Told — Privacy Policy

At Told, privacy is fundamental — not a formality. The stories you share with us are among the most personal things a family can entrust to anyone. We treat your data with the same care we bring to your memoir. This policy explains what we collect, why, and what you can do about it.

1. Who We Are

Told Studio is a sole trader operating in Dublin, Ireland. For the purposes of GDPR, we are the data controller for personal data collected through this website and our services.

Contact: hello@told.ie — Dublin, Ireland.

2. What Data We Collect

We collect only what we need to deliver your memoir and communicate with you:

Booking information: Your name, email address, and the name of your memoir subject, collected when you submit the enquiry form.
Payment data: Payment is processed by Stripe. We do not see or store your card number, CVV, or full card details. We receive only a confirmation of payment and a transaction reference.
Session recordings: With your consent, your interview session is recorded for transcription and memoir production. Recordings are stored securely and deleted after your memoir is delivered.
Communications: Emails you send to us and our replies.
Website analytics: If analytics tools are used, we collect anonymised data (page views, device type, referring source) — no personally identifiable information.

3. How We Use Your Data

We use your personal data only for the purposes for which it was collected:

To confirm and manage your booking
To conduct and transcribe your interview session
To produce and deliver your memoir
To send you receipts and service-related communications
To respond to enquiries and support requests

We do not use your data for marketing without your explicit opt-in consent, and we never sell your data to third parties.

4. Our Legal Basis for Processing

Under GDPR, we rely on the following legal bases:

Contract performance: Processing necessary to deliver the service you have purchased.
Legitimate interests: Managing our business, preventing fraud, responding to enquiries.
Consent: For session recording and any optional marketing communications. You may withdraw consent at any time.
Legal obligation: Where we are required to retain data for tax or regulatory purposes (typically 7 years for financial records under Irish law).

5. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights. To exercise any of them, email hello@told.ie — we will respond within 30 days.

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Ask us to correct inaccurate or incomplete data.

Right to Erasure

Ask us to delete your data where there is no compelling reason for us to keep it.

Right to Restrict Processing

Ask us to pause processing your data in certain circumstances.

Right to Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or for direct marketing.

You also have the right to lodge a complaint with the Data Protection Commission (DPC) at dataprotection.ie if you believe we have mishandled your data.

6. Data Sharing & Third Parties

We share your data with a small number of trusted service providers, only to the extent necessary:

Stripe — payment processing. Stripe is PCI-DSS compliant and processes payments under its own privacy policy.
Netlify — website hosting. Our site is hosted on Netlify's infrastructure in the EU/US. Netlify operates under a DPA compliant with GDPR.
Google — fonts and (if used) analytics. Google Fonts may log your IP address when loading fonts.

We do not share memoir content, session recordings, or personal story details with any third party, ever.

7. International Data Transfers

Some of our service providers (Stripe, Netlify) may process data outside the EEA. Where this occurs, we ensure appropriate safeguards are in place — including Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Data Retention

We retain your data only for as long as necessary:

Session recordings: Deleted within 30 days of memoir delivery.
Booking and contact details: Retained for up to 2 years for customer service purposes, then deleted.
Financial records: Retained for 7 years in accordance with Irish Revenue requirements.

9. Security

We take reasonable technical and organisational measures to protect your data — including encrypted connections (HTTPS), secure file storage, and restricted access to personal information. No method of transmission over the internet is 100% secure; we will notify you promptly in the event of any breach affecting your data.

10. Cookies

Our website uses minimal cookies. Essential cookies are used for site functionality. We do not use tracking or advertising cookies. If we introduce analytics cookies in future, we will update this policy and seek your consent where required.

11. Children's Privacy

Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. Memoirs may reference family members of any age, but we only contract with adult clients.

12. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. We will post any changes on this page with a revised "last updated" date. For significant changes, we will notify active clients by email.

13. Contact & Complaints

For any privacy-related questions or to exercise your rights:

Email: hello@told.ie
Told Studio, Dublin, Ireland

If you are not satisfied with our response, you may contact the Data Protection Commission: dataprotection.ie