Privacy Policy
A plain-English explanation of what personal information SandeepJaryal.com collects, why, and how it is looked after.
Last updated: 16 July 2026
About this policy
This policy explains how personal information is handled when you use SandeepJaryal.com, buy a book directly through the website, get in touch through the contact form or otherwise correspond with us about the site.
The website is operated in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR) where applicable.
The aim of this page is to be genuinely useful — transparent about what happens with your information and easy to understand without a legal background.
Who is responsible for your information
The data controller for this website is ScyberX Limited, the company through which Sandeep Jaryal operates sandeepjaryal.com.
- Company number
- 12150281
- Registered office
- Lps Livingstone, Wenzel House, Olds Approach, Watford, England, WD18 9AB
- Privacy contact
- hello@sandeepjaryal.com
- Book-order support
- books@sandeepjaryal.com
What we collect
We only ask for what we genuinely need. In practice that means:
When you use the contact form
- Your name and email address
- Your organisation, if you choose to share it
- The topic you select and the message you write
- A short technical record of your submission — the date and time, a truncated browser identifier, and a one-way cryptographic fingerprint of your IP address, used to keep the form free of spam and abuse
- Confirmation that the internal notification and the reply acknowledgement were sent
Your raw IP address is not kept. Only an irreversible fingerprint is stored, and only for as long as it is needed to keep the form working properly.
When you buy a book
- Your name and email address
- The telephone number and delivery address you provide
- The book, the amount paid and the payment status
- Stripe’s reference identifiers, which help us reconcile, support and refund the order
- A record of the receipt sent to you and the internal notification sent to us
Payment card details are entered directly into Stripe’s own secure fields. They are never seen or stored by this website.
When you sign up to the newsletter
- Your email address
- Where and when you gave consent
- Any later unsubscribe, bounce, complaint or suppression record
When you simply visit the website
- Standard request information created by our hosting providers — such as IP address, browser identifier and timestamp — used for security and reliability
- A small number of cookies and similar technologies needed for the website and payment pages to work (see section 8)
- Whatever third parties you actively engage with need — for example, playing an embedded YouTube video or opening the Stripe payment window
This site does not use its own analytics, advertising pixels or cross-site tracking. If that ever changes, this page will be updated first.
Why we use it, and on what basis
| What we do | Our lawful basis |
|---|---|
| Reply to your enquiry and manage the conversation that follows | Legitimate interests — responding to people who write to us. Where the conversation is about a possible engagement, steps taken at your request before entering a contract may also apply. |
| Take payment for a book, dispatch it, and send you the order confirmations | Performance of a contract with you, or steps taken at your request before entering a contract. |
| Keep the financial, tax and accounting records associated with book sales | Legal obligation. |
| Protect the website against spam, fraud and abuse and keep it secure and available | Legitimate interests — keeping the site usable and safe. |
| Send the newsletter, if you have opted in | Your consent. You can withdraw it at any time. |
| Run the small number of cookies and payment technologies the site needs to work | Strictly necessary under PECR, together with our legitimate interest in running the website. |
Book orders and Stripe
Book payments are handled by Stripe. When you buy a book, your card details go directly into Stripe’s secure payment fields — this website never sees or stores them.
Stripe passes back what we need to complete and support your order: your name, email, telephone number and delivery address, the amount paid, the payment status and Stripe’s own reference numbers. We use that information to prepare and dispatch your order, send the receipt, handle any refunds or queries, and keep the accounting records the law requires us to keep.
Stripe is also a controller in its own right for its fraud-prevention and regulatory obligations. Its privacy notice is at stripe.com/privacy.
Contact enquiries
When you use the contact form, your message is delivered to us and stored so we can respond and follow up properly. You will also receive a short acknowledgement so you know it has arrived.
A few quiet protections run in the background to keep the form usable — including limits on how often the same address or connection can send messages. They are there to prevent abuse, not to identify individuals.
You are always welcome to write directly to hello@sandeepjaryal.com instead of using the form.
Newsletter and communications
The newsletter is entirely optional. You do not need to subscribe in order to buy a book or send an enquiry, and the newsletter box at checkout is off by default.
Order confirmations, dispatch notes and replies to enquiries are separate from marketing. We send those so we can actually run the transaction or answer your question — whether or not you have subscribed.
You can unsubscribe from the newsletter at any time using the link in any newsletter email, or by writing to hello@sandeepjaryal.com. After you unsubscribe we keep a small suppression record so you are not accidentally contacted again.
Cookies and similar technologies
The website uses only strictly necessary cookies and similar technologies. There are no advertising cookies, no analytics cookies, no behavioural profiling and no cross-site tracking. Fonts are served from this website's own origin, so no request is made to Google Fonts.
The hosting platform (Lovable) may set a short-lived cookie named __dpl used to support deployment routing and delivery of the website. Stripe's payment and fraud-prevention technologies load only after you begin checkout on the Buy page. YouTube references are ordinary outbound links; nothing loads from YouTube while you are on this site.
A full inventory, including activation points and durations, is in the Cookie Policy.
Who we share information with
We do not sell personal information. We share it only with the service providers needed to run the website, take payments, deliver books and send emails. The main ones are:
- Stripe — payments for direct book orders. Stripe is loaded only when you begin checkout and, at that point, may involve its own payment-method and fraud-prevention subprocessors (for example, wallet providers such as Apple Pay, Google Pay or Link).
- Lovable — the hosting and application platform the website runs on, including the “Lovable Cloud” backend used to store enquiries, orders, newsletter consent, email logs, suppression records and unsubscribe tokens. Lovable serves the website through the Cloudflare edge network for routing and delivery.
- Our transactional email provider — delivers order receipts, contact acknowledgements, internal notifications and handles unsubscribes from the sending domain notify.sandeepjaryal.com.
- Domain and DNS providers — route the website's domain and email.
- YouTube (Google) — only if you follow an outbound link to a video. No YouTube content is embedded on this website.
- Professional advisers, couriers and fulfilment partners — help us dispatch books and meet accounting, tax and legal obligations.
No analytics or advertising technologies are used. This list will be updated if the providers we rely on change in a material way.
International transfers
Some of the trusted service providers listed above operate internationally, and personal information may sometimes be processed outside the United Kingdom. Where that happens, we rely on the appropriate safeguards required under UK data protection law — such as recognised adequacy decisions or approved contractual protections — together with the technical and organisational measures these providers put in place.
How long we keep information
We keep personal information only for as long as we need it. Records are reviewed periodically and are deleted or anonymised when they are no longer required, except where we are obliged to hold on to them a little longer to meet legal, regulatory or accounting requirements.
As a guide:
- Contact enquiries — kept for up to 24 months after the last meaningful interaction, unless there is a live engagement, dispute or legal reason to keep them longer.
- Anti-abuse records for the contact form — cleaned up regularly and generally not needed beyond 24 hours.
- Book orders, payment and accounting records — kept for six years after the end of the relevant financial year, as required by UK tax and company law, or longer if a dispute or legal obligation makes that necessary.
- Newsletter consent — kept until you unsubscribe or the record is no longer needed to show that consent was given. Inactive subscribers are reviewed from time to time.
- Transactional email delivery logs — kept for the shortest practical period needed to support delivery, troubleshooting and abuse prevention.
- Unsubscribe, bounce and complaint records — kept as long as needed to make sure we don’t contact you again by mistake.
- General security and server logs — kept for a short, proportionate period by the hosting and platform providers under their own policies.
Some of the retention windows above are enforced manually today. Automating them is a planned improvement.
How we look after your information
We take proportionate technical and organisational steps to protect personal information — including encryption in transit, tight access controls on the backend, one-way fingerprinting of IP addresses in the contact workflow, database rules that prevent public access to enquiries and orders, and reliance on specialist providers such as Stripe for card data.
No online service can be guaranteed to be perfectly secure, so we don’t promise absolute security. If you ever think something may have gone wrong with your information, please tell us.
Your rights
Under UK data protection law you have a number of rights over your personal information. Depending on the situation, these include:
- the right to be informed about how your data is used;
- the right to a copy of your personal data;
- the right to have inaccurate data corrected;
- the right to have data deleted in certain circumstances (the “right to be forgotten”);
- the right to restrict how we use it;
- the right to object to certain uses, including direct marketing;
- the right to data portability, where it applies; and
- rights around automated decision-making. We don’t make automated decisions that have a significant effect on you.
To exercise any of these rights, please write to hello@sandeepjaryal.com. We may need to confirm your identity before replying.
If something isn’t right
If you are unhappy with how your personal information has been handled, please tell us first — write to hello@sandeepjaryal.com and we will do our best to put it right.
You also have the right to complain to the UK Information Commissioner’s Office. Current guidance and contact details are at ico.org.uk/make-a-complaint.
Changes to this policy
This policy may be updated from time to time to reflect changes in how the website works, the services we rely on, or the law. The “last updated” date at the top of the page always shows when it was most recently revised, and material changes will be highlighted here.