right to object — you can object to processing based on legitimate interests, including direct marketing.
- Right to withdraw consent — where we rely on consent (e.g. marketing emails), you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, please contact us at hello@everything-art.com. We will respond to your request within one month.
If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
ico.org.uk
Telephone: 0303 123 1113
10. Cookies
Our Site uses cookies — small text files placed on your device — to help us provide and improve our services. The types of cookies we use include:
| Type | Purpose | Examples |
|---|---|---|
| Essential | Required for the Site to function (login, security, checkout) | Session cookies, authentication cookies |
| Functional | Remember your preferences and settings | Language, display preferences |
| Analytics | Help us understand how visitors use the Site | Google Analytics |
| Marketing | Used to deliver relevant advertisements | Social media pixels (if applicable) |
Cookie consent: In accordance with the Privacy and Electronic Communications Regulations 2003 (PECR), when you first visit our Site you will be presented with a cookie consent banner that allows you to accept or reject non-essential cookies (functional, analytics, and marketing cookies). Essential cookies, which are strictly necessary for the Site to function, do not require your consent. You can change your cookie preferences at any time through the cookie settings link in the footer of our Site, or by adjusting your browser settings.
You can also control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the Site. Most browsers allow you to refuse cookies or alert you when cookies are being sent.
11. Marketing Communications
We may send you marketing emails about our courses, subscriptions, and creative content if you have opted in to receive them. Every marketing email includes a clear unsubscribe link. You can also opt out at any time by contacting us at hello@everything-art.com.
Opting out of marketing communications does not affect transactional emails related to your purchases or account (such as order confirmations, password resets, and subscription notices).
12. Third-Party Websites
Our Site may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policy of every website you visit. This Privacy Policy applies only to our Site.
13. Children’s Privacy
Our Site and services are intended for users aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have collected data from a minor, please contact us and we will delete it promptly.
14. Data Security
We take the security of your personal data seriously. We use appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted data transmission (SSL/TLS), secure password storage, and access controls limiting who within our organisation can access personal data.
While we take all reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.
15. International Data Transfers
Some of our service providers (such as Teachable and Stripe) may process your data outside the UK. Where this occurs, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner, to protect your data in accordance with UK GDPR.
16. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make changes, we will update the “Last updated” date at the bottom of this page. We encourage you to review this page periodically. Significant changes will be communicated via email or a notice on our Site.
Everything Art Ltd
Lower Stables, Main Street
Sudbury, Ashbourne
DE6 5HT, United Kingdom
© Everything Art Ltd 2026 · Company number 09111832 · Last updated May 2026