Last updated: May 25, 2018

Who I am

Moonsteam Design is run by me, Sara. It’s just me, a one-woman show. I do not have any employees or assistants or helpers.

What personal data I collect and why I collect it

Contact forms

Information collected via contact forms is used only by me to communicate with you regarding your inquiries. No one else receives this information.


When you sign up for my mailing list, your name and email are kept by my mailing list provider, Mailerlite, for the purpose of sending newsletters via email.


I use Google Analytics to track anonymous usage data. Information is collected through the use of cookies and is used only to analyze site performance, and this gives me information on page views and site traffic (but NOT anything about who you are or any kind of personal information of any kind).


While you visit the site, it will track:

  • Products you’ve viewed: this is used to, for example, show you products you’ve recently viewed
  • Location, IP address and browser type: used for purposes like estimating taxes and shipping
  • Shipping address: needed to estimate shipping before you place an order and then to be able to send you the order

This site also use cookies to keep track of cart contents while you’re browsing.

When you purchase something, you are asked to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. I will use this information for purposes such as:

  • Send you information about your account and order
  • Respond to your requests
  • Process payments and prevent fraud
  • Set up your account for the store
  • Comply with any legal obligations, such as calculating taxes
  • Improve store offerings

If you create an account, I will store your name, address, email and phone number, which will be used to populate the checkout for future orders.


I accept shop payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information.

Please see the PayPal Privacy Policy for more details.


I embed Youtube videos in some blog posts, videos that I create and store on the Youtube site. Youtube uses cookies: to track what you have seen in order to recommend related videos, to estimate your bandwidth and thus deliver videos at the relevant speed, and to track mobile users’ geographical location (to comply with local laws).

iThemes Security

The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 14 days.


Cookies are used by various plugins on my site in order to give me information about website visitors (analytics), to keep track of cookie consent/denial, to monitor shop information, and used by various social media sites when I embed content from them (ex: Youtube videos).

See my Cookie Policy and a list of all cookies currently used by my site here.

You may opt out of cookies when you visit via the banner at the bottom of the page, and you may withdraw your consent from cookies on my Cookie Policy page (linked in the line above).

You can also clear your browser cache of all data (many cookies only last for a “session,” i.e. the duration of your visit).

Who I share your data with

I do not share names or email addresses sent via contact forms with any other party.

If you sign up for my mailling list, Mailerlite will have your name and email address.

Google Analytics only retains info about visitors, pages viewed, etc. GA does not collect any info that could identify you personally (but they collect data around the web in various forms and aggregate it, so see further info below to manage that data).

Information collected by my shopping cart, Woocommerce, is seen by me, by my payment processor Paypal, and by order fulfillment service Printful in order to fulfill and manage orders. Woocommerce does not collect any data from me (I have opted out of their data collection).

Data collected by social media companies, such as that from embedded Youtube videos, becomes part of the data that Google collects; see the note below about managing your Google data.

WordPress itself does not share any data with anyone.

This site is scanned for potential malware and vulnerabilities by Sucuri’s SiteCheck via iThemes Security. I do not send personal information to Sucuri; however, Sucuri could find personal information posted publicly (such as in comments) during their scan. For more details, please see Sucuri’s privacy policy.

How long I retain your data


My newsletter service will retain your name and email until you ask me to have you “forgotten,” which takes 30 days to happen. Email me directly (you can use my contact form) and ask me to “forget” you from the mailing list. When I remove you, I am able to competely remove your data. From Mailerlite: “When you use the Delete function in the subscriber section of MailerLite, the information is not entirely removed. The reason for this is simple. If that person later resubscribes, his or her history is still there so you don’t have to rebuild their profile. … MailerLite created a new feature called Forget that completely wipes a person’s data from our system. This function was built specifically for GDPR compliance of the right to be forgotten. … When you choose the option, Forget, the subscriber’s data will be completely removed. Everything will be permanently deleted including reports, clicks, profile data, etc.” Once initiated, data is entirely gone within 30 days.

Google Analytics

Google Analytics keeps data on site traffic up to 14 months, the shortest retention period available (but remember, site stats do not have any info about who you are personally). While my site does not give Google any personal info about you, other websites might have at some point…you can find out more & use tools to manage your Google data here:


I generally store information about you/your order(s) for as long as I need the information for the purposes for which I collect and use it, and I am not legally required to continue to keep it. For example, I will store order information for 5 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.

iThemes Security

Security logs are retained for 14 days.

How your data is protected

I use the plugin Wordfence to keep my site and data secure. I also use two-factor authentication for my domain and hosting.

While I do not personally keep any data on any visitors, some plugins that I use do keep data. These plugins are all GDPR-compliant (or about to be), and have provided detailed privacy information:

What data breach procedures I have in place

If my mailing list is ever compromised, I will notify every subscriber and let them know what data was breached, to the best of my knowledge.

Changes to This Privacy Policy

I may update my privacy policy from time to time. Thus, I advise you to review this page periodically for any changes. I will notify you of any changes by posting the new privacy policy on this page. These changes are effective immediately, after they are posted on this page.

Contact Me

If you have any questions or suggestions about my privacy policy, do not hesitate to contact me via the contact page.