Confident Costing ("we", "us", "our") is a trading name operated as a sole trader in England and Wales. We provide educational digital content, online courses, and a subscription membership community focused on business financial literacy and failure analysis.

Data controller: Confident Costing (sole trader, England and Wales)

Contact: support@confidentcosting.com

We are not currently registered with the Information Commissioner's Office (ICO) as a data controller. Our personal data processing falls within the ICO's exempt categories — specifically advertising, marketing and public relations for our own business, and accounts and records for our own business — which do not require payment of the data protection fee. If our processing activities extend beyond these exempt purposes, we will register with the ICO promptly.

If you have any question about how we handle your personal data, contact us at support@confidentcosting.com.

This Privacy Policy explains:

- what personal data we collect about you

- why we collect it and what we use it for (our lawful basis)

- who we share it with

- how long we keep it

- your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018

- how to contact us or the ICO if you have a concern

This Policy applies to all visitors to our website, subscribers to our email list, purchasers of our products, and members of our community. It should be read alongside our Terms and Conditions.

3.1 When you subscribe to our email list (free resources)

Data collected: first name, email address, date and time of subscription, IP address (recorded by Systeme.io as part of double opt-in confirmation), and your consent record.

Why: To deliver the free resource you requested and to send you our email newsletter and follow-up sequences.

Lawful basis: Consent (UK GDPR Article 6(1)(a)). You provide explicit consent when you tick the opt-in box and confirm your subscription via the double opt-in email. You can withdraw this consent at any time (see clause 8).

3.2 When you make a purchase

Data collected: name, email address, billing address (where required by payment processor), order details, transaction ID, and payment confirmation. We do not store payment card details — these are processed directly by Stripe or PayPal.

Why: To fulfil your order, deliver your product or course access, provide customer support, and maintain our financial records.

Lawful basis: Performance of a contract (UK GDPR Article 6(1)(b)) — processing is necessary to deliver what you purchased. We also have a legal obligation (Article 6(1)(c)) to retain certain transaction records for tax and accounting purposes.

3.3 When you join the membership community

Data collected: name or display name, email address, profile information you choose to provide, community posts and contributions, subscription status, and billing records.

Why: To manage your membership, provide access to community content, process recurring payments, and communicate with you about your membership.

Lawful basis: Performance of a contract (Article 6(1)(b)) for membership management; consent (Article 6(1)(a)) for any marketing communications.

3.4 When you contact us

Data collected: your name, email address, and the content of your message.

Why: To respond to your enquiry or complaint.

Lawful basis: Legitimate interests (Article 6(1)(f)) — it is in both parties' interests to be able to communicate and resolve queries.

3.5 Website analytics

Data collected: anonymised or pseudonymised usage data (pages visited, time on site, referral source, device type, approximate location). We do not use cookies that track you across third-party websites without your consent.

Why: To understand how our website is used and improve our content and user experience.

Lawful basis: Legitimate interests (Article 6(1)(f)), where analytics are configured in a privacy-preserving way. Where any non-essential cookies are used, we will ask for your consent via a cookie banner.

We use a small number of trusted third-party services to operate our business. Where these services process personal data on our behalf, they act as data processors and are bound by data processing agreements.

| Processor | Purpose | Location | Transfer basis |

|-----------|---------|----------|---------------|

| Systeme.io (ITACWT Limited, Ireland) | Email list, landing pages, course delivery, payment processing | AWS Ireland (EU/EEA) | No international transfer — EU-hosted |

| Stripe | Payment card processing | UK / EU / USA | UK-US adequacy or Standard Contractual Clauses; Stripe's own DPA applies |

| PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A.) | Payment processing | Luxembourg (EU) | No international transfer |

| Skool (or equivalent community platform) | Membership community hosting | USA | Standard Contractual Clauses (SCCs) or equivalent UK International Data Transfer Agreement (IDTA) |

| Teachable / Podia (where applicable) | Course hosting and delivery | USA | SCCs / IDTA |

| YouTube (Google Ireland Limited) | Video content hosting | EU/EEA | Google's Data Processing Terms |

| Instagram / Meta (Meta Platforms Ireland Limited) | Social media content | EU/EEA | Meta's Data Processing Terms |

We do not sell your personal data to any third party, ever. We do not share your data with third parties for their own marketing purposes.

If you have subscribed to our email list, we will send you:

- the free resource you requested (immediately on confirmed opt-in)

- follow-up educational content and case studies

- information about our products and services, including new launches and offers

Frequency: We aim to send no more than 2–3 emails per week. This may vary during product launches.

Unsubscribing: Every email we send contains an unsubscribe link at the bottom. Clicking it will remove you from our list immediately. Unsubscribing from marketing emails does not affect our ability to send you transactional emails about an order you have placed or a subscription you hold.

If you are a paying customer, we may contact you by email about your order, account, or subscription even after you have unsubscribed from our marketing list. This is a legitimate interest necessary to perform our contract with you.

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law.

| Data type | Retention period |

|-----------|-----------------|

| Email list subscribers (no purchase) | Until you unsubscribe, or 3 years of inactivity, whichever is sooner |

| Customer purchase records | 7 years from the date of transaction (required by HMRC for tax records) |

| Community member data | Until membership ends + 12 months |

| Support / contact enquiries | 2 years from resolution |

| Consent records (double opt-in logs) | 3 years from the date of consent (required to demonstrate compliance) |

When data is no longer required, we delete it or anonymise it. We will action a verified deletion request under your right to erasure (see clause 7) sooner than the above retention periods where legally permissible.

You have the following rights in respect of the personal data we hold about you.

To exercise any of them, contact us at support@confidentcosting.com. We will respond within one calendar month (this may be extended by a further two months for complex or numerous requests, in which case we will notify you).

Right of access — you may request a copy of the personal data we hold about you (a Subject Access Request).

Right to rectification — you may ask us to correct any inaccurate or incomplete data.

Right to erasure ("right to be forgotten") — you may ask us to delete your personal data. This right is not absolute; we may need to retain some data to comply with a legal obligation (e.g. HMRC transaction records) or to defend a legal claim.

Right to restriction of processing — you may ask us to stop processing your data in certain circumstances, for example while a dispute about its accuracy is resolved.

Right to data portability — where processing is based on your consent or on a contract, you may ask us to provide your data in a structured, commonly used, machine-readable format.

Right to object — you may object to processing based on legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds that override your interests.

Right to withdraw consent — where we process data based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Rights related to automated decision-making — we do not make decisions about you solely by automated means that produce legal or similarly significant effects. If this changes, we will update this Policy and inform you.

We do not charge a fee for handling your rights requests unless they are manifestly unfounded or excessive.

To unsubscribe from our email list: click the unsubscribe link in any email we send you, or email support@confidentcosting.com with the subject line "Unsubscribe".

To request deletion of your personal data: email support@confidentcosting.com with the subject line "Data deletion request" and include the email address associated with your account.

We will confirm the deletion (subject to any legally required retention) within one calendar month.

To cancel a subscription: see clause 8.2 of our Terms and Conditions.

Our website may use cookies. A cookie is a small text file placed on your device by a website.

Strictly necessary cookies — required for the website to function (e.g. session management, payment processing security). These do not require your consent.

Analytics cookies — used to understand how visitors use our site. Where we use analytics cookies, we will ask for your consent via a cookie banner before placing them.

Marketing cookies — we do not use third-party advertising or retargeting cookies.

You can manage your cookie preferences through your browser settings at any time. Disabling strictly necessary cookies may affect your ability to use parts of the website.

Our Services are not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, contact us at support@confidentcosting.com and we will delete it promptly.

We take reasonable technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. These include:

- using HTTPS on all pages that collect personal data

- relying on EU/EEA-hosted infrastructure (Systeme.io / AWS Ireland) for email and course delivery

- not storing payment card details (processed entirely by Stripe or PayPal)

- double opt-in for email subscriptions, which creates a verified consent record

No method of transmission over the internet or electronic storage is 100% secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours as required by UK GDPR Article 33, and will notify affected individuals without undue delay where the risk is high.

Our website and emails may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies before providing them with any personal data.

We may update this Privacy Policy from time to time. We will notify subscribers of any material changes by email, giving at least 14 days' notice before the updated Policy takes effect. The current version is always available on our website. The version number and effective date are shown at the bottom of this document.

If you are unhappy with how we have handled your personal data, please contact us first at support@confidentcosting.com so we have the opportunity to address your concern.

If you remain unsatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

- Website: [ico.org.uk](https://ico.org.uk)

- Helpline: 0303 123 1113

- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Confident Costing is a trading name. All data protection enquiries: support@confidentcosting.com

This Privacy Policy is version 1.0 and was last reviewed and updated: May 2026