Privacy policy
How we collect, use, store and protect your personal data – and the rights you have over it.
1. Introduction
This privacy notice explains how we collect, use, store, and protect your personal data when you interact with the websites, products, and services operated by Blossoming Limited (“we”, “us”, “our”), including:
- https://www.fearfreechildbirth.com – Fear Free Childbirth publication and podcast site
- https://www.fearless-birthing.com – Fearless Birthing brand site
- https://www.head-trash.com – Head Trash brand site
- Any sub-domains and connected applications operated by Blossoming Limited
By providing us with your data, you confirm that you are at least 16 years of age (or have a parent/guardian’s consent if younger).
Data controller
- Legal entity: Blossoming Limited
- Email: hello@fearfreechildbirth.com
- Postal address: Gothic House, Barker Gate, Nottingham NG1 1JU, United Kingdom
UK supervisory authority: Information Commissioner’s Office (ICO) – https://ico.org.uk. If you have a complaint about how we handle your data, we’d appreciate the chance to resolve it first, but you can complain directly to the ICO at any time.
2. What data we collect
2.1 Standard personal data
- Identity Data – first name, last name, title, date of birth (where relevant)
- Contact Data – billing address, email address, phone number
- Financial Data – payment card details (handled by our payment processors – we do not store full card numbers)
- Transaction Data – products purchased, dates, amounts
- Technical Data – IP address, browser type/version, operating system, time zone, device identifiers
- Profile Data – username, password (hashed), preferences, interests, survey responses
- Usage Data – how you use our websites and services
- Marketing and Communications Data – your preferences for receiving communications from us
2.2 Special category / sensitive data (UK GDPR Article 9)
We collect and process special category personal data in the following specific contexts:
- Mental health and wellbeing data – when you use Fearless Birthing programmes, the Head Trash Clearance Club, or any of our other healing products. This includes self-reported emotional states, anxiety patterns, fears, life experiences, and related context.
- Perinatal mental health and birth-fear data – when you complete the Perinatal Inner Readiness Profile (PIRP) or related Fearless Birthing assessments. This includes responses to questions about pregnancy, birth, your relationship with your body, fears around motherhood, and your psychological readiness for birth.
- Health-related data – where relevant to the support we provide. Reading Fear Free Childbirth does not require you to share any of this; it applies only where you choose to submit it (for example in a story submission or programme).
Legal basis for processing special category data: Explicit consent (UK GDPR Article 9(2)(a)). You provide this consent when you complete an assessment or sign up for a programme. You can withdraw consent at any time by emailing hello@fearfreechildbirth.com or via your preferences dashboard. Withdrawing consent will not affect lawful processing already carried out, but we will stop processing your data for affected purposes going forward and will delete it on request.
2.3 Story contributions
If you share your story with Fear Free Childbirth (for an article or podcast episode), we process what you choose to tell us in order to edit and publish it. Nothing is published without your sign-off, and you can ask us to unpublish your story at any time – see our editorial standards.
2.4 Children
Our services are not intended for children under 16. We do not knowingly collect data from anyone under 16. If you believe we hold data about a child, please contact hello@fearfreechildbirth.com and we will delete it.
3. How we collect your data
3.1 Directly from you
- Filling in forms on our websites (newsletter, enquiries, pitches, story submissions)
- Purchasing products or services
- Creating an account
- Subscribing to newsletters or free resources
- Completing assessments (including PIRP, on our sister sites)
- Communicating with us by email, phone, or messaging
3.2 Automated technologies
- Cookies and similar technologies on our websites (see our cookie policy)
- Server logs (IP addresses, request paths, timestamps)
- Analytics tools (see sub-processors below)
3.3 Third parties and public sources
- Payment confirmations from Stripe / PayPal
- Marketing campaign attribution from advertising platforms (Meta, Google)
- Publicly available business directories where applicable
4. How we use your data
We will only use your personal data when legally permitted. The lawful bases we rely on are:
- Contract – to perform the contract between you and us (e.g., delivering a product you purchased)
- Legitimate Interests – where the processing is necessary for our legitimate business interests and doesn’t override your rights
- Legal Obligation – to comply with applicable law
- Consent – for marketing communications and for processing special category data (mental health, perinatal, etc.)
| Purpose | Data types | Lawful basis (Art. 6) | Special category basis (Art. 9) |
|---|---|---|---|
| Register you as a customer / set up your account | Identity, Contact | Contract | n/a |
| Deliver products and services you purchased (including running assessments and generating reports) | Identity, Contact, Profile, Special Category | Contract | Explicit consent |
| Process payments and recover monies owed | Identity, Contact, Financial, Transaction | Contract; Legitimate Interest | n/a |
| Edit and publish story contributions you submit | Identity, Contact, Special Category (as volunteered) | Contract / Consent | Explicit consent |
| Send you transactional emails | Identity, Contact | Contract | n/a |
| Send you marketing communications (incl. the FFC newsletter) | Identity, Contact, Marketing | Consent | n/a |
| Handle advertiser, contributor and guest enquiries | Identity, Contact, business details | Legitimate Interest / Contract | n/a |
| Analyse usage of our websites and services to improve them | Technical, Usage | Legitimate Interest | n/a |
| Protect our systems against fraud and abuse | Technical, Usage | Legitimate Interest | n/a |
| Comply with legal, tax, accounting obligations | Identity, Contact, Financial, Transaction | Legal Obligation | n/a |
5. Sub-processors
We use the following third-party service providers (“sub-processors”) to deliver our services. We have data processing agreements in place with each of them. They process your personal data only on our instructions and in line with this policy.
| Sub-processor | What they do | Where | Transfer safeguard |
|---|---|---|---|
| GHL (HighLevel / LeadConnector LLC) | CRM, marketing automation, email delivery, forms, contact management | USA | UK IDTA / SCCs + Data Privacy Framework (where applicable) |
| Libsyn | Podcast hosting and delivery (episode downloads/streams) | USA | UK IDTA / SCCs |
| Supabase Inc. | Database hosting for assessment data, application backend | EU (Ireland) | UK adequacy regulations; SCCs where US infrastructure is touched |
| Anthropic, PBC | AI report generation (Claude model) for assessments on our sister sites – scores sent anonymised; Anthropic does not use API data to train its models | USA | UK IDTA + Data Privacy Framework (DPF-certified) |
| Stripe | Payment processing | USA / Ireland | SCCs / UK IDTA |
| PayPal | Payment processing | USA / Luxembourg | SCCs |
| A2 Hosting | Website hosting | Amsterdam, Netherlands | SCCs / UK IDTA |
| Google (Analytics) | Analytics, advertising, productivity | USA | UK IDTA + Data Privacy Framework |
| Improvely | Conversion and campaign attribution tracking | USA | UK IDTA / SCCs |
| Meta (Facebook, Instagram) | Advertising | USA | UK IDTA + Data Privacy Framework |
| Mailgun | Transactional email delivery | USA | UK IDTA + Data Privacy Framework |
| Skool | Community platform | USA | UK IDTA / SCCs |
| Bookfunnel | Book sales/delivery | USA | UK IDTA / SCCs |
6. International data transfers
UK data protection law (the UK GDPR and the Data Protection Act 2018) governs how we handle personal data of people in the UK. Many of our sub-processors are based outside the United Kingdom and the European Economic Area (EEA). We rely on the following safeguards when transferring your data internationally:
- UK adequacy regulations – for transfers to countries the UK government has determined provide an adequate level of data protection (including all EEA countries and a list of others).
- UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses (SCCs) with the UK Addendum – for transfers to non-adequate countries (including the USA).
- EU-US Data Privacy Framework (DPF) – for transfers to US companies certified under the framework.
If you would like further information on the safeguards in place for any specific transfer, email hello@fearfreechildbirth.com.
7. Data security
We take the security of your data seriously and implement appropriate technical and organisational measures, including:
- Encryption in transit – all websites and APIs use HTTPS/TLS
- Encryption at rest – database storage (Supabase, GHL) encrypts data at rest
- Access control – only authorised personnel can access personal data, and access is logged
- Row-level security on assessment-related database tables, restricting access to authorised server-side operations only
- Token-based access to assessment reports – unique, unguessable tokens
- Rate limits and spend caps on API endpoints to prevent abuse
- Regular security audits of our database and edge functions
If you become aware of a security issue, please email hello@fearfreechildbirth.com immediately. We will investigate and notify affected users and the ICO within 72 hours of becoming aware of a personal data breach where required by law.
8. Data retention
| Data category | Retention period | Reason |
|---|---|---|
| Customer account data (Identity, Contact) | 6 years after last interaction | UK tax law (HMRC) |
| Financial / transaction records | 6 years after the transaction | UK tax law (HMRC) |
| Assessment data | 2 years after last login/use, then anonymised | Historic report access, continuity of care, service improvement |
| Generated reports | Same as assessment data | Tied to underlying assessment |
| Marketing data (consent basis) | Until you withdraw consent or 3 years of inactivity | Legitimate retention windows for active subscribers |
| Website analytics / server logs | 12 months | Balancing analytics value with privacy |
| Support correspondence | 3 years after resolution | Follow-up queries and service improvement |
After the retention period, data is either deleted or fully anonymised. You can request deletion at any time – see Section 9.
9. Your legal rights
Under UK GDPR you have the following rights:
- Right of access – get a copy of the personal data we hold about you
- Right to rectification – correct inaccurate or incomplete data
- Right to erasure (“right to be forgotten”) – request deletion of your data
- Right to restrict processing – limit how we use your data in certain circumstances
- Right to data portability – receive your data in a structured, machine-readable format
- Right to object – to processing based on legitimate interests, and to direct marketing
- Right to withdraw consent – where consent is the lawful basis
- Right not to be subject to automated decision-making – including profiling, where it produces legal or similarly significant effects
To exercise any of these rights, email hello@fearfreechildbirth.com. We will respond within one month. If your request is complex, we may extend this by up to two further months and will let you know. We may ask you to verify your identity before processing a request, as a security measure.
10. Cookies
See our separate cookie policy. You can configure your browser to refuse cookies. Some parts of our websites may not function correctly if you disable essential cookies.
11. Third-party links
Our websites include links to third-party websites and tools. We are not responsible for their privacy practices. When you leave our sites, please read the privacy policies of any websites you visit.
12. Changes to this policy
We may update this policy from time to time. The current version is always available at https://www.fearfreechildbirth.com/policy/privacy-policy/ and the date of the last update is shown at the bottom. If we make material changes, we will notify you by email or via a prominent notice on our websites before the changes take effect.
Policy last updated: 12 June 2026