Privacy Policy

Tools for Being Human (Caelo Labs Limited)  ·  toolsforbeinghuman.co
Effective date: 1 June 2025

1. Introduction

This Privacy Policy explains how Caelo Labs Limited (trading as "Tools for Being Human") ("we", "us", "our") collects, uses, stores, and protects personal data when you visit toolsforbeinghuman.co (the "Website"). It also explains your rights under the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and other applicable privacy laws depending on your location.

We take your privacy seriously and are committed to handling your personal data in a transparent, fair, and lawful manner. Please read this policy carefully. If you have any questions, the contact details at the end of this document.

2. Who We Are (Data Controller)

The Website is operated by Caelo Labs Limited, a company registered in England and Wales, trading as "Tools for Being Human". Caelo Labs Limited is the data controller responsible for your personal data. This means we decide why and how your data is processed.

Legal name: Caelo Labs Limited

Company registration number: 16824275 (registered in England and Wales)

Trading name: Tools for Being Human

Website: toolsforbeinghuman.co

Registered address: [Registered address — England & Wales]

Privacy contact: nick.tolley@toolsforbeinghuman.co

If you are located in the European Union and we process your data under the EU GDPR, you may have the right to contact our EU representative. [Insert EU representative details if applicable, once you have a significant EU user base.]

3. What Personal Data We Collect

We only collect data that is necessary and relevant. Depending on how you interact with the Website, we may collect:

3.1  Contact and Email Data

If you submit a contact form, subscribe to a newsletter, or otherwise reach out to us, we may collect:

  • Your name

  • Your email address

  • The content of your message or enquiry

This data is provided voluntarily by you and is used solely to respond to your enquiry or to send you the communications you have requested.

3.2  Analytics and Usage Data

The Website is built on and hosted by Squarespace. We use Squarespace's built-in site analytics to understand how visitors use the Website. To power these analytics, Squarespace automatically collects the following information when you visit:

  • Information about your browser, network, and device

  • Web pages you visited prior to coming to this Website

  • Your IP address

Squarespace may also collect details about your use of this Website, including:

  • Clicks and internal links followed

  • Pages visited and time spent on each page

  • Scrolling behaviour

  • Searches performed on the Website

  • Timestamps of your visit

We provide this information to Squarespace, our website analytics provider, to learn about site traffic and activity. This data is used solely to improve the Website and is not used to identify you personally. Squarespace acts as a data processor on our behalf and processes this data in accordance with our instructions and their own privacy policy.

3.3  Technical Data

Our web server may automatically record basic technical data when you visit the Website, including:

  • Your IP address (used for security and fraud prevention, then deleted or anonymised)

  • Date and time of your visit

  • HTTP request details (e.g. which page you requested)

4. How We Collect Your Data

We collect personal data through:

  • Contact forms and email enquiries (data you provide directly)

  • Newsletter sign-up forms (data you provide directly)

  • Cookies and analytics scripts loaded when you visit the Website (data collected automatically)

5. Our Lawful Basis for Processing

Under the GDPR, we must have a valid lawful basis for processing your personal data. We rely on the following bases:

  • Consent (Article 6(1)(a)) — for analytics cookies and marketing communications. You may withdraw your consent at any time (see Section 10).

  • Legitimate interests (Article 6(1)(f)) — for processing basic server logs and security-related data, where our interest in operating a secure website does not override your rights and freedoms.

  • Contractual necessity (Article 6(1)(b)) — where processing is necessary to respond to your direct enquiry or fulfil a request you have made.

We will always tell you the specific lawful basis we rely on when it is not apparent from context, and you can ask us for this information at any time.

6. How We Use Your Data

We use your personal data for the following purposes:

  • To respond to your contact form submissions and enquiries

  • To send you newsletters or updates that you have subscribed to

  • To analyse Website traffic and improve the content, performance, and user experience of the Website

  • To detect, prevent, and investigate security incidents or abuse

  • To comply with legal obligations

We will not use your data for automated decision-making or profiling that produces legal or similarly significant effects on you.

7. Cookies and Tracking Technologies

Cookies are small text files placed on your device by a website. We use the following categories of cookies:

7.1  Strictly Necessary Cookies

These cookies are essential for the Website to function and cannot be switched off. They do not require your consent under the GDPR.

7.2  Analytics / Performance Cookies

These cookies are set by Squarespace, our website platform and analytics provider, to count visits and understand how visitors interact with the Website. We only place these cookies with your consent.

Analytics provider:

7.3  Managing Your Cookie Preferences

When you first visit the Website, you will be shown a cookie consent banner (provided by Squarespace) that allows you to accept or decline analytics cookies. You may change your preferences at any time by revisiting the Website and responding to the consent prompt, or by clearing your cookies and reloading the page.

You can also control cookies through your browser settings. Note that disabling cookies may affect the functionality of some parts of the Website. For more information, visit www.aboutcookies.org or www.allaboutcookies.org.

8. Who We Share Your Data With

We do not sell, rent, or trade your personal data. We may share it in the following limited circumstances:

  • Service providers — we use trusted third-party providers to operate the Website. This includes Squarespace, Inc., who host the Website and provide built-in analytics. These providers process data on our behalf under data processing agreements and are only permitted to use your data as instructed by us. Squarespace's privacy policy is available at https://www.squarespace.com/privacy.

  • Legal compliance — if required by law, court order, or a regulatory authority, we may disclose your data to the relevant authorities.

  • Business transfers — in the unlikely event of a merger, acquisition, or asset sale, your data may be transferred to the new entity. We will notify you in advance.

We will never share your data with third parties for their own direct marketing purposes without your explicit consent.

9. International Data Transfers

Some of our third-party service providers (for example, analytics providers) may process your data outside the United Kingdom and the European Economic Area (EEA). Whenever we transfer personal data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission and/or the UK ICO

  • Transfers to countries that have been granted an adequacy decision

You may request details of the specific safeguards we rely on for international transfers by contacting us at the address below.

10. How Long We Keep Your Data

We do not keep your personal data for longer than is necessary for the purposes for which it was collected:

  • Contact and enquiry data — retained for up to 2 years from the date of your enquiry, unless you ask us to delete it earlier or we need to keep it longer for legal reasons.

  • Newsletter subscription data — retained until you unsubscribe.

  • Analytics data — retained in accordance with the analytics provider's retention settings (typically 14 months for Google Analytics aggregated data).

  • Server logs — typically retained for up to 90 days for security purposes, then deleted.

When your data is no longer required, we will securely delete or anonymise it.

11. Your Rights Under the GDPR

If you are located in the UK or the European Union / European Economic Area, you have the following rights in relation to your personal data:

  • Right of access (Article 15) — you may request a copy of the personal data we hold about you.

  • Right to rectification (Article 16) — you may ask us to correct inaccurate or incomplete data.

  • Right to erasure (Article 17) — you may ask us to delete your data in certain circumstances (the "right to be forgotten").

  • Right to restrict processing (Article 18) — you may ask us to pause processing of your data in certain circumstances.

  • Right to data portability (Article 20) — where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, machine-readable format.

  • Right to object (Article 21) — you may object to processing based on our legitimate interests. We will stop unless we have compelling legitimate grounds that override your interests.

  • Right to withdraw consent (Article 7(3)) — where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

  • Rights related to automated decision-making — you have the right not to be subject to solely automated decisions that produce significant effects.

To exercise any of these rights, please contact us at nick.tolley@toolsforbeinghuman.co. We will respond within one calendar month. We may need to verify your identity before actioning your request.

If you believe we have not handled your data correctly, you also have the right to lodge a complaint with your supervisory authority:

  • UK — Information Commissioner's Office (ICO): https://ico.org.uk/make-a-complaint/

  • EU — your local data protection authority. Find yours at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

12. Data Security

We take appropriate technical and organisational measures to protect your personal data against accidental loss, unlawful access, alteration, or disclosure. These include:

  • HTTPS encryption for all data transmitted to and from the Website

  • Access controls limiting who can access personal data internally

  • Regular review of our privacy and security practices

Despite our best efforts, no transmission over the internet is completely secure. If you suspect any unauthorised access to your data, please contact us immediately.

13. Third-Party Links

The Website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to read their privacy policies before providing any personal data.

14. Children's Privacy

The Website is not directed at children under the age of 13 (or 16 in certain EU member states). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. When we do, we will update the effective date at the top of this page. For significant changes, we will provide more prominent notice (for example, a banner on the Website).

We encourage you to review this policy periodically.

16. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or want to make a complaint, please contact us:

Email: nick.tolley@toolsforbeinghuman.co

Post: Caelo Labs Limited (reg. 16824275), [Registered address — England & Wales]

We aim to respond to all requests within 30 days. If your request is complex or you have made multiple requests, we may extend this by a further two months, in which case we will inform you.

17. Additional Information for United States Residents

We currently operate from the United Kingdom and are building toward serving users in the United States. If you are a resident of California, Virginia, Colorado, or another US state with applicable privacy legislation, the following additional rights may apply to you.

California Residents — CCPA / CPRA

Under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), California residents have the right to:

  • Know what personal information we collect, use, disclose, and sell (we do not sell personal information)

  • Delete personal information we hold about you, subject to certain exceptions

  • Correct inaccurate personal information

  • Opt out of the sale or sharing of personal information for cross-context behavioural advertising (we do not sell or share data for this purpose)

  • Limit the use and disclosure of sensitive personal information (we do not collect sensitive personal information as defined by the CPRA)

  • Non-discrimination for exercising your privacy rights

To exercise these rights, please contact us at nick.tolley@toolsforbeinghuman.co. We will verify your identity before fulfilling requests. We do not discriminate against users who exercise their privacy rights.

We do not sell personal data, and we do not share personal data for cross-context behavioural advertising. In the preceding 12 months, we have not sold or shared personal information.

Other US States

As US state privacy law continues to develop, we are committed to honouring equivalent rights to deletion, access, correction, and opt-out as they apply in your state. Please contact us with any privacy requests and we will respond in accordance with applicable law.

18. Additional Information for Australian and New Zealand Residents

Australia — Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)

If you are located in Australia, the Australian Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) may apply to how we handle your personal information. In that context:

  • We collect personal information only by lawful and fair means, and not in an unreasonably intrusive way.

  • Where reasonable and practicable, we collect personal information directly from you.

  • You have the right to access the personal information we hold about you and to request correction of that information.

  • You have the right to complain about a breach of the APPs to us first. If we do not resolve your complaint to your satisfaction, you may escalate to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

To make an access, correction, or complaint request under Australian privacy law, please contact us at nick.tolley@toolsforbeinghuman.co.

New Zealand — Privacy Act 2020

If you are located in New Zealand, the Privacy Act 2020 and the Information Privacy Principles (IPPs) apply to our handling of your personal information. Your rights include:

  • The right to access personal information we hold about you.

  • The right to request correction of your personal information.

  • The right to complain to the Office of the Privacy Commissioner (OPC) at www.privacy.org.nz if you believe we have interfered with your privacy.

This document was generated on 27 May 2026 and should be reviewed by a qualified legal professional before publication.