Privacy Statement

Scope

This Privacy Statement (the “Statement”) describes the processing of personal data by Confused Productions, LLC (the “Company,” “we,” “us,” “our”) in connection with our websites and services, including ConfusedIdealist.com, TheConfusedIdealist.com, ConfusedProductions.com, HeliumHeadspace.com, InkAndOxygen.com, and any pages, content, players, or storefronts we operate or embed thereon (collectively, the “Sites”). This Statement applies to data processed about visitors, customers, account holders, members, patrons, donors/tippers, and other users (collectively, “Users”).

We act as independent controller for the data we collect and determine purposes and means of processing. Certain third parties listed in §8 act as processors on our behalf; others act as independent controllers of their own services. Terms used herein shall be construed in a manner consistent with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act as amended by the CPRA (CPRA), the Colorado Privacy Act (CPA), and materially similar U.S. state privacy statutes, in each case to the extent applicable.

This Statement does not grant rights beyond those provided by applicable law and does not govern processing where we act solely as a processor for another controller.

Categories of Data

We process the following categories of data (“Personal Data”), collected from you directly, automatically via the Sites, and from service providers/partners:

  • Identity & Contact Data: first and last name; email address; usernames/handles you provide to us; shipping or billing address (when you provide it at checkout); phone number if supplied in an order/support context.

  • Account Credentials: hashed authentication credentials for Site accounts (we do not store plaintext passwords).

  • Transaction & Order Data: order identifiers; items purchased; fulfillment status; membership tier/status; donor/tip amount, currency, date/time, processor transaction IDs; refund/chargeback records.

  • Payment Tokens & Processor Metadata: payment method tokens/last4 and related metadata surfaced by processors; we do not store raw payment card numbers or full bank details.

  • Technical & Usage Data: device identifiers; IP address; cookie IDs; approximate location inferred from IP; browser/OS; referring URLs; pages viewed; session timestamps; link clicks; player interactions (play/pause/seek, completion) with our embedded podcast/video players; error and diagnostic logs.

  • Communications & Support: messages you send us (including metadata) via email or forms; support tickets; consent and preference records.

  • User-Generated Content (UGC): content you post to our properties that allow posting (if any), and metadata associated with posts on third‑party communities where we maintain official presences (e.g., Discord, Patreon) when you interact with us there.

  • Inferences: non‑sensitive inferences we derive from the above (e.g., aggregated analytics and fraud‑risk signals). We do not profile for automated decisions producing legal or similarly significant effects.

Sources. We collect data (i) directly from Users; (ii) automatically via cookies, SDKs, and similar technologies; and (iii) from service providers/partners including Squarespace (hosting/commerce/analytics), Printful (fulfillment), payment processors (Stripe, PayPal, Square, Venmo, Patreon), analytics platforms (Squarespace Analytics, Google Analytics, Captivate analytics, Meta analytics), CDN/security (Cloudflare), font services (Google Fonts), and social/media platforms (YouTube, Instagram, X, Facebook Pages, Discord, Patreon, Vimeo).

Purposes of Processing

We process Personal Data for the following purposes and legal bases:

  • Provision of the Sites and Services (account creation, authentication, content access, podcast/video player functionality): Contract (Art. 6(1)(b)); Legitimate Interests in operating secure, performant services (Art. 6(1)(f)).

  • Commerce & Fulfillment (order intake, payment processing via processors, tax and accounting, shipping via Printful, returns, and customer care): Contract; Legal Obligations (tax/records) (Art. 6(1)(c)); Legitimate Interests (fraud prevention; service quality).

  • Memberships/Subscriptions (Squarespace Members Area and Patreon recognition/access): Contract; Legitimate Interests in verifying entitlements; Consent for optional cookies where required.

  • Donations/Tips (receipt issuance, reconciliation, fraud checks): Contract; Legal Obligations; Legitimate Interests.

  • Security & Integrity (logging, incident detection, spam/abuse control, rate limiting, IP‑based safeguards): Legitimate Interests; Legal Obligations.

  • Analytics & Performance Measurement (Site usage metrics, content performance, podcast listen/download statistics via Captivate, YouTube analytics): Legitimate Interests; Consent where required for analytics cookies/SDKs.

  • Compliance & Enforcement (handling rights requests, responding to lawful requests, enforcing Terms): Legal Obligations; Legitimate Interests.

Online Identifiers

We use cookies and similar technologies (including those set by our service providers) for strictly necessary purposes, performance/analytics, and security. Where required by law, the Sites display a banner enabling you to consent, reject, or manage non‑essential cookies. You may also adjust browser settings to block or delete cookies. Blocking certain cookies may impair Site functionality, including login persistence and media playback.

We utilize, among others: Squarespace Analytics, Google Analytics, Captivate analytics, Meta analytics, and the Facebook Pixel (if enabled), as well as embedded players (e.g., YouTube, Captivate) that may set their own cookies when you press play. Cookie durations vary by provider and purpose (typically 30 days to 2 years). See §8 and the providers’ notices for details.

We do not respond to browser Do Not Track signals. Where applicable, we will honor Global Privacy Control (GPC)signals for opt‑out preferences relevant to state privacy laws.

Disclosures

We disclose Personal Data to the following categories of recipients for the purposes described herein:

  • Service Providers/Processors: hosting, commerce, and membership (Squarespace); fulfillment/returns (Printful); payments (Stripe, PayPal, Square, Venmo, Patreon); analytics and measurement (Squarespace Analytics, Google Analytics, Captivate, Meta analytics); CDN and security (Cloudflare); fonts (Google Fonts); email communications (Proton Mail). These parties process data under contracts with confidentiality, security, and use restrictions.

  • Independent Controllers via Embeds/Platforms: YouTube, Instagram, X, Facebook Pages, Patreon, Discord, and Vimeo operate their own services and process Personal Data as independent controllers when you interact with their widgets, players, or pages. Your interactions with those services are governed by their privacy notices and terms.

  • Professional Advisors & Auditors: legal, tax, and accounting advisors, subject to confidentiality.

  • Authorities & Legal Process: law enforcement, regulators, courts, and similar bodies when legally required or to protect rights, safety, and property.

  • Business Transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.

We do not sell Personal Data and do not “share” Personal Data for cross‑context behavioral advertising as those terms are defined by the CPRA. We do not send marketing newsletters and do not conduct retargeting advertising.

International Data Transfers

We are headquartered in the United States and may transfer Personal Data to the U.S. and other jurisdictions where our service providers operate. Where required by law for transfers from the EEA/UK, we rely on appropriate safeguards such as the EU Standard Contractual Clauses, the UK Addendum/IDTA, and, where applicable, a provider’s certification under an adequacy mechanism (e.g., the EU–U.S. Data Privacy Framework). Copies of relevant safeguards may be requested via the contact in §14, subject to redactions.

Data Retention

We retain Personal Data only for as long as necessary for the purposes set out in §3, subject to legal, accounting, and reporting requirements:

  • Accounts & Identity Data: retained until the account is deleted, plus 30–90 days for backup/logging; we may retain non‑identifying email hashes for fraud prevention.

  • Payment & Financial Records: 3–7 years to satisfy tax and bookkeeping obligations; raw card numbers are never stored (processors only).

  • Orders & Transactions: 3–7 years aligned to financial records.

  • Communications & Support: 3 years, unless linked to financial/legal records.

  • Technical/Usage Logs: typically 30–180 days for raw logs; aggregated/anonymized analytics may be retained indefinitely.

  • Marketing/Preference Records: until you opt out or delete your account.

  • Legal/Compliance Records: 3–10 years, depending on jurisdiction.

Third‑Party Services and Embeds

The Sites integrate or interact with third‑party services including Squarespace, Printful, Stripe, PayPal, Square, Venmo, Patreon, Captivate, YouTube, Vimeo, Cloudflare, Google Analytics, Meta analytics/Facebook Pixel, Google Fonts, Instagram, X, Facebook Pages, and Discord. Some of these process data strictly as our processors; others act as independent controllers (notably social platforms and media players). When you click to play an embedded podcast/video or load a social feed, those providers may collect data directly from your device under their privacy notices. We encourage you to review those notices.

Security

We implement reasonable and appropriate technical and organizational measures to protect Personal Data, including encrypted transport (TLS/SSL), access controls, least‑privilege practices, secure credential hashing, and protective services such as Cloudflare. We use Proton Mail for encrypted communications. No method of transmission or storage is completely secure; residual risk remains.

Your Rights

EEA/UK Residents (GDPR/UK GDPR)

Subject to conditions and exemptions, you have the rights to access, rectify, erase, restrict, object (including to processing based on legitimate interests), and data portability, and to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with your supervisory authority.

U.S. Residents (CPRA/CPA and Similar State Laws)

Depending on your state of residence, you may have the rights to: know/access (including specific pieces of information), correct, delete, opt out of sale or sharing of Personal Data, opt out of targeted advertising and certain profiling, and limit the use/disclosure of sensitive Personal Data. We do not sell or share Personal Data and do not use sensitive Personal Data for purposes that trigger the “limit” right. We also do not engage in targeted advertising or automated profiling in furtherance of decisions producing legal or similarly significant effects. We will honor Global Privacy Control (GPC) signals where applicable.

Appeals (CPA and others): If we deny your request, you may appeal by replying to our response or contacting the Privacy Officer at Inquiries@ConfusedProductions.com with “Appeal” in the subject line. We will describe any actions taken or reasons for denial.

Exercising Your Rights

To exercise any rights, email Inquiries@ConfusedProductions.com with sufficient detail for us to reasonably verify your identity (e.g., access to the email account associated with your Site account or order, plus any requested corroborating information). Authorized agents must present verifiable proof of authorization. We will not discriminate against you for exercising rights.

Children’s Data

Our Sites are not directed to children and we do not knowingly collect Personal Data from children under 13 (COPPA) or from children under 16 in jurisdictions where consent requirements apply. If you believe a child has provided Personal Data, contact us (§14) to request deletion.

Community Platforms; UGC

We maintain presences on platforms such as Patreon and Discord. While we may view or moderate content there, those platforms process Personal Data as independent controllers under their own policies. We do not require you to disclose social handles to us to access our Sites. Content you choose to make public may be visible to others; exercise caution when posting.

Tips

We accept tips via Squarespace Payments, PayPal, and Venmo. The processors collect payment information directly and provide us limited transaction metadata (e.g., name, email, billing address when provided, amount, currency, date/time, IP address for fraud checks, and processor transaction IDs). We use that information only for receipts, records, fraud prevention, and compliance. We do not use donor information for marketing.

Changes to this Statement

We may update this Statement from time to time. Material changes will be posted on the Sites with an updated effective date. Your continued use of the Sites after the effective date constitutes acknowledgment of the revised Statement.

Opt‑Out Mechanisms: Because we do not sell or share Personal Data or engage in targeted advertising, no opt‑out is required for those activities. If this changes, we will update this Statement and provide opt‑out mechanisms and honor recognized universal opt‑out signals where required.

Last updated: October 2, 2025