Privacy Policy

PRIVACY POLICY

Bloodbought — bloodbought.net

Last Updated: May 20, 2026

1. WHO WE ARE

This website, bloodbought.net (“the Website”), is owned and operated by Karen Souter, doing business as Bloodbought (“we,” “us,” or “our”). The Website is built and managed by Effortless Solutions LTD. This Privacy Policy explains what personal information we collect, why we collect it, how we use it, and your rights in relation to that information. By accessing or using this Website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, you must immediately cease all use of the Website.

2. INFORMATION WE COLLECT

We collect the following categories of personal information:

2.1 Information You Provide Directly When you voluntarily submit information through the Website, including but not limited to: your name and email address when using the “Reach Out” contact form; your name, email address, billing address, shipping address, and payment information when making a purchase through our Shop; your name, email address, and account credentials when creating a “My Account” user account; and any other information you choose to include in messages, form submissions, or account profiles.

2.2 Information Collected Automatically When you visit the Website, certain information is collected automatically through cookies and similar technologies, including but not limited to: your IP address, browser type and version, operating system, referring URL, pages visited, time and date of visit, time spent on pages, click patterns, and device identifiers. This information is collected through functional, preference, statistical, and marketing cookies as described in our Cookie Policy.

2.3 Information from Third Parties We may receive information about you from third-party services integrated with the Website, including but not limited to: payment processors (Square), social media platforms (Facebook, YouTube, Instagram), analytics providers, and email service providers. We are NOT responsible for the privacy practices of any third-party service, and you should review their respective privacy policies independently.

3. HOW WE USE YOUR INFORMATION

We use collected information for the following purposes and NO other purposes without your explicit consent: to process and fulfill product orders (ebooks and physical books); to manage your user account; to respond to messages submitted through the contact form; to send transactional communications related to your orders or account (e.g., order confirmations, shipping notifications); to operate, maintain, and improve the Website; to detect, prevent, and address fraud, security issues, or technical problems; to comply with applicable laws, regulations, and legal obligations; and for statistical and analytical purposes to understand how the Website is used.

We will NEVER sell, rent, lease, or trade your personal information to any third party for their own marketing purposes.

4. LEGAL BASIS FOR PROCESSING (PIPEDA COMPLIANCE)

We process personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian privacy legislation. Our legal bases for processing include: your express or implied consent; the necessity of processing for the performance of a contract (e.g., fulfilling an order); and our legitimate interests in operating and improving the Website, provided those interests are not overridden by your privacy rights.

You may withdraw your consent at any time by contacting us through the contact form on the Website. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal and may result in our inability to provide certain services, for which we accept NO liability.

5. COOKIES AND TRACKING TECHNOLOGIES

The Website uses cookies classified into four categories: Functional (always active, strictly necessary for the Website to operate); Preferences (stores user preferences); Statistics (anonymous analytical data); and Marketing (used for advertising and tracking). You may manage your cookie preferences through the consent banner displayed on the Website. For full details, refer to our Cookie Policy at bloodbought.net/cookie-policy-ca. We are NOT responsible for cookies set by third-party services embedded in or linked from the Website.

6. THIRD-PARTY SERVICES AND PAYMENT PROCESSING

The Website integrates with and may transmit your data to the following categories of third-party services: Square (payment processing for book purchases); WordPress and WooCommerce (website platform and e-commerce); Gravatar (user profile images); Facebook, YouTube, and Instagram (social media links and embeds); and analytics and cookie management tools.

ALL payment transactions are processed by Square. We do NOT store, process, or have access to your full credit card numbers, debit card numbers, or banking information. Payment data is handled entirely by Square in accordance with their privacy policy and PCI-DSS compliance standards. We are NOT liable for any data breach, unauthorized access, fraud, or security incident occurring within any third-party service, including but not limited to Square, Facebook, YouTube, Instagram, or any other platform linked to or integrated with this Website. You acknowledge and agree that your use of any third-party service is governed by that service’s own terms and privacy policy, and you release us from any and all claims arising from your use of those services.

7. DATA RETENTION

We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required by applicable law. Specifically: contact form submissions are retained for as long as necessary to respond and for our records; order and transaction data is retained for a minimum of seven (7) years to comply with Canadian tax and financial record-keeping requirements; user account data is retained for as long as your account remains active; cookies and tracking data are retained in accordance with the retention periods specified in our Cookie Policy.

Upon request, we will delete your personal information in accordance with Section 9 of this Privacy Policy, except where retention is required by law or necessary for the establishment, exercise, or defence of legal claims.

8. DATA SECURITY

We implement reasonable technical and organizational measures to protect personal information from unauthorized access, disclosure, alteration, or destruction, including but not limited to SSL/TLS encryption, WordPress security plugins, and secure hosting. HOWEVER, no method of transmission over the Internet or electronic storage is 100% secure. We do NOT warrant or guarantee the absolute security of your personal information and accept NO liability for any unauthorized access, data breach, hacking, malware, or security incident, regardless of the measures in place at the time of the incident. You acknowledge that you transmit personal information to us at your own risk.

9. YOUR RIGHTS

Under PIPEDA and applicable Canadian privacy law, you have the right to: access the personal information we hold about you; request correction of inaccurate personal information; withdraw your consent to the processing of your personal information; request deletion of your personal information (subject to legal retention requirements); and file a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated.

To exercise any of these rights, contact us through the contact form at bloodbought.net/reach-out. We will respond to your request within thirty (30) calendar days. We reserve the right to verify your identity before processing any request and to refuse requests that are vexatious, repetitive, or technically impractical.

10. CHILDREN’S PRIVACY

This Website is not directed at children under the age of thirteen (13). We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take reasonable steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, contact us immediately through the contact form.

11. INTERNATIONAL DATA TRANSFERS

The Website is hosted and operated in Canada. If you access the Website from outside Canada, you acknowledge and consent to the transfer of your personal information to Canada and its processing in accordance with Canadian law. We make NO representations or warranties regarding the adequacy of data protection laws in any jurisdiction outside Canada.

12. EMAIL AND ELECTRONIC COMMUNICATIONS

Any email or electronic communications we send in connection with your orders, account, or inquiries are transactional in nature. We will NOT send unsolicited commercial electronic messages in violation of Canada’s Anti-Spam Legislation (CASL). If we choose to send marketing communications in the future, we will obtain your express consent in compliance with CASL before doing so, and you will have the ability to unsubscribe at any time.

13. USER-GENERATED CONTENT

If you submit comments, testimonials, reviews, or any other content to the Website (including through blog comments on Karen’s Notes), you grant us a non-exclusive, royalty-free, perpetual, irrevocable, worldwide licence to use, display, reproduce, modify, and distribute that content in any medium. You are solely responsible for the content you submit and warrant that it does not violate any third-party rights or applicable laws. We reserve the right to remove any user-generated content at our sole discretion without notice.

14. LINKS TO EXTERNAL WEBSITES

The Website may contain links to external websites, including but not limited to Square payment pages, social media platforms, and other third-party services. We are NOT responsible for the privacy practices, content, security, or availability of any external website. Clicking on a third-party link is done at your own risk, and you should review the privacy policy of any website you visit.

15. LIMITATION OF LIABILITY

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, BLOODBOUGHT, KAREN SOUTER, AND EFFORTLESS SOLUTIONS LTD SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATED TO ANY BREACH OF THIS PRIVACY POLICY, ANY UNAUTHORIZED ACCESS TO OR USE OF YOUR PERSONAL INFORMATION, ANY INTERRUPTION OR CESSATION OF DATA TRANSMISSION, ANY BUGS, VIRUSES, OR SIMILAR HARMFUL CODE TRANSMITTED THROUGH THE WEBSITE, OR ANY ERRORS OR OMISSIONS IN ANY CONTENT. THIS LIMITATION APPLIES WHETHER THE CLAIM IS BASED ON WARRANTY, CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, OR ANY OTHER LEGAL THEORY, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

16. INDEMNIFICATION

You agree to indemnify, defend, and hold harmless Bloodbought, Karen Souter, and Effortless Solutions LTD, and their respective officers, directors, employees, agents, and contractors from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or related to: your use of the Website; your violation of this Privacy Policy; your violation of any applicable law or regulation; or any content you submit to the Website.

17. CHANGES TO THIS PRIVACY POLICY

We reserve the right to update or modify this Privacy Policy at any time without prior notice. The updated policy will be posted on this page with a revised “Last Updated” date. Your continued use of the Website after any changes constitutes your acceptance of the revised Privacy Policy. It is your responsibility to review this Privacy Policy periodically.

18. GOVERNING LAW

This Privacy Policy shall be governed by and construed in accordance with the laws of the Province of Alberta and the applicable federal laws of Canada, without regard to conflict of law principles. Any disputes arising under this Privacy Policy shall be resolved exclusively in the courts of Edmonton, Alberta.

19. SEVERABILITY

If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect.

20. CONTACT

If you have questions or concerns about this Privacy Policy or our data practices, contact us at: bloodbought.net/reach-out