GDPR Compliance
Last updated: March 18, 2026
Overview
The General Data Protection Regulation (GDPR) is a European Union regulation that governs how organisations collect, store, and use personal data of individuals in the EU and EEA. Taciturn Studios LLC is committed to complying with GDPR for all visitors from the European Economic Area.
This page supplements our full Privacy Policy with specific information about your rights under GDPR.
Data Controller
The data controller responsible for your personal data is:
What Personal Data We Collect
We collect the minimum data necessary to operate our services:
- Name and email address — when you create an account or contact us.
- Purchase data — transaction reference and email, processed by Stripe.
- Newsletter subscription — email address, with explicit opt-in consent.
- Analytics data — anonymised page views via Umami (no personal identifiers).
- Advertising cookies — only with your explicit consent via our cookie banner.
Legal Bases for Processing
| Processing Activity | Legal Basis |
|---|---|
| Fulfilling ebook purchases | Contract performance |
| Responding to contact form submissions | Legitimate interests |
| Sending newsletter | Consent (opt-in) |
| Anonymised analytics | Legitimate interests |
| Personalised advertising (AdSense) | Consent (cookie banner) |
| Tax and financial records | Legal obligation |
Your Rights Under GDPR
As an EU/EEA resident, you have the following rights:
- Right of access (Article 15): Request a copy of the personal data we hold about you.
- Right to rectification (Article 16): Request correction of inaccurate or incomplete data.
- Right to erasure (Article 17): Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
- Right to restriction (Article 18): Request that we restrict processing of your data in certain circumstances.
- Right to data portability (Article 20): Receive your data in a structured, machine-readable format.
- Right to object (Article 21): Object to processing based on legitimate interests or for direct marketing.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please use our contact form. We will respond within 30 days. We may ask you to verify your identity before processing the request.
Cookies and Consent
When you first visit our site, a cookie consent banner will appear. You can choose to accept or decline non-essential cookies (advertising and tracking). Your preference is stored locally and can be changed at any time by clearing your browser cookies or using your browser's privacy settings.
If you decline advertising cookies, Google AdSense will serve non-personalised ads only.
International Data Transfers
Some of our third-party service providers (including Google, Stripe, and Amazon) are based in the United States. Data transfers to these providers are covered by Standard Contractual Clauses or other appropriate safeguards as required by GDPR.
Right to Lodge a Complaint
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local data protection authority. In the EU, you can find your national authority at edpb.europa.eu.
Updates to This Page
We may update this GDPR compliance information as our practices evolve or regulations change. Material changes will be reflected in the "Last updated" date above.