Privacy Policy
Ari Leavesley ("Pushing Squares") Version 2.1 โ Effective 16 May 2026 https://pushingsquares.com
1. Data Controller (Art. 4(7), Art. 13(1)(a))
The controller responsible for the processing of your personal data is:
Ari Leavesley, trading as Pushing Squares United Kingdom (sole trader; no registered company) Privacy contact: ari@pushingsquares.com
Data Protection Officer (Art. 37): None appointed. The scale and nature of processing on this site does not meet the Art. 37(1) thresholds for mandatory DPO designation.
2. Scope
This policy describes how Ari Leavesley processes personal data when you submit a qualm via this site, accept the cookie banner, or otherwise interact with pushingsquares.com. It applies to all data subjects whose personal data is processed in connection with the site.
3. Personal Data Collected (Art. 13(1)(c), Art. 14)
Categories of data subjects
- Qualm submitters
- Website visitors
Categories of personal data
| Category | Specific items |
|---|---|
| Contact data | Email address you enter on the qualm form |
| Submission content | Title and body text you write |
| Uploaded files | Any files or images you attach, and the contents of those files |
| Third-party data inside uploads | Names, faces, addresses, or messages of other people that appear in your screenshots, recordings, or documents (see warning below) |
| Technical data | Salted hash of your IP address (not the raw IP), user-agent string |
| Consent records | Timestamp of consent given, value of the aris_consent cookie |
| Analytics (with consent only) | Anonymous PostHog events and page views. No autocapture, no IP retention, no cross-site identifiers. |
Sources (Art. 14(2)(f))
- Directly from you, via the qualm submission form and cookie banner
- From your browser, in the case of technical data and analytics events
Third-party personal data in uploads. If a file you upload contains other people's personal data, Ari becomes a controller for that data too. Please redact names, faces, addresses, and messages that aren't relevant before uploading. If someone identifiable in an upload contacts Ari directly, their data will be deleted on request regardless of the underlying retention schedule.
Special category data. Please do not upload special category data within the meaning of Art. 9 UK GDPR (health, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, sex life or sexual orientation). If special category data is received unsolicited, it will be deleted on sight and not used for any editorial purpose.
4. Purposes and Legal Bases (Art. 6, Art. 13(1)(c)โ(d))
| # | Purpose | Data categories | Legal basis | Retention |
|---|---|---|---|---|
| 1 | Receive and read your qualm submission | Email, title, body, uploaded files | Consent (Art. 6(1)(a)) | Email, title, body: 12 months from last contact, then deleted. Uploaded files: 30 days after a related post is published, or 12 months from submission, whichever sooner. |
| 2 | Email follow-up (clarifying questions; notify you when a related post goes live) | Email, title, body | Consent (Art. 6(1)(a)) | Same as row 1 |
| 3 | Use qualm content (anonymised / no identifying details) as raw material for public posts | Title, body, uploaded files | Legitimate interests (Art. 6(1)(f)) โ see LIA below | As long as needed for the editorial output; not republished after deletion of the source qualm |
| 4 | Publish a post that names or identifies you | Email, name, any identifying details you agree to | Consent (Art. 6(1)(a)) โ separate, explicit, in writing | For the lifetime of the published post |
| 5 | Detect and block abusive or automated submissions; investigate misuse | Salted IP hash, user-agent string | Legitimate interests (Art. 6(1)(f)) โ see LIA below | 90 days, then deleted |
| 6 | Bot challenge to prevent automated form abuse (Cloudflare Turnstile) | Turnstile token; signals processed by Cloudflare | Legitimate interests (Art. 6(1)(f)) | Processed by Cloudflare per its DPA; not retained by Ari |
| 7 | Admin access control (Cloudflare Access) | Admin identity credentials (not visitor data) | Legitimate interests (Art. 6(1)(f)) | For the duration of admin access |
| 8 | Operate the site (hosting, edge delivery via Vercel) | Standard web request metadata | Legitimate interests (Art. 6(1)(f)) | Per Vercel's processor retention |
| 9 | Anonymous analytics (PostHog) | Anonymous events, page views | Consent (Art. 6(1)(a)) โ only after Accept on cookie banner | PostHog defaults; deletion on request within 30 days |
| 10 | Demonstrate consent under Art. 7(1) | aris_consent cookie value, consent timestamp | Legal obligation (Art. 6(1)(c)) | As long as the related qualm or cookie choice exists |
Withdrawal of consent (Art. 7(3)): You can withdraw consent at any time by emailing ari@pushingsquares.com. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. Withdrawal is processed within 30 days.
Legitimate interests assessments (Art. 6(1)(f))
Row 3 โ Editorial use of qualm content for public posts.
- Interest: Running a useful public knowledge resource that helps others solve the same problems.
- Necessity: Real submissions are the only authentic source of the problems written about; synthetic or aggregated data would not serve the editorial purpose.
- Balancing: No name, email, file contents, or identifying screenshots are published without separate explicit written consent (row 4). Submitter expectations are managed by prominent consent language at point of collection. Minimal risk of harm given that nothing personally identifying ever leaves the editorial filter without a second consent event.
Row 5 โ Spam and abuse prevention.
- Interest: Maintaining the integrity of a public submission form.
- Necessity: Some signal is required to detect repeat abuse; pseudonymised IP (salted hash) is the minimum effective.
- Balancing: IP is hashed, never stored raw. Retained 90 days only. No cross-site identifiers. Low impact on the data subject.
Rows 6โ8 โ Bot challenge, admin gating, hosting.
- Interest: Operating a secure, available site.
- Necessity: Each service performs a function that cannot reasonably be performed without it (bot challenge, admin authentication, hosting).
- Balancing: Each processor operates under an Art. 28 DPA. Data passing through is the minimum needed to perform the function. Low impact on the data subject.
5. Recipients of Personal Data (Art. 13(1)(e), Art. 28)
Personal data is processed on Ari's behalf by the following processors, each under a written data processing agreement that meets the requirements of Art. 28 UK GDPR.
| Recipient | Role | Purpose | Country |
|---|---|---|---|
| Vercel Inc. | Processor (Art. 28) | Hosting and edge delivery; receives the qualm form submission and serves the site | United States |
| Neon Inc. | Processor (Art. 28) | Postgres database; stores submission text | United States (US-East) |
| Cloudflare, Inc. | Processor (Art. 28) | Object storage (R2) for uploaded files; bot challenge (Turnstile); admin access gating (Access) | United States / North America |
| PostHog Inc. | Processor (Art. 28) | Anonymous analytics; loads only after cookie consent | United States |
Personal data is not shared with anyone outside these processors except where required by law or with your explicit prior written permission.
What is not done with your data:
- Submissions are not used to train AI models.
- Data is not sold.
- Data is not used for advertising.
6. International Data Transfers (Chapter V, Art. 44โ49)
All four processors above are based in the United States. Transfers from the UK rely on the UK Extension to the EU-U.S. Data Privacy Framework (the "UK-US Data Bridge") for processors that are certified, supplemented by Standard Contractual Clauses where appropriate.
| Recipient | Country | Mechanism | Verified at |
|---|---|---|---|
| Vercel | United States | UK Extension to the EU-US Data Privacy Framework (DPF-certified) + SCCs as fallback | Vercel DPF compliance |
| Neon | United States | UK Extension to the EU-US Data Privacy Framework (DPF-certified) | Neon DPA & GDPR statement |
| Cloudflare | United States | UK Extension to the EU-US Data Privacy Framework (DPF-certified) + SCCs | Cloudflare and GDPR compliance |
| PostHog | United States | UK Extension to the EU-US Data Privacy Framework (DPF-certified) + SCCs | PostHog DPA |
A transfer impact assessment has been conducted with reference to each processor's published security and disclosure posture. You may request a copy of the safeguards relied on by contacting the address in Section 1.
7. Retention (Art. 5(1)(e), Art. 13(2)(a))
Personal data is retained only for as long as necessary for the purposes described in Section 4. Specific periods are listed in the table in Section 4. Where a basis is consent, you can request earlier deletion at any time and it will be actioned within 30 days.
8. Your Rights (Art. 12โ22, Art. 77)
Subject to the conditions in UK GDPR, you have the following rights:
- Right of access (Art. 15)
- Right to rectification (Art. 16)
- Right to erasure / "right to be forgotten" (Art. 17)
- Right to restriction of processing (Art. 18)
- Right to data portability (Art. 20)
- Right to object (Art. 21)
- Right not to be subject to a solely automated decision (Art. 22)
- Right to withdraw consent at any time (Art. 7(3))
- Right to lodge a complaint with a supervisory authority (Art. 77)
To exercise any of these, email ari@pushingsquares.com. Responses are provided within 30 days.
9. Automated Decision-Making and Profiling (Art. 22)
No solely automated decision-making, including profiling, that produces legal effects or similarly significant effects is carried out.
10. Cookies and Similar Technologies
Only one cookie is set by default: aris_consent, which records your choice on the cookie banner. It lasts one year. This cookie is strictly necessary to operate the consent mechanism and is set without consent under PECR Reg. 6(4).
Anonymous PostHog analytics load only if you click Accept on the cookie banner. PostHog is configured without autocapture, without IP retention, and without cross-site identifiers.
You can change your choice at any time by clearing site cookies in your browser and reloading the page.
11. Changes to This Policy
The version and effective date at the top reflect the latest revision. Material changes will be communicated via a banner at the top of this page for 30 days.
12. Contact and Complaints (Art. 77)
Questions or complaints about this policy: ari@pushingsquares.com.
You also have the right to lodge a complaint with a supervisory authority. The lead supervisory authority for this site is the Information Commissioner's Office (ICO), ico.org.uk.
End of policy โ version 2.1, effective 16 May 2026.