VANULOS
← Back to Vanulos

Privacy Policy

How Vanulos collects, uses, and protects your personal data — in compliance with UK GDPR and EU GDPR.

Effective date: 19 April 2026

1. Who we are

Vanulos is an editorial platform operated by Wellington Silva, an individual creator based in London, United Kingdom. We publish science-backed content on habits, mindset, emotional intelligence, and intentional living across six languages.

For any privacy-related question you can reach us at privacy@vanulos.com. For general enquiries, hello@vanulos.com.

2. What data we collect

We only collect what we genuinely need to provide the service and to keep it safe.

  • Account data: name and email address when you register as a member.
  • Browsing data: pages visited, session duration, browser, device type and approximate location (country/region).
  • Cookies: functional cookies (session, language, theme), analytics cookies (Google Analytics), and advertising cookies (Google AdSense) — only after consent.
  • Preferences: the language and light/dark theme you choose.
  • Contact form data: name, email, subject and message you send through /contact.

3. How we use your data

We use your data for the following purposes:

  • Deliver and improve the editorial experience.
  • Show relevant advertising via Google AdSense (only with consent).
  • Generate aggregated usage statistics via Google Analytics (only with consent).
  • Track affiliate referrals when you click Amazon Associates links.
  • Respond to messages you send via the contact form.
  • Protect the platform against fraud, abuse and spam.

4. Legal basis for processing

Under UK GDPR and EU GDPR, we rely on the following legal bases:

  • Consent — for advertising and analytics cookies. You can withdraw consent at any time.
  • Legitimate interest — for security, fraud prevention, and aggregated analytics that do not identify you.
  • Contract — for data strictly needed to run a registered member account.
  • Legal obligation — for records we must keep by law (accounting, affiliate disclosures).

5. Cookies and tracking technologies

We use the following categories of cookies. The cookie banner on your first visit lets you accept all, reject non-essential, or fine-tune each category.

  • Strictly necessary: session, CSRF protection, language and theme preferences. These cannot be disabled.
  • Analytics — Google Analytics (GA4): measures anonymous usage patterns. Loaded only after consent.
  • Advertising — Google AdSense: shows relevant advertising and measures ad performance. Loaded only after consent.
  • Affiliate — Amazon Associates: tracks referrals to Amazon and may set its own cookies when you click an Amazon link.

6. Sharing with third parties

We do not sell your personal data. We share limited data with trusted processors strictly to deliver the service:

  • Google (Analytics and AdSense) — for analytics and advertising.
  • Amazon — for the Amazon Associates affiliate programme.
  • Resend — for sending transactional emails (verification, password reset, contact replies).
  • Supabase — for secure hosting of member data (EU/UK regions where available).
  • Vercel / Cloudflare — for content delivery and DDoS protection.

7. Your rights

Under UK GDPR and EU GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion ("right to be forgotten").
  • Portability — receive your data in a machine-readable format.
  • Object — object to processing based on legitimate interest.
  • Withdraw consent — at any time, without affecting past lawful processing.
  • Lodge a complaint — with the Information Commissioner's Office (ICO, ico.org.uk).

8. How to exercise your rights

Email privacy@vanulos.com with your request. We respond within 30 days. For security we may ask you to confirm ownership of the email address on file.

9. Data retention

We keep data only as long as we need it:

  • Active member accounts: for as long as the account is active, plus 2 years after closure for legal safeguards.
  • Browsing logs: 90 days.
  • Contact form messages: up to 3 years.
  • Accounting records: 6 years (UK tax law).

10. International transfers

Some processors (e.g. Google) may transfer data outside the UK/EU. In those cases we rely on Standard Contractual Clauses or UK-approved equivalent safeguards.

11. Security

We use industry-standard measures: HTTPS everywhere, encrypted passwords (Argon2id), Row-Level Security on the database, server-side rate-limiting, and regular backups.

12. Children

Vanulos is not directed to children under 13. We do not knowingly collect data from children. If you believe a child has registered, contact privacy@vanulos.com and we will remove the account.

13. Updates to this policy

We may update this policy. Registered members receive an email notification for material changes. The effective date above always reflects the latest version.

14. Supervisory authority

If you are in the UK you can contact the Information Commissioner's Office (ICO): ico.org.uk. If you are in the EU you may contact your local data protection authority.