Privacy Policy
Effective date: 1 April 2026 · Last updated: 7 April 2026
1. Introduction
AT EASE (“we”, “our”, “us”) operates the website at allatease.com (the “Website”). This Privacy Policy explains what personal data we collect, how we process it, the legal basis for processing, and how you can exercise your rights under applicable data protection laws.
We are committed to protecting your privacy and processing your data transparently. We do not sell your personal data to third parties, and we do not use invasive tracking technologies.
2. Data controller
The data controller for your personal data is AT EASE, contactable at privacy@allatease.com. For the purposes of the Indian Digital Personal Data Protection Act, 2023 (DPDP Act), AT EASE acts as a Data Fiduciary.
3. Data we collect
We collect minimal data necessary to provide and improve our services:
3.1 Data you provide voluntarily
- Email address — when you subscribe to our newsletter, submit a contact form, or purchase a digital product.
- Name — when you submit a contributor application or contact form.
- Message content — the content of enquiries you send through our forms.
- Payment information — if you purchase a digital product, payment is processed by our third-party payment provider (currently Gumroad). We do not store or access your credit card details.
3.2 Data collected automatically
- Analytics data — we use Plausible Analytics, a privacy-first, cookieless analytics tool hosted in the EU. It collects no personal data, sets no cookies, and all data is aggregated and anonymous. No consent is required.
- Country-level geolocation — we detect your approximate country from HTTP request headers (via the hosting provider) to display region-relevant content and pricing. This two-letter country code is stored in a first-party cookie (
at-ease-country) and is not linked to your identity. - Theme preference — your light/dark mode choice is stored in a first-party cookie.
3.3 Data we do NOT collect
- We do not use fingerprinting, tracking pixels, or cross-site tracking.
- We do not use third-party advertising cookies.
- We do not collect sensitive personal data (biometric, genetic, health data, religion, sexual orientation).
- We do not knowingly collect data from children under 16.
4. How we use your data
| Purpose | Data used | Legal basis (GDPR) |
|---|---|---|
| Send newsletters | Email address | Consent (Art. 6(1)(a)) |
| Respond to enquiries | Name, email, message | Legitimate interest (Art. 6(1)(f)) |
| Deliver digital products | Email, transaction ID | Contract (Art. 6(1)(b)) |
| Display regional content | Country code (cookie) | Legitimate interest (Art. 6(1)(f)) |
| Understand aggregate traffic | Anonymous analytics | No personal data processed |
5. Data sharing and third-party services
We share data only with the following categories of service providers, strictly for the purposes stated:
- Plausible Analytics (EU-hosted) — privacy-first, cookieless analytics. No personal data transferred.
- Vercel Inc. (USA) — website hosting and CDN delivery. Standard contractual clauses apply for EU data transfers.
- Cloudinary Ltd. — image optimisation and delivery. Processes only image URLs, not user data.
- Email service provider — for sending newsletters to subscribers who opted in. Processes email addresses only.
- Gumroad Inc. (if applicable) — payment processing for digital products. Subject to Gumroad's own privacy policy.
- Giscus / GitHub — powers our comment system. Comments are stored in GitHub Discussions and are subject to GitHub's privacy policy.
We do not sell, rent, or trade your personal data to any third party for marketing or advertising purposes.
6. International data transfers
Some of our service providers are based outside India and the European Economic Area (EEA). Where personal data is transferred to countries without an adequacy decision, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or the service provider's participation in recognised frameworks.
7. Data retention
- Newsletter subscribers — your email is retained until you unsubscribe. Every email includes a one-click unsubscribe link.
- Contact form submissions — retained for up to 12 months, then deleted unless there is an ongoing correspondence.
- Product purchase records — retained for 7 years as required by Indian tax and accounting regulations.
- Cookies — see our Cookie Policy for specific durations.
8. Your rights
8.1 Under the EU General Data Protection Regulation (GDPR)
If you are in the EEA or UK, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — ask us to delete your data (“right to be forgotten”).
- Restriction — ask us to restrict processing in certain circumstances.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — at any time, without affecting the lawfulness of prior processing.
You also have the right to lodge a complaint with your local data protection authority.
8.2 Under the Indian Digital Personal Data Protection Act, 2023 (DPDP Act)
If you are in India, as a Data Principal you have the right to:
- Obtain confirmation of whether your data is being processed and a summary of it.
- Request correction and completion of inaccurate or incomplete data.
- Request erasure of your personal data (subject to legal retention requirements).
- Nominate another individual to exercise your rights in the event of death or incapacity.
- Lodge a grievance with AT EASE or escalate to the Data Protection Board of India.
8.3 Under the California Consumer Privacy Act (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it is used.
- Request deletion of your personal information.
- Opt out of the “sale” or “sharing” of personal information. Note: we do not sell or share your data.
- Non-discrimination for exercising your privacy rights.
9. How to exercise your rights
To make a data subject request, email privacy@allatease.com with the subject line “Data request”. We will respond within 30 days (or sooner where required by law). We may ask you to verify your identity before processing your request.
10. Children's privacy
Our Website is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Security measures
We implement appropriate technical and organisational measures to protect your data, including HTTPS encryption across the entire Website, secure API key management, rate-limited forms, Content Security Policy headers, and regular security audits. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
12. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated effective date. We will not reduce your rights under this policy without obtaining your consent. For significant changes, we will notify newsletter subscribers by email.
13. Contact us
For privacy-related enquiries, data subject requests, or complaints:
- Email: privacy@allatease.com
- Contact form: allatease.com/contact