Privacy Policy

Last Updated: February 2026
Effective Date: January 2026

This Privacy Policy describes how Work of H (“we,” “us,” or “our”), collects, uses, discloses, and protects your personal information when you visit workofh.com (the “Site”), use our services, purchase digital goods, or interact with our content. Please read this policy carefully.

By using the Site, you acknowledge that you have read and understood this Privacy Policy.

Who we are

Work of H is an is a collection of works created by Heidi H. This website also showcases all the services that we offer, as well as Intellectual property available to license or physical derivatives for sale. We use Stripe and Helcim as our payment providers. This studio is based on Toronto, Canada.

Our website address is: https://workofh.com.

Information we collect

We collect information you provide directly, information generated automatically when you use the Site, and information from third-party service providers.

Information You Provide Directly

  • Name and email address when you register for an account, leave a comment, or contact us.
  • Content of comments or messages you submit on the Site.
  • Newsletter subscription preferences and communication opt-ins.
  • License and purchase details (name, email, and billing address) when you purchase a service or digital good.
    Note: We do not collect, process, or store your payment card details. All payment information is collected and securely processed by our third-party payment processors, Stripe and/or Helcim.

Information Collected Automatically

  • IP address and approximate geographic location (derived from IP).
  • Browser type, operating system, and device information.
  • Pages visited, time spent on pages, referring URLs, and clickstream data.
  • Cookies, pixel tags, and similar tracking technologies
  • Information We Do NOT Collect
  • Payment card numbers, CVV codes, or full banking details.
    These are handled exclusively by Stripe and/or Helcim on their secure servers.
  • Sensitive personal information such as government ID numbers, health data, or biometric data.

How we use your information

We use the information we collect for the following purposes:

Account Management: To create and manage your account, authenticate your identity, and provide access to member-only features and purchased digital goods (through your “My Account” page).

Service Delivery: To process orders for services and digital goods, issue licenses, and send transactional communications such as Order receipts, and delivery confirmations.

Comments and Community: To display your comments on the Site and moderate user-generated content.

Marketing and Newsletter: To send you newsletters, updates, and promotional content if you have opted in. You may opt out at any time

Analytics and Improvement: To understand how visitors use the Site, diagnose technical issues, and improve our content and services.

Legal Compliance: To comply with applicable laws, respond to lawful requests from authorities, enforce our Terms of Service, and protect our rights and the rights of others.

Security: To detect, prevent, and respond to fraud, abuse, or other harmful activity.

We do not sell your personal information to third parties. We do not use your personal information for automated decision-making or profiling that produces legal or similarly significant effects without your explicit consent.

Legal Basis for Processing (GDPR / UK GDPR)

If you are located in the European Union or the United Kingdom, we process your personal data under the following legal bases:

  • Contractual Necessity: Processing required to fulfill a purchase, deliver a service, issue a digital license, or manage your account (Art. 6(1)(b)).
  • Legitimate Interests: Analytics, site security, fraud prevention, and improving the Site, where our interests are not overridden by your rights (Art. 6(1)(f)).
  • Consent: Newsletter subscriptions and any non-essential cookies or tracking technologies. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal (Art. 6(1)(a)).
  • Legal Obligation: Where processing is necessary to comply with a legal obligation to which we are subject (Art. 6(1)(c)).

Third-Party Service Providers

We share information with trusted third-party providers solely to operate and improve the Site. These providers are contractually required to protect your data and may not use it for their own purposes.

Payment Processing

We offer Interac for Canadian customers as a form of direct payment.

Stripe, Inc. and/or Helcim Inc. process all payment card transactions on our behalf. When you make a purchase, your payment details are entered directly into their secure payment interfaces and transmitted to their servers. We receive only a transaction confirmation and limited non-sensitive billing details (e.g., name, email, last four digits of a card, billing postal code).

Stripe Privacy Policy: https://stripe.com/privacy

Helcim Privacy Policy: https://www.helcim.com/legal/privacy-policy/

Interac Privacy Policy: https://www.interac.ca/en/privacy-policy/

Analytics

We may use analytics tools (e.g., Google Analytics, Brevo CRM) to collect aggregated data about Site usage via cookies and tracking technologies. These tools may process your IP address and usage data in accordance with their own privacy policies.

Google Analytics Privacy Policy: https://policies.google.com/privacy

Brevo CRM Privacy Policy: https://www.brevo.com/legal/privacypolicy/

Email and Newsletter Services

Newsletter and transactional emails are delivered through a third-party email service provider provided by Brevo. Your name and email address are shared with this provider solely to send communications you have requested or that are necessary for your account.

Brevo CRM Privacy Policy: https://www.brevo.com/legal/privacypolicy/

Hosting and Infrastructure

The Site is hosted on Netcup. Certain technical data, including IP addresses and server logs, may be stored by our hosting provider as part of normal infrastructure operation.

Other Disclosures

We may disclose your information if required by law, court order, or governmental authority, or to protect the safety, rights, or property of ourselves or others.

Digital Goods and Licensing

When you purchase a digital product or license from us, we collect and retain the following information to administer your license and fulfill our contractual obligations: – Name and email address associated with the purchase.

  • The product(s) licensed and applicable license terms.
  • Date of purchase and license duration or scope.
  • Transaction reference ID provided by our payment processor.
    This information is retained for as long as your license is active and for a reasonable period thereafter for legal, accounting, and support purposes. We do not share your license information with third parties except as required by law or to enforce license terms.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this policy, or as required by applicable law.

  • Account data is retained for the duration of your account
  • Purchase and license records are retained for 7 years to comply with financial and tax record-keeping obligations.
  • Comment data is retained for as long as the comment remains published. Deleted comments may be retained in backups for up to 90 days.
  • Newsletter subscription data is retained until you unsubscribe, after which we retain a record of your opt-out to prevent future contact.
  • Analytics data is retained in aggregated or anonymized form. When data is no longer required, we securely delete or anonymize it.

Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Site and understand how it is used. Cookies are small text files stored on your device.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. When you log out, the login cookies will be removed.

Types of cookies we use:

  • Strictly Necessary: Required for the Site to function (e.g., session authentication, account login). These cannot be disabled.
  • Analytics/Performance: Help us understand visitor behaviour in aggregate (e.g., page views, traffic sources). These are only set with your consent where required by law.
  • Functional: Remember your preferences (e.g., language, display settings).

You can control or delete cookies through your browser settings. Disabling certain cookies may affect Site functionality. Where required by applicable law (e.g., GDPR, CASL), non-essential cookies are only placed after you provide consent.

Embedded Content from Other Websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Your Rights and Choices

All Users

  • Opt Out of Marketing: You may unsubscribe from our newsletter or marketing emails at any time by clicking the “unsubscribe” link in any email we send, or by contacting us directly. Opting out does not affect transactional emails necessary to your account or purchases.
  • Account Data: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you. You can also request that we erase any personal data we hold about you. This does not include data we are obliged to keep for administrative, legal, or security purposes.
  • Cookie Preferences: You may manage cookie settings through your browser at any time.

EU / UK Users (GDPR / UK GDPR)

You have the right to:

  • Access the personal data we hold about you (Art. 15).
  • Correct inaccurate or incomplete data (Art. 16).
  • Request erasure of your data (“right to be forgotten”) where it is no longer necessary for the purpose it was collected (Art. 17).
  • Restrict processing in certain circumstances (Art. 18).
  • Receive your data in a portable, machine-readable format (Art. 20).
  • Object to processing based on legitimate interests (Art. 21).
  • Withdraw consent at any time where processing is based on consent (Art. 7).
  • Lodge a complaint with your local supervisory authority. In the EU: https://edpb.europa.eu. In the UK, contact the Information Commissioner’s Office (ICO): https://ico.org.uk.

California Users (CCPA / CPRA)

California residents have the right to:

  • Know what personal information we collect, use, or disclose.
  • Delete personal information we have collected, subject to certain exceptions.
  • Correct inaccurate personal information.
  • Opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioural advertising.
  • Non-discrimination for exercising your rights.

To submit a verifiable consumer request, contact us at support@workofh.com with the subject line “California Privacy Rights Request.” We will respond within 45 days as required by law.

Canadian Users (PIPEDA)

Canadian residents have the right to:

  • Access personal information we hold about you and request corrections.
  • Withdraw consent for collection, use, or disclosure of your personal information, subject to legal and contractual restrictions. Note that withdrawal of consent may prevent us from providing certain services.
  • File a complaint with the Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca.

To exercise any of the above rights, please contact us at support@workofh.com. We may need to verify your identity before processing your request and will respond within the timeframe required by applicable law.

Data Security

We implement reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These include:

  • Encrypted data transmission via HTTPS/TLS.
  • Access controls limiting access to personal data.
  • Use of reputable, security-certified payment processors (Stripe is PCI DSS compliant; Helcim is PCI DSS Level 1 certified).

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your rights, we will notify you and relevant authorities as required by applicable law.

Children’s Privacy

The Site is not directed to children under the age of 13 (or 16 in the EU/UK). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information without appropriate consent, please contact us at support@workofh.com and we will delete such information promptly.

International Data Transfers

Your personal information may be transferred to and processed in countries other than your own, including Canada and the United States, where data protection laws may differ from those in your jurisdiction.

For EU/UK users: Where we transfer personal data outside the EEA or UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission. Our payment processors Stripe and Helcim maintain their own data transfer compliance frameworks — please review their respective privacy policies for details.

Links to Third-Party Sites

The Site may contain links to external websites. This Privacy Policy applies only to workofh.com. We are not responsible for the privacy practices of third-party sites and encourage you to review their policies before providing any personal information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. When we make material changes, we will update the “Last Updated” date at the top of this policy and, where appropriate, notify you by email or with a prominent notice on the Site.

Your continued use of the Site after any changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us:

Work of H
Toronto, Canada
Email: support@workofh.com
Website: https://workofh.com

For EU/UK users: if you are unsatisfied with our response, you have the right to lodge a complaint with your national data protection authority.