The handbook is built to collect as little about you as the product allows.
\nThe Sleep Training Handbook does not run analytics, does not embed third-party tracking pixels, does not use behavioural advertising, does not fingerprint your device, and does not sell your data. There is no account, no password, no profile. This page explains the small amount of information that does pass through the system, who holds it, and what your rights are.
\nTwo parties act as data controllers for different parts of the relationship.
\nPeter Ngo is a UK sole trader operating from C/O DPC Stone House, 55 Stone Road Business Park, Stoke-On-Trent, ST4 6SR. The owner is data controller for the content-licence relationship and for any support correspondence you send to sleeptraininghandbook@gmail.com.
\nLemon Squeezy is the Merchant of Record for the purchase. Your transaction is legally with Lemon Squeezy, not with the owner. Lemon Squeezy is data controller for everything they collect at checkout - your email, name, billing address, country/tax data, and payment details. Lemon Squeezy's privacy notice is at https://lemonsqueezy.com/privacy; any question about the transaction record itself should go there.
\nThis page is about the owner's side of the relationship.
\nIf you write to sleeptraininghandbook@gmail.com, the owner sees your email address and whatever you put in the message. That is the entire set. The owner has no CRM, no marketing list, no behaviour-tracking dashboard, and no database of buyers. The only direct, identifiable record of you on the owner's side is the support thread you start, if any.
\nNo analytics on any page. No third-party scripts. No advertising or remarketing pixels. No fingerprinting. No tracking across other websites. No A/B testing that profiles readers. No use of reader behaviour to train machine-learning models. No newsletter, no marketing list, no automated emails after purchase beyond the receipt and access link Lemon Squeezy sends.
\nIf any of this ever changes, this page will be updated and the change flagged at the top for at least thirty days before it takes effect.
\nThe gated reader sits behind a Cloudflare Worker that issues and checks the access cookie. The Worker logs only the event type (e.g. `order_created`) and the Lemon Squeezy order ID - no buyer email, name, IP, or token contents.
\nCloudflare itself keeps standard request logs (IP, timestamp, page) under their data processing terms, retained for a short period (typically 24 hours to 7 days). The owner does not export or mine these logs. Cloudflare's DPA: https://www.cloudflare.com/cloudflare-customer-dpa/.
\nThe handbook stores a small number of preferences in your browser's local storage (theme, font size, reading progress, the readiness-tally state, and a flag that you've read the safety modal). None is transmitted to the owner, to Lemon Squeezy, or to anyone else. Clearing site data in your browser removes them.
\nThe site sets one cookie: `psh-access`. It is set when you first visit the access link inside your Lemon Squeezy receipt. It contains a signed access token - a short opaque string. It does not contain your email, name, or payment data. Flags: `HttpOnly`, `Secure`, `SameSite=Lax`. Expiry: up to five years, refreshed each visit.
\nThe cookie's only job is to recognise you as a buyer so the gated reader unlocks. It is strictly necessary under UK PECR Regulation 6(4); strictly-necessary cookies don't require prior consent, which is why there is no cookie consent banner.
\nNo analytics cookies. No tracking cookies. No third-party cookies.
\nThe owner relies on two legal bases:
\nNo data is processed for direct marketing, profiling, or automated decision-making.
\nLemon Squeezy stores buyer data per their published privacy notice. Cloudflare delivers the site from its global edge network. Google (Gmail) processes the support inbox. All three publish their UK GDPR / EU GDPR posture and the safeguards they rely on (adequacy decisions, Standard Contractual Clauses).
\nUnder UK GDPR you can ask for: access (a copy of the data the owner holds - in practice, just your support thread), rectification, erasure, restriction, portability, or objection to processing on legitimate-interests grounds.
\nFor transaction data - your receipt, billing address, refund record - direct the request to Lemon Squeezy via their privacy notice.
\nEmail sleeptraininghandbook@gmail.com from the address you wrote in from. The owner responds within thirty days (usually much sooner).
\nSupport email threads: up to two years from the last reply, then deleted. Earlier deletion on request.
\nWorker logs: per Cloudflare defaults (24 hours to 7 days).
\nTransaction record: held by Lemon Squeezy under their retention policy.
\nThe handbook is for parents and caregivers; the buyer is the adult. The owner does not knowingly collect data from children, and nothing on the site is directed at children.
\nSite served only over HTTPS. The access cookie is `HttpOnly` and `Secure`. The Worker verifies Lemon Squeezy webhook signatures before acting on payloads. No source maps published. No personal data in client-side JavaScript or in any URL beyond the time-limited access token in the receipt link.
\nWrite first to sleeptraininghandbook@gmail.com. If unresolved, you can complain to a supervisory authority - UK buyers to the ICO at https://ico.org.uk/make-a-complaint/, EU buyers to their national DPA (list at https://edpb.europa.eu/about-edpb/about-edpb/members_en).
\nMaterial changes will be summarised at the top of the page for at least thirty days. The "last updated" date below moves forward on each change.
\nNothing on this page is medical advice. If something about your child's sleep is worrying you, please speak to your GP, health visitor, or paediatrician first. The full safety note is always reachable.
\nLast updated: 14 May 2026.
","prev":null,"next":null,"up":{"route":"/","title":"The Sleep Training Handbook"},"hubItems":null,"redirectTo":null}