← Back§ Privacy & data
Privacy & your data.
Last updated April 2026.
Plain-English version: we collect the bare minimum to run the course, we list every third-party service that ever touches your data, and you can ask us to delete everything at any time and we will.
Who we are
Sell More Books is operated by Robert Prime, trading as MrPrime, registered in the United Kingdom. Contact: hello@publishing.co.uk. For the purposes of UK GDPR, we are the data controller for personal data you submit through this site.
What we collect
- Your email address — to create an account, send magic-link sign-in emails, and contact you about the course.
- Your name — if Lemon Squeezy passes it to us at checkout, or if you provide it.
- Your manuscript or Amazon-page screenshots — the file you upload so the AI exercises can read your actual book. We do not publish, share, or sell this. It is processed by Anthropic on our behalf to extract the canonical book facts and to run each exercise.
- Your exercise inputs and outputs — the notes you paste, the questions you ask, and every answer the AI returns. Saved to your dashboard so you can come back to them.
- Standard server logs — IP, user-agent, time of request. Held by Vercel for a short period for operational and abuse-prevention purposes.
- Payment data — handled entirely by Lemon Squeezy as Merchant of Record. We never see your card details.
Why we hold it (lawful basis)
- Contract — to provide the course you paid for. Covers everything related to delivering the modules, running the exercises, and managing your enrolment.
- Legitimate interest — limited use of server logs for security, abuse prevention, and rough usage analytics.
- Legal obligation — Lemon Squeezy retains transaction and VAT records as required by tax authorities.
Who else processes it
The services below process data on our behalf. Each has its own privacy policy linked. We have data processing agreements in place with these providers.
| Service | What it does | What it sees | Region |
|---|---|---|---|
| Anthropic | Runs the AI exercises and module Q&A on the manuscript, cover, and notes you upload. | Manuscript / Amazon-page screenshots; book metadata extracted from them; the prompts and outputs of every exercise; the questions you ask and the answers returned. | United States |
| Resend | Sends the magic-link sign-in emails from hello@publishing.co.uk. | Your email address; the time and IP of each sign-in request. | United States |
| Vercel | Hosts the website and runs the application code. | Standard server logs (IP, user-agent, request path, response status). No application data is stored on Vercel beyond transient request handling. | United States / global edge |
| Neon | Provides the Postgres database that stores accounts, enrolments, book metadata, and exercise outputs. | Account email, name, enrolment status, book metadata (title, author, genre, summary, chapter list), exercise inputs and outputs. | United States / EU (region depends on project setup) |
| Lemon Squeezy | Handles checkout, payments, VAT collection, and refunds as Merchant of Record. | Your email and billing address at point of purchase; payment method details (held entirely by Lemon Squeezy and its payment processors — never seen by us). | United States |
Some of these providers are based outside the UK. Where data leaves the UK or EEA, transfers are covered by the standard contractual mechanisms each provider publishes in their own DPA.
How long we keep it
- Account & enrolment — for as long as your account is active. If you stop using the course, ask us to delete it (see below) and we will.
- Manuscript file on Anthropic — referenced by an Anthropic-issued file ID. When you delete a book, we instruct Anthropic to delete the underlying file as well.
- Exercise outputs — kept on your dashboard until you ask us to delete them or close your account.
- Server logs — held by Vercel under their own short retention windows.
- Payment records — Lemon Squeezy retains as required by law.
Your rights
Under UK GDPR you have the right to: access the personal data we hold about you; correct it; delete it; restrict or object to its processing; receive a portable copy of it; and complain to the Information Commissioner’s Office (ico.org.uk).
To exercise any of these rights, email hello@publishing.co.uk from the address on your account. We will respond within 30 days. For deletion requests, we will remove your account, your book asset(s), every exercise output and Q&A on file, and instruct Anthropic to delete the manuscript file from their storage.
Cookies
We use one strictly necessary cookie: the session cookie that keeps you signed in after you click your magic-link email. It is httpOnly, sameSite=lax, marked secure in production, and signed with a server-side secret.
We do not use any analytics, advertising, or social-media tracking cookies. If we ever add analytics, we will update this page and present a cookie banner before any non-essential cookie is set.
Security
Sign-in is passwordless via single-use magic links that expire in 24 hours. Sessions expire after 7 days. The database, file storage, and API are protected behind authenticated routes that scope every read to your own user ID. Webhooks are signature-verified using HMAC. Personal-data routes are excluded from search-engine indexing. We take reasonable technical measures consistent with running a one-person UK course business.
If you believe you have found a security issue, email hello@publishing.co.uk with the subject line “Security” and we will respond within 72 hours.
Children
The course is intended for adults publishing books commercially. We do not knowingly collect data from anyone under 18.
Changes to this policy
If we make material changes we will update the “last updated” date at the top and, where the change affects you, email enrolled students before it takes effect.
Questions? Email hello@publishing.co.uk.