Privacy Policy
Last Updated: 7 March 2026
1. Introduction
This Privacy Policy explains how Stuart Thompson trading as LifeACE ("we", "us", or "our") collects, uses, stores, shares, and protects your personal information when you use our website https://lifeace.bullet.site ("Website"), products, services, and associated platforms, including digital templates and tools provided under the LifeACE methodology.
We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (PECR), and other applicable data protection legislation.
This Privacy Policy should be read alongside our Terms and Conditions and Cookie Policy.
Contact Details:
Stuart Thompson trading as LifeACE
Flat A Lammas Gate, 84a Meadrow, Godalming, Surrey, GU7 3HT
2. Who We Are
Stuart Thompson trading as LifeACE is a sole trader based in the United Kingdom. We are the data controller responsible for your personal data under the UK GDPR.
LifeACE is our personal growth methodology and digital ecosystem, covering the Website, Notion workspace templates, digital tools, frameworks, and resources. It operates alongside The Purposeful Life Blueprint, our wider content and learning platform covering podcast, blog, newsletter, and weekly reading pathways.
If you have any questions about this Privacy Policy or our data practices, please contact us using the details above.
3. Scope
This Policy applies to all personal data we collect through:
- Our Website
- Purchases of digital products, templates, and tools (including LifeACE Notion templates)
- Newsletter subscriptions and email communications
- Podcast and content interactions
- Customer support and correspondence
- Third-party platforms through which we offer our products (such as Gumroad, Lemon Squeezy, or similar marketplaces)
4. Information We Collect
We may collect and process the following categories of personal data:
- Identity Data: Name, username, or similar identifier.
- Contact Data: Email address, billing address, social media handle (where applicable).
- Technical Data: IP address, device information, browser type and version, operating system, time zone setting, and usage data collected through cookies and similar technologies.
- Transactional Data: Details of products and services you purchase, payment method details (processed securely by third-party payment providers -- we do not store payment card information).
- Usage Data: Information about how you interact with our Website and services, including pages visited, template downloads, features used, and support queries.
- Marketing and Communications Data: Your preferences for receiving marketing from us, newsletter subscription status, and communication preferences.
- Correspondence Data: Information you provide when you contact us for support, feedback, or enquiries.
You are not required to provide personal data to browse our Website, but certain information is necessary to process transactions, deliver products, and provide requested services.
5. How We Collect Data
We collect your information:
- Directly from you -- when you make a purchase, subscribe to our newsletter, fill out a form, create an account, contact us, or interact with our content.
- Automatically -- through cookies, analytics tools, and similar tracking technologies when you use our Website. See our Cookie Policy for full details.
- From third-party platforms -- where applicable, from payment processors (such as Stripe or PayPal), marketplace platforms (such as Gumroad or Lemon Squeezy), email service providers, and analytics services.
6. Lawful Basis for Processing
Under the UK GDPR, we must have a lawful basis for each processing activity. The table below sets out our purposes for processing your personal data and the corresponding lawful basis:
Purpose | Lawful Basis (UK GDPR Art. 6) |
Processing your orders and delivering purchased products | Contractual necessity (Art. 6(1)(b)) |
Managing your account and customer relationship | Contractual necessity (Art. 6(1)(b)) |
Providing customer support and responding to enquiries | Legitimate interests (Art. 6(1)(f)) |
Sending transactional emails (order confirmations, delivery) | Contractual necessity (Art. 6(1)(b)) |
Sending marketing emails and newsletters | Consent (Art. 6(1)(a)) |
Analysing website usage and improving our services | Legitimate interests (Art. 6(1)(f)) |
Placing non-essential cookies and tracking technologies | Consent (Art. 6(1)(a)) / PECR |
Ensuring website security and preventing fraud | Legitimate interests (Art. 6(1)(f)) |
Complying with legal and regulatory obligations | Legal obligation (Art. 6(1)(c)) |
Administering affiliate and referral programmes | Legitimate interests (Art. 6(1)(f)) |
Where we rely on legitimate interests, we have conducted a balancing test to ensure our interests do not override your fundamental rights and freedoms. You may request details of this assessment by contacting us.
7. How We Use Your Data
We use your personal data to:
- Provide, maintain, and improve our Website, products, and services
- Process and fulfil orders for digital products and templates
- Manage your account and communicate with you about your purchases
- Send service updates, including changes to our terms or policies
- Send marketing communications and newsletters (only with your consent)
- Analyse website performance, user behaviour, and service usage to make improvements
- Respond to your enquiries, feedback, and support requests
- Detect, prevent, and address technical issues, fraud, or security threats
- Meet our legal and regulatory obligations
We do not sell your personal data to third parties. We will never share your data for purposes unrelated to those described in this Policy without your explicit consent.
8. Cookies and Tracking Technologies
Our Website uses cookies and similar tracking technologies to improve user experience, measure site performance, and deliver personalised content. You are notified of this on your first visit and given the option to manage your preferences.
For full details, including a list of specific cookies we use and how to manage them, please see our Cookie Policy.
9. Data Sharing and Sub-Processors
We share your personal data only where necessary to deliver our services, and only with trusted third-party service providers ("sub-processors") who are bound by data protection agreements.
Service Provider | Purpose | Data Processed | Location |
Gumroad | Payment processing and digital product delivery | Transactional, Identity, Contact | US |
[INSERT EMAIL SERVICE, e.g. ConvertKit/Kit] | Email marketing and newsletters | Contact, Marketing | [US] |
Google Analytics | Website analytics | Technical, Usage | US |
Cloudflare | Website security and CDN | Technical | US/Global |
Bullet | Website hosting (Notion-based) | Technical, all data processed via Website | US |
Notion Marketplace | Template distribution and sales | Transactional, Identity, Contact | US |
Google Tag Manager | Tag and script management | Technical | US |
CookieYes | Cookie consent management | Technical, Preferences | UK/EU |
We review our sub-processors regularly. This table will be updated as our service providers change. We will not share your personal data with any third party for their own marketing purposes.
10. International Data Transfers
Some of our sub-processors are based outside the United Kingdom. Where we transfer personal data internationally, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.
These safeguards include:
- UK International Data Transfer Agreement (IDTA) -- used for transfers to countries without a UK adequacy decision
- UK Addendum to the EU Standard Contractual Clauses -- where applicable
- Adequacy decisions -- where the UK Government has determined that a country provides an adequate level of data protection (such as the EEA)
We only transfer data to processors who can demonstrate appropriate security measures and data protection commitments. You may request details of the safeguards we rely on by contacting us.
11. Data Security
We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, misuse, alteration, or destruction. These include:
- Encrypted data transmission (SSL/TLS)
- Restricted access controls for stored data
- Regular security reviews of our systems and processes
- Careful selection and monitoring of third-party service providers
- Secure password management practices
No method of data transmission or storage is completely secure. While we take reasonable precautions, we cannot guarantee absolute security.
12. Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, as required by UK GDPR Article 33
- Notify you without undue delay where the breach is likely to result in a high risk to your rights and freedoms, as required by UK GDPR Article 34
- Document all breaches and the steps taken in response
13. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, and to comply with legal, regulatory, and accounting requirements.
Data Type | Retention Period |
Account and identity data | Duration of account, plus 12 months after closure |
Transactional and purchase data | 6 years (as required by HMRC for tax and accounting) |
Email marketing and subscription data | Until you unsubscribe, plus 30 days for processing |
Website analytics data | 26 months (Google Analytics default) |
Customer support correspondence | 24 months from last contact |
Cookie consent records | 12 months, then re-prompted |
When data is no longer required, it is securely deleted or anonymised.
14. Your Rights
Under the UK GDPR and the Data Protection Act 2018, you have the following rights:
- Right of Access -- request a copy of the personal data we hold about you
- Right to Rectification -- ask us to correct inaccurate or incomplete data
- Right to Erasure -- request deletion of your personal data ("right to be forgotten") where there is no compelling reason for continued processing
- Right to Restriction -- request that we restrict processing of your data in certain circumstances
- Right to Data Portability -- receive your personal data in a structured, commonly used, machine-readable format
- Right to Object -- object to processing based on legitimate interests or for direct marketing purposes
- Right to Withdraw Consent -- withdraw your consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal
- Rights Related to Automated Decision-Making -- not be subject to decisions based solely on automated processing that significantly affect you
To exercise any of these rights, please contact us at tommos.notion@gmail.com.
We will respond to your request within one calendar month. In complex cases, we may extend this by a further two months, but we will inform you within the first month if this is necessary. There is no charge for exercising your rights unless requests are manifestly unfounded or excessive.
15. Automated Decision-Making
We do not carry out any solely automated decision-making or profiling that produces legal effects or similarly significant effects on you.
16. Children's Privacy
Our services are not directed at or intended for children under the age of 16. We do not knowingly collect personal data from children under 16.
If you believe that a child under 16 has provided us with personal data, please contact us immediately at tommos.notion@gmail.com and we will take steps to delete that information.
17. Third-Party Sites and Services
Our Website may contain links to external websites or embed third-party services. We are not responsible for the privacy practices, content, or security of these third-party sites. We encourage you to review the privacy policies of any third-party services before providing your personal data.
Notion Platform
Our digital templates and tools are designed for use within the Notion platform, operated by Notion Labs, Inc. When you use our templates within Notion, your data is also processed by Notion under its own privacy practices and terms. This includes data stored in Notion workspaces and, where AI features are enabled, processing by Notion's AI sub-processors (such as Anthropic and OpenAI). Notion and its AI sub-processors do not use your data to train models by default.
We are not the data controller for any processing carried out by Notion on its platform. We encourage you to review:
18. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available on this page, with the "Last Updated" date revised accordingly. Where changes are significant, we will make reasonable efforts to notify you (for example, by email or a prominent notice on the Website).
19. Complaints
If you have any concerns about how we handle your personal data, please contact us first at tommos.notion@gmail.com. We will do our best to resolve your concern.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk
20. Contact Us
For any questions about this Privacy Policy or our data practices, please contact:
Stuart Thompson trading as LifeACE
Flat A Lammas Gate, 84a Meadrow, Godalming, Surrey, GU7 3HT
Made with Bullet