Fear Free Childbirth
Stories, science & straight answers about reproductive fear
Policy

Privacy policy

How we collect, use, store and protect your personal data – and the rights you have over it.

1. Introduction

This privacy notice explains how we collect, use, store, and protect your personal data when you interact with the websites, products, and services operated by Blossoming Limited (“we”, “us”, “our”), including:

By providing us with your data, you confirm that you are at least 16 years of age (or have a parent/guardian’s consent if younger).

Data controller

UK supervisory authority: Information Commissioner’s Office (ICO) – https://ico.org.uk. If you have a complaint about how we handle your data, we’d appreciate the chance to resolve it first, but you can complain directly to the ICO at any time.

2. What data we collect

2.1 Standard personal data

2.2 Special category / sensitive data (UK GDPR Article 9)

We collect and process special category personal data in the following specific contexts:

Legal basis for processing special category data: Explicit consent (UK GDPR Article 9(2)(a)). You provide this consent when you complete an assessment or sign up for a programme. You can withdraw consent at any time by emailing hello@fearfreechildbirth.com or via your preferences dashboard. Withdrawing consent will not affect lawful processing already carried out, but we will stop processing your data for affected purposes going forward and will delete it on request.

2.3 Story contributions

If you share your story with Fear Free Childbirth (for an article or podcast episode), we process what you choose to tell us in order to edit and publish it. Nothing is published without your sign-off, and you can ask us to unpublish your story at any time – see our editorial standards.

2.4 Children

Our services are not intended for children under 16. We do not knowingly collect data from anyone under 16. If you believe we hold data about a child, please contact hello@fearfreechildbirth.com and we will delete it.

3. How we collect your data

3.1 Directly from you

3.2 Automated technologies

3.3 Third parties and public sources

4. How we use your data

We will only use your personal data when legally permitted. The lawful bases we rely on are:

PurposeData typesLawful basis (Art. 6)Special category basis (Art. 9)
Register you as a customer / set up your accountIdentity, ContactContractn/a
Deliver products and services you purchased (including running assessments and generating reports)Identity, Contact, Profile, Special CategoryContractExplicit consent
Process payments and recover monies owedIdentity, Contact, Financial, TransactionContract; Legitimate Interestn/a
Edit and publish story contributions you submitIdentity, Contact, Special Category (as volunteered)Contract / ConsentExplicit consent
Send you transactional emailsIdentity, ContactContractn/a
Send you marketing communications (incl. the FFC newsletter)Identity, Contact, MarketingConsentn/a
Handle advertiser, contributor and guest enquiriesIdentity, Contact, business detailsLegitimate Interest / Contractn/a
Analyse usage of our websites and services to improve themTechnical, UsageLegitimate Interestn/a
Protect our systems against fraud and abuseTechnical, UsageLegitimate Interestn/a
Comply with legal, tax, accounting obligationsIdentity, Contact, Financial, TransactionLegal Obligationn/a

5. Sub-processors

We use the following third-party service providers (“sub-processors”) to deliver our services. We have data processing agreements in place with each of them. They process your personal data only on our instructions and in line with this policy.

Sub-processorWhat they doWhereTransfer safeguard
GHL (HighLevel / LeadConnector LLC)CRM, marketing automation, email delivery, forms, contact managementUSAUK IDTA / SCCs + Data Privacy Framework (where applicable)
LibsynPodcast hosting and delivery (episode downloads/streams)USAUK IDTA / SCCs
Supabase Inc.Database hosting for assessment data, application backendEU (Ireland)UK adequacy regulations; SCCs where US infrastructure is touched
Anthropic, PBCAI report generation (Claude model) for assessments on our sister sites – scores sent anonymised; Anthropic does not use API data to train its modelsUSAUK IDTA + Data Privacy Framework (DPF-certified)
StripePayment processingUSA / IrelandSCCs / UK IDTA
PayPalPayment processingUSA / LuxembourgSCCs
A2 HostingWebsite hostingAmsterdam, NetherlandsSCCs / UK IDTA
Google (Analytics)Analytics, advertising, productivityUSAUK IDTA + Data Privacy Framework
ImprovelyConversion and campaign attribution trackingUSAUK IDTA / SCCs
Meta (Facebook, Instagram)AdvertisingUSAUK IDTA + Data Privacy Framework
MailgunTransactional email deliveryUSAUK IDTA + Data Privacy Framework
SkoolCommunity platformUSAUK IDTA / SCCs
BookfunnelBook sales/deliveryUSAUK IDTA / SCCs

6. International data transfers

UK data protection law (the UK GDPR and the Data Protection Act 2018) governs how we handle personal data of people in the UK. Many of our sub-processors are based outside the United Kingdom and the European Economic Area (EEA). We rely on the following safeguards when transferring your data internationally:

If you would like further information on the safeguards in place for any specific transfer, email hello@fearfreechildbirth.com.

7. Data security

We take the security of your data seriously and implement appropriate technical and organisational measures, including:

If you become aware of a security issue, please email hello@fearfreechildbirth.com immediately. We will investigate and notify affected users and the ICO within 72 hours of becoming aware of a personal data breach where required by law.

8. Data retention

Data categoryRetention periodReason
Customer account data (Identity, Contact)6 years after last interactionUK tax law (HMRC)
Financial / transaction records6 years after the transactionUK tax law (HMRC)
Assessment data2 years after last login/use, then anonymisedHistoric report access, continuity of care, service improvement
Generated reportsSame as assessment dataTied to underlying assessment
Marketing data (consent basis)Until you withdraw consent or 3 years of inactivityLegitimate retention windows for active subscribers
Website analytics / server logs12 monthsBalancing analytics value with privacy
Support correspondence3 years after resolutionFollow-up queries and service improvement

After the retention period, data is either deleted or fully anonymised. You can request deletion at any time – see Section 9.

9. Your legal rights

Under UK GDPR you have the following rights:

To exercise any of these rights, email hello@fearfreechildbirth.com. We will respond within one month. If your request is complex, we may extend this by up to two further months and will let you know. We may ask you to verify your identity before processing a request, as a security measure.

10. Cookies

See our separate cookie policy. You can configure your browser to refuse cookies. Some parts of our websites may not function correctly if you disable essential cookies.

11. Third-party links

Our websites include links to third-party websites and tools. We are not responsible for their privacy practices. When you leave our sites, please read the privacy policies of any websites you visit.

12. Changes to this policy

We may update this policy from time to time. The current version is always available at https://www.fearfreechildbirth.com/policy/privacy-policy/ and the date of the last update is shown at the bottom. If we make material changes, we will notify you by email or via a prominent notice on our websites before the changes take effect.

Policy last updated: 12 June 2026