H
Second Chances
by HummingBird
Legal

Privacy Policy

Last updated: June 26, 2026

This Privacy Policy describes how Claudia Thomas, trading as Second Chances by HummingBird ("we," "us," "our") collects, uses, and shares personal information when you visit our website or enroll in the Inner Reset course, a one-time-purchase digital self-paced course consisting of five guided modules and a private reflection journal. Claudia Thomas, trading as Second Chances by HummingBird, is the data controller for this information. Personal data is processed in accordance with applicable data-protection laws, including the Barbados Data Protection Act, 2019-29 and, where relevant, UK and EEA data-protection laws.

1. Information We Collect

  • Account information: name, email address, password (stored hashed), and authentication identifiers when you create an account.
  • Course activity: enrollment status, module access, and reflection journal entries you choose to save. Please avoid entering anything in your journal that you do not wish to store online.
  • Support communications: messages you send via our contact form or email.
  • Technical data: IP address, browser type, device identifiers, and basic usage telemetry needed to operate and secure the site.
  • Payment data: billing details are collected and processed directly by Paddle, our merchant of record and payment processor. We receive only the transaction confirmation, order ID, and customer reference required to grant course access.

2. How We Use Your Information

  • To create and maintain your account and provide lifetime access to the course.
  • To deliver course modules and store your private reflection journal. Please avoid entering anything in your journal that you do not wish to store online.
  • To respond to your support requests.
  • To detect, prevent, and address fraud, abuse, or security issues.
  • To meet legal, tax, and accounting obligations.

3. Legal Bases and Applicable Privacy Rights

We process personal data in accordance with applicable data-protection laws, including the Barbados Data Protection Act, 2019-29 and, where relevant, UK and EEA data-protection laws. Processing is based on contract performance (delivering the course), legitimate interests (security, service improvement), consent (where required, e.g., optional marketing), and legal obligations.

4. How We Share Information

  • Paddle.com Market Ltd. — our merchant of record and payment processor. Paddle handles payment processing, billing, invoicing, sales tax, refunds, and chargebacks. See Paddle's privacy policy at paddle.com/legal/privacy.
  • Supabase — provides backend database and authentication infrastructure used to store account, enrollment, and course data securely.
  • Lovable — provides the platform used to build, host, and deploy the website and application infrastructure.
  • Professional advisers (legal, accounting) when reasonably required.
  • Authorities where disclosure is required by law.

We do not sell your personal information.

5. International Transfers

Your information may be processed in countries outside your own. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

6. Data Retention

We retain account and enrollment records for as long as your account is active and as needed to provide lifetime access, support, and to meet tax and legal obligations. Reflection journal entries are retained until you delete them or close your account. You can clear your journal entries at any time within the journal; please avoid entering anything in your journal that you do not wish to store online. Backups are deleted on a rolling schedule.

7. Your Rights

Depending on your location, you may have rights to access, correct, delete, port, restrict, or object to processing of your personal data, and to withdraw consent. To exercise these rights, email islandgems66@gmail.com. We respond within the timeframe required by applicable law. EEA/UK users may also lodge a complaint with their local data-protection authority.

8. Security

We apply reasonable technical and organisational measures, including encryption in transit, access controls, and database row-level security, to protect your information. You are responsible for keeping your login credentials confidential.

9. Cookies

We use strictly necessary cookies and similar technologies for authentication, security, and session management. We do not use third-party advertising cookies.

10. Children

The course is not directed to children under 18, and we do not knowingly collect their data.

11. Changes

We may update this Privacy Policy from time to time. Material changes will be announced on this page with a new "Last updated" date.

12. Contact

Claudia Thomas, trading as Second Chances by HummingBird — islandgems66@gmail.com