Privacy Policy

Last updated: 12 July 2026

1. Who we are

This Privacy Policy explains how we collect, use and protect your personal data when you visit codecariad.com (the “Site”) or buy and use our products and services. Code Cariad is a trading name of Sarah Tamsin Digital Ltd, a company registered in England and Wales (company number 12933801, VAT number 455208204). Sarah Tamsin Digital Ltd is the “data controller” responsible for your personal data.

We are committed to protecting your privacy and handling your data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If you have any questions, contact us at [email protected].

2. The personal data we collect

Depending on how you use the Site, we may collect:

  • Account and order details — your name, email address, billing address, and the products and licences you purchase.
  • Payment information — payments are processed by our payment provider. We receive confirmation of payment and limited details (such as the card type and last four digits); we do not store your full card number.
  • Licence and update data — when your installed plugin checks for updates it may send your licence key and the website domain (URL) it is installed on, so we can validate the licence.
  • Communications and support — messages you send us, including support requests and any information you choose to include.
  • Marketing preferences — if you sign up to our mailing list, your email address and subscription status.
  • Technical and usage data — such as your IP address, browser type, device information and how you use the Site, collected through cookies and similar technologies and our hosting and security providers.

3. How and why we use your data

We use your personal data for the following purposes, relying on the lawful bases shown:

  • To provide our products and services — process orders, deliver downloads and licence keys, validate licences and provide updates and support. Lawful basis: performance of a contract.
  • To take payment and keep financial records — including meeting tax and accounting obligations. Lawful basis: performance of a contract and compliance with a legal obligation.
  • To communicate with you — respond to enquiries and send service messages about your orders, subscriptions and renewals. Lawful basis: performance of a contract and our legitimate interests in running our business.
  • To send marketing emails — where you have signed up. Lawful basis: consent (which you can withdraw at any time).
  • To operate, secure and improve the Site — including preventing fraud and abuse and analysing usage. Lawful basis: our legitimate interests in keeping the Site secure and effective.

4. Marketing

We only send marketing emails to people who have asked to receive them. You can unsubscribe at any time using the link in any marketing email, or by contacting us. Unsubscribing from marketing will not stop service messages that we need to send about your orders or subscriptions.

5. Cookies and similar technologies

The Site uses cookies and similar technologies to make it work (for example, to keep items in your cart and to keep you signed in), to keep it secure, and — where you agree — to help us understand how the Site is used. Strictly necessary cookies do not require consent; other cookies are used only where permitted. You can control cookies through your browser settings, though some features may not work correctly if you disable essential cookies.

6. Who we share your data with

We do not sell your personal data. We share it only with trusted providers who help us run our business, and only as needed:

  • Payment processing — our payment provider (Stripe) to take payments securely.
  • Hosting and security — our website hosting provider and our content-delivery and security provider (Cloudflare).
  • Email and marketing — the provider we use to manage our mailing list and send emails.
  • Professional advisers — such as our accountants, where necessary.
  • Legal and regulatory bodies — where we are required to share data by law.

Our providers act on our instructions and are required to keep your data secure and use it only for the purposes we specify.

7. International transfers

Some of our providers may process data outside the UK. Where they do, we take steps to ensure your data receives an appropriate level of protection, such as relying on the UK’s adequacy regulations or on standard data-protection clauses approved for use in the UK.

8. How long we keep your data

We keep your personal data only for as long as we need it for the purposes set out in this policy. Order and financial records are kept for as long as required to meet our legal and tax obligations (generally at least six years). Marketing data is kept until you unsubscribe. When we no longer need your data, we securely delete or anonymise it.

9. How we keep your data secure

We use appropriate technical and organisational measures to protect your personal data, including encryption in transit (HTTPS), access controls and reputable service providers. No method of transmission or storage is completely secure, but we work to protect your data and to respond appropriately if a problem occurs.

10. Your rights

Under UK data protection law, you have the right to:

  • access the personal data we hold about you;
  • ask us to correct inaccurate or incomplete data;
  • ask us to delete your data in certain circumstances;
  • ask us to restrict or object to how we use your data;
  • ask us to transfer your data to you or another provider (data portability); and
  • withdraw your consent at any time where we rely on consent.

To exercise any of these rights, contact us at [email protected]. We will respond within the time limits required by law.

11. Complaints

If you are unhappy with how we have handled your personal data, please contact us first so we can try to put it right. You also have the right to complain to the UK’s data protection regulator, the Information Commissioner’s Office (ICO), at ico.org.uk.

12. Children

Our Site and products are intended for business and professional use and are not directed at children. We do not knowingly collect personal data from children.

13. Other websites

The Site may contain links to other websites. This policy applies only to our Site, and we are not responsible for the privacy practices of third-party sites. We encourage you to read their privacy policies.

14. Changes to this policy

We may update this policy from time to time. The current version is always published on this page, and the “Last updated” date shows when it last changed. Please check back periodically.

15. Contact us

For any questions about this policy or your personal data, contact: Sarah Tamsin Digital Ltd (trading as Code Cariad), Ty Merlin, Caerphilly Business Park, Caerphilly, CF83 3GS, United Kingdom. Email: [email protected].