Privacy Policy

Effective date: 2 September 2025
Who we are: Habit Mentors (“we”, “us”, “our”) runs habitmentors.com and the Habit Mentors newsletter.

This policy explains what personal data we collect, why we collect it, how we use and share it, and your choices. It applies to our website, forms (including newsletter sign-up), and related services.

1) Data we collect

Data you provide

  • Newsletter sign-up: email address; optional first name; preferred language; marketing preferences; consent status (time, IP, source page).
  • Messages & replies: content you send us (e.g., feedback, survey responses, support requests).
  • Registered accounts (if enabled): profile details you choose to add.

Data collected automatically

  • Usage & device data: pages viewed, links clicked, scroll depth, approximate location (city/country from IP), device/browser type, referrer and UTM parameters, and IP address (security/anti-fraud).
  • Cookies & similar tech: to operate the site, remember preferences, run security features, and—if you consent—measure performance (see Cookies).

Data from partners

  • Email performance: delivery, opens, link-clicks (to keep the list healthy and content useful).
  • Security/anti-spam: signals from tools like reCAPTCHA or anti-spam services.

We do not intentionally collect special categories of data (e.g., health, beliefs), and we do not knowingly collect data from children (see Children).

2) WordPress-specific sections

Comments & community

When visitors leave comments, we collect the data shown in the comment form, plus the visitor’s IP address and browser user-agent string to help with spam detection (lawful bases: consent to post; legitimate interests in site security).

An anonymised hash of your email may be sent to Gravatar to check if you use it. After approval, your Gravatar profile image may appear next to your comment. See Gravatar’s privacy notice for details.

Comment removal: email [email protected] with the comment URL if you’d like us to remove your own comment.
Retention: comments and moderation metadata are kept until you or we delete them.

Media uploads

If you upload images, avoid embedded location data (EXIF/GPS). Visitors can download and extract location data from images on the site.

Embedded content from other websites

Articles may include embedded content (e.g., videos, social posts, images). Embedded content behaves as if you visited the source site. Those providers may collect data, set cookies, and track interactions under their own privacy policies.

WordPress cookies (convenience & login)

  • Comment convenience: if you leave a comment, you may opt-in to saving your name, email and website in cookies (typically up to 1 year).
  • Login/session (for registered users): a temporary cookie checks if your browser accepts cookies; login cookies (typically 2 days, or 2 weeks if “Remember Me”); screen-options cookies (typically 1 year).
  • Editor cookie (for authorised users): stores a post ID for 1 day when editing/publishing.

See Cookies and similar technologies below for your choices and our Cookie Policy link.

Automated spam detection

We use automated tools (e.g., reCAPTCHA, anti-spam services) that process IP, user-agent, and form content to prevent abuse (legitimate interests in security).

3) Why we use your data (purposes & legal bases)

Under EU/UK GDPR we rely on:

  • Consent – sending the newsletter and other marketing; placing non-essential cookies; running surveys. You can withdraw consent any time (unsubscribe link or [email protected]).
  • Legitimate interests – site security and fraud prevention; understanding and improving content; operating and protecting our services (balanced against your rights).
  • Legal obligations – records we must keep (e.g., proof of consent).
  • Contract – if you purchase something from us, to perform that contract.

Typical uses:

  • Delivering the newsletter you requested and measuring aggregate performance.
  • Responding to messages; managing preferences and language.
  • Running the website, protecting against fraud/spam, and diagnosing issues.
  • Producing anonymised/aggregated insights to improve content.

4) Cookies and similar technologies

We use essential cookies for core functions and security. With your consent, we may use:

  • Analytics/measurement cookies: to understand which pages/issues readers value.
  • Marketing cookies (if/when used): for remarketing or ad measurement.

Your choices: manage preferences via our cookie banner and your browser settings; you can withdraw consent any time.

For details, see our Cookie Policy (types, purposes, lifetimes, providers, how to change settings).

5) Email & newsletter

We use double opt-in. When you subscribe, we store your email, consent timestamp, IP, source (e.g., article form), and language to send tailored issues. Emails include an unsubscribe link. We track delivery, opens and clicks to keep the list healthy and content relevant. You can opt out of marketing at any time.

Sender: we typically send from [email protected] (displayed as “Habit Mentors Team”). Replies go to an actively monitored inbox.

6) Sharing your data (disclosures)

We don’t sell your personal data. We share it only with:

  • Service providers (processors):
    • Email delivery & list management: Brevo (Sendinblue) – manages sign-ups, consent logs, and email sends.
    • Hosting/CDN & infrastructure: our web host and security/CDN providers.
    • Security/anti-spam: e.g., Google reCAPTCHA or similar.
    • Analytics (if enabled): privacy-respecting analytics or GA-style tools.

These providers act on our instructions under data-processing agreements. We may also disclose data if required by law, or to protect our rights, users, or the public.

7) International transfers

Some providers may process data outside your country (e.g., EEA, UK, US). Where required, we use approved safeguards (e.g., EU Standard Contractual Clauses, UK Addendum/IDTA) and supplementary measures as appropriate.

8) Retention

  • Newsletter data: kept while you subscribe and up to 24 months after your last meaningful interaction (or sooner if you ask us to delete it), so we can manage suppression lists and avoid resubscribing you by mistake.
  • Comments & messages: typically 24 months after resolution or removal.
  • Technical/security logs: typically 90-180 days, unless needed longer to investigate issues.

We delete or anonymise data when no longer needed.

9) Your rights & choices

EU/EEA & UK (GDPR/UK GDPR)

You may request: access, correction, erasure, restriction, portability, and to object to certain processing (including direct marketing). Where processing relies on consent, you can withdraw it at any time.

United States (e.g., CA/CPRA; and similar in CO/CT/VA/UT)

You may have rights to know/access, correct, delete, and to opt out of sale or sharing (for cross-context behavioural advertising).
We do not sell personal information and we do not “share” it for cross-context behavioural advertising. If this changes, we will update this policy and provide required opt-outs (including recognising Global Privacy Control (GPC) where required).

How to exercise your rights: Contact us using the contact form on this page with the subject “Privacy Request” and the email you used. We may ask for information to verify your identity. You can always use the unsubscribe link to stop marketing.

10) Children’s privacy

Our site and newsletter are for a general audience but not directed to children. We do not knowingly collect personal data from anyone under 16 (or under 13 in the US). If you believe a child provided data, contact us using the contact form on this page and we’ll delete it.

11) Security

We use reasonable technical and organisational measures to protect personal data (e.g., TLS encryption, access controls, provider due diligence). No system is perfectly secure; if a data incident affects you, we’ll follow applicable laws when notifying you and regulators.

12) Third-party links

We may link to third-party sites. Their privacy practices are their own; please review their policies.

13) Where we send your data

Visitor comments and form submissions may be checked through automated spam-detection and security services, which may process your data in other countries. Where required, we use appropriate transfer safeguards.

14) Service-specific notes

  • Newsletter & consent records: We keep records of consent (email, IP, time, form/language and consent text version) to demonstrate compliance.
  • Email tracking: Delivery, opens and clicks help us improve content and maintain list hygiene. You can unsubscribe at any time.
  • reCAPTCHA notice: Some forms are protected by reCAPTCHA; the Google Privacy Policy and Terms of Service apply.
  • Affiliate links / advertising (if used): Some pages may include affiliate links or ads. If you click an affiliate link and make a purchase, we may earn a commission at no extra cost to you. Partners may use cookies under their own privacy policies—see our Cookie Policy for details.

15) Changes to this policy

We’ll update this policy as our services or laws change. When we make material changes, we’ll post the update here and adjust the effective date.

16) How to contact us or complain

You can contact us using this contact form: