Last updated: 7 June 2026
This Privacy Policy explains how Unhidden Legacies handles personal information on unhiddenlegacies.com, including the main Joomla site and any related archive access at archive.unhiddenlegacies.com or unhiddenlegacies.com/archive.
The site is operated by D. M. Ashford, publishing under the author imprint Ashridge Press.
Contact:
No postal address is currently published.
This Privacy Policy is provided as a transparency notice for readers and registered users. It is intended to explain what information is collected, why it is used, where it may be processed, how long it may be kept, and how users can request access, correction, or deletion. Depending on the site’s activities, the user’s location, and applicable law, different privacy laws may apply.
1. Summary
The site is intended to follow a no-tracking approach.
The site does not currently use analytics, advertising pixels, affiliate tracking, social widgets, behavioural profiling, or advertising cookies.
The site does not sell, trade, or rent personal information.
Personal information is collected mainly when a user creates an account, verifies an email address, logs in, requests archive access, contacts the site, submits private feedback, subscribes to a future newsletter, or makes a future purchase through a third-party payment provider.
2. Information collected
The site may collect the following information.
For account registration and archive access, the site may collect or process:
display name or account name;
username;
email address;
password hash, handled through Joomla’s authentication system and not directly visible to the site operator;
email verification status;
manual approval status;
registered-reader or archive access status;
account activity status;
age or parent/guardian confirmation checkbox result, if enabled;
login/session data needed to keep users logged in and operate registered-reader access.
For contact forms, if introduced:
name;
email address;
subject;
message content.
For reader feedback, if submitted:
the feedback itself;
contact details included with the feedback;
whether the reader is interested in being contacted about beta or early-access reading opportunities.
For newsletters, if introduced:
email address;
subscription status;
unsubscribe status;
possibly name or display name if collected.
For future paid products:
transaction information needed to process or record the purchase;
invoice or receipt details;
payment status.
Payment card details are not intended to be stored directly by the site operator. Payments are expected to be handled by providers such as PayPal or possibly Stripe.
For technical operation, security, and abuse prevention, the site, host, CMS, email systems, or security systems may process:
IP addresses;
device and browser information;
timestamps;
requested URLs;
login/session records;
error logs;
security records;
server log entries;
email delivery or account-notification records.
The site operator does not intentionally use analytics or behavioural tracking. However, technical logs may still be created by Joomla, the web host, server software, email systems, or installed components.
3. How information is collected
Information may be collected when you:
create an account;
verify your email address;
log in or tick “Remember me”;
edit your account details;
send an email;
submit a future contact form;
submit private feedback;
subscribe to a future newsletter;
make a future purchase;
interact with the site in a way that creates standard hosting/server logs.
4. Why information is used
Personal information may be used to:
create and manage user accounts;
verify email addresses;
review and manually approve registered-reader access;
control access to archive and registered-reader material;
operate login sessions and account features;
respond to messages;
receive and review private reader feedback;
contact users who opt in to beta or early-access reading opportunities;
send future opt-in newsletters;
send account-related emails, such as verification, password reset, and user-prompted account notices;
process future payments, invoices, or receipts;
prevent spam, misuse, unauthorised access, scraping, or abuse;
maintain site security;
maintain backups and restore the site if needed;
administer the site and troubleshoot technical issues;
comply with legal obligations if required.
5. No tracking, analytics, or advertising cookies
The site currently does not use analytics services, advertising cookies, tracking pixels, affiliate tracking, social widgets, behavioural profiling, or advertising networks.
If this changes, this Privacy Policy should be updated before the relevant tools are introduced.
6. Cookies
The site may use cookies necessary for Joomla login sessions and account functionality.
If a user ticks “Remember me” when logging in, a persistent login cookie may be stored so the user can remain logged in.
These cookies are used for site functionality and account access, not advertising or behavioural tracking.
Users can control cookies through their browser settings, but disabling necessary cookies may prevent login or registered-reader access from working properly.
7. Contact form and email messages
A contact form is planned but not currently active.
If introduced, it is expected to collect name, email address, subject, and message.
Submissions are intended to be sent by email only and not stored in Joomla.
8. Newsletter
A newsletter is planned but not currently active.
If introduced, it is expected to be opt-in only, likely using Joomla’s mass-mailing functionality or another service still to be confirmed.
Subscribers will be able to unsubscribe.
Newsletter data will be used to send author updates, fiction updates, release news, archive updates, beta/early-access invitations, and related communications.
9. Payments and purchases
There are currently no paid products sold directly on the site.
Future payments may be handled by PayPal and possibly Stripe. Amazon-hosted content may be advertised, but purchases through Amazon would be handled by Amazon.
The site operator does not intend to store full payment card details.
Payment providers may collect and process personal information according to their own privacy policies.
The site may retain purchase records, invoices, receipts, and transaction confirmations where needed for accounting, support, tax, fraud prevention, or legal purposes.
10. Third-party services
Current known third-party service:
Orange Website, the web host, with the server physically hosted in Iceland.
Current known CMS/software:
Joomla for the main site;
possible separate Grav archive, currently private.
Currently not used:
Cloudflare;
CDN/proxy/security layer;
analytics;
advertising networks;
Google reCAPTCHA;
hCaptcha;
anti-spam services;
social embeds;
Amazon affiliate links;
Patreon/Ko-fi widgets;
external gallery services.
Possible future services:
hCaptcha, if spam becomes an issue;
PayPal and/or Stripe for payments;
Amazon for externally hosted book/product pages;
Joomla mass mailing or another newsletter provider.
11. Overseas hosting and international access
The site is hosted by Orange Website on servers physically located in Iceland.
The site is operated from Western Australia, Australia, and may be accessed internationally.
Email, domain, backup, payment, anti-spam, newsletter, or security providers may process data in other countries. Those providers and countries will be added to this policy once verified or introduced.
Future third-party providers such as PayPal, Stripe, Amazon, hCaptcha, or newsletter services may process data according to their own privacy policies.
12. User-submitted feedback
Reader feedback is planned to be collected privately, likely through the contact form.
Feedback may be used to understand reader reactions, improve the work, identify errors, consider revisions, or decide whether to contact a reader about beta or early-access opportunities.
Testimonials or reader quotations will only be used with permission.
Feedback will not be publicly posted unless a separate public comment/review feature is introduced and the user submits content for that purpose.
If an account is deleted, associated private feedback is intended to be deleted.
13. Age and guardian confirmation
The site is not directed to children. Archive access is intended for readers aged 16 or older, or younger readers only where a parent or guardian has reviewed the site and given permission.
If an age or parent/guardian confirmation checkbox is enabled, the site may store the result of that confirmation for access-control and compliance-record purposes.
If the site operator becomes aware that an account has been created contrary to the Terms of Use, the account may be deleted.
14. Data retention
Account data may be kept while the account remains active.
Inactive accounts may be reviewed after 12 months from the last active date and may be deleted.
Users may request account deletion by contacting
Contact and private feedback messages are retained for 12 months unless they are needed longer for site administration, beta-reader records, legal issues, dispute handling, abuse prevention, or the user asks for earlier deletion.
Server, security, error, and email delivery logs may be created automatically by the site, hosting environment, CMS, server software, or email systems. These logs are used for site operation, troubleshooting, security, abuse prevention, and account-related communications.
Retention periods for these technical logs may vary depending on the relevant system or provider. This Privacy Policy will be updated if more specific retention information becomes available.
Backups are planned for both the Joomla site and the archive. Deleted information may remain in backups until those backups expire, rotate, or are overwritten.
15. Access, correction, and deletion requests
Users may request access to, correction of, or deletion of their personal information by contacting:
The site operator may take reasonable steps to verify the requester’s identity before acting on a request.
Users can edit their own account details where Joomla allows this.
Account deletion requests are currently handled by the site administrator.
Deleting an account may not immediately remove information from server logs, security records, legal records, email records, or backup copies. Backup copies are deleted or overwritten according to the applicable backup rotation schedule.
Private feedback associated with an account is intended to be deleted when the related account is deleted, unless it has been anonymised, is needed for legal/security reasons, or the user has separately given permission for it to be retained or quoted.
16. Security
The site uses Joomla’s built-in registration and login system.
The site operator takes reasonable steps to protect account and site information, but no website can guarantee complete security.
Users should use strong passwords and keep login details private.
If a security issue is discovered, the site operator may suspend access, reset accounts, disable features, or take other steps needed to protect the site and users.
17. Disclosure of information
Personal information may be disclosed where necessary to:
operate the site through hosting providers;
send email or account messages;
process future payments through third-party providers;
respond to user requests;
investigate misuse, spam, or security issues;
comply with legal obligations;
protect the rights, safety, or integrity of the site, users, or the author.
The site operator does not sell, trade, or rent personal information.
18. Changes to this Privacy Policy
This Privacy Policy may be updated when the site changes, especially if contact forms, newsletters, paid products, hCaptcha, comments/reviews, analytics, galleries, email delivery services, or other third-party integrations are introduced.
The “Last updated” date will be changed when the policy is updated.