Last Updated: February 2, 2026

Introduction:

This Privacy Policy explains how Calm Kids System (operated by Erik Moravčík, sole proprietor, IČO: 21682984, registered at Bítovská 1226/7, Michle, Praha, Czech Republic) collects, uses, and protects your personal data. Calm Kids System sells only digital products (downloadable e-books delivered electronically) to customers globally . We are committed to complying with the EU General Data Protection Regulation (GDPR) and relevant privacy laws worldwide. By using our website or purchasing our digital products, you agree to the practices described in this Privacy Policy.

Personal Data We Collect:

We only collect data that is necessary to fulfill the purposes outlined in this policy. This includes:

Information You Provide: When you make a purchase or contact us, you may provide personal information such as your name, email address, billing information, and payment details. We do not directly collect or store full payment card information; payments are processed securely by our third-party payment processor (Stripe).

Transaction Data: Records of the digital products you purchased, the date and time of purchase, and the transaction amount.

Communication Data: Copies of correspondence (emails) if you contact customer support or otherwise communicate with us.

Automatically Collected Data: When you visit our website, certain data is collected automatically by tracking technologies, including your IP address, browser type, device information, and browsing actions. We use cookies and similar technologies in a lawful manner to gather usage data for analytics and advertising (see “Tracking & Analytics” below). This information may include details of how you navigated our site and interactions with our ads.

Tracking & Analytics Tools:

We use the following third-party tools to improve our services and understand our audience, in compliance with privacy regulations:

Meta Pixel (Facebook Pixel): We utilize Meta (Facebook) Pixel on our site for advertising analytics and re-targeting. This tool tracks user interactions on our website and provides us with aggregate information about conversions and user behavior stemming from our ads . The Meta Pixel may collect information from your device (e.g. IP address, page visited, actions taken) to help us measure the effectiveness of our Facebook/Instagram advertising campaigns. Any data collected via the Pixel is processed by Meta in accordance with Facebook’s privacy policies. We ensure that use of this tracker is only done with appropriate consent where required. You may opt out of Meta/Facebook tracking through your browser or ad settings at any time.

Fathom Analytics: Our website uses Fathom Analytics, a privacy-focused analytics platform. Fathom is a GDPR-compliant tool that does not use cookies or store personally identifying information . It collects minimal data (such as an anonymized IP address and browser user agent) to count visits and pageviews without profiling individual users . This helps us understand website traffic and usage patterns in an aggregated form, without invading your privacy. Because Fathom does not track personal data or use cookies, its use does not require intrusive cookie consent banners. The information gathered by Fathom is used purely to improve our website’s performance and content.

HYROS Tracking: We also use a third-party tracking software called HYROS for advanced analytics and advertising attribution. HYROS helps us understand user behavior across our funnels and optimize our marketing efforts . It may use cookies or similar technologies to track which advertising or referral sources lead you to our site and whether certain actions (like purchases) occur. The data HYROS collects on our behalf can include device identifiers, visited pages, and interactions with our ads or emails. This information enables us to link sales to our advertising campaigns and thereby serve more relevant ads to interested audiences. All data collected via HYROS is treated as per this Privacy Policy and used only for our internal analysis and to improve our marketing. You can manage cookies from HYROS (and other trackers) via your browser settings or any consent management tool on our site.

How We Use Your Personal Data:

We process your personal data for the following purposes:

To Fulfill Purchases and Provide Services: We use your name and email to deliver the digital e-book(s) you purchased. Immediately after successful payment, our system (or email provider) will send you an email receipt and a download link or attachment for your e-book. All products are delivered electronically via email without any physical shipping . We also use your contact information to communicate with you about your order (purchase confirmation, delivery of the product, and any essential updates). Payment information you provide is used to process your transaction through Stripe; we do not see or store your full credit card number on our servers, but Stripe may retain your payment details securely for record-keeping and any future refunds.

Customer Support: If you contact us at [email protected] for assistance, we will use the personal data you provided (such as your email and order history) to help resolve your issue or answer your questions. We may also ask for additional information if needed to verify your identity or troubleshoot problems (for example, confirming your order number or email address). Communication data is retained so we have a record of your request and our response, which helps in providing better service should you contact us again.

Email Communications & Marketing: With your consent (or as otherwise permitted by law for existing customers), we may use your email address to send you our newsletter, educational content, or promotional offers about new products and updates. We do not spam; such emails are sent only if you have opted in or if they relate to a product you purchased from us and you haven’t unsubscribed. Any marketing email you receive from Calm Kids System will include a clear unsubscribe link at the bottom, allowing you to opt out of future marketing messages at any time . We may also send essential transactional or administrative emails (such as updates to our terms or this policy, or security notices) when necessary, from which you may not be able to unsubscribe as they are not promotional in nature.

Analytics and Improvement: We process usage data (via Fathom Analytics and similar tools) to understand how users navigate our site, which pages or content are most popular, and how our site performs. This helps us diagnose technical issues, optimize content layout, and improve user experience on the website. All analytics data is aggregated and does not directly identify you individually.

Advertising and Retargeting: Data from Meta Pixel and HYROS is used to create more effective advertising campaigns. For example, Pixel allows us to show relevant Calm Kids System ads on Facebook/Instagram to people who have visited our site or to find audiences with similar interests. HYROS allows us to attribute sales to specific ads or channels, helping us allocate our advertising budget efficiently. These activities may be considered profiling under GDPR; we rely on user consent (via cookie consent banners where applicable) for placing and using such tracking cookies/pixels for advertising. You can withdraw consent at any time by adjusting your cookie settings or by contacting us.

Legal Compliance and Protection: In certain cases, we may need to process and retain personal data to comply with legal obligations (for example, accounting and tax records of purchases must be kept for a certain number of years as required by law). We may also process personal data where necessary to establish, exercise, or defend against legal claims, or to investigate and prevent fraud or other misuse of our services. For instance, we keep a record of transactions to handle refunds or chargebacks and to meet financial reporting requirements.

We will not use your personal data for any purposes incompatible with the above, and we do not make automated decisions that produce legal effects concerning you or similarly significant effects without human intervention.

Legal Bases for Processing (GDPR):

If you are located in the European Economic Area (EEA) or UK, our processing of your personal information will be justified by one or more of the following legal bases under the GDPR:

Contract Performance: Most of our data processing is to fulfill our contract with you. When you purchase a digital product from us, we must process your data (e.g. name, email, payment info) to deliver the product and manage your order. This is necessary for the performance of the purchase agreement. Refusal to provide such essential data would mean we cannot deliver your product.

Legitimate Interests: We rely on legitimate interests to process data for analytics, product improvement, and certain marketing activities. For example, it is in our legitimate interest to understand how our customers use our site (via analytics) so we can improve functionality and content. We only rely on this basis after assessing that your privacy rights do not override our interests, and you always have the right to object to such processing (see Your Rights below). If we send marketing emails to existing customers about similar products, we do so under legitimate interest in keeping you informed, but with a clear opt-out option in each email.

Consent: For optional uses of data, such as sending you promotional emails if you are not an existing customer, or dropping non-essential cookies/pixels (Meta Pixel, HYROS) on your device, we will ask for your consent. Where consent is our legal basis, you have the right to withdraw it at any time. For example, if you consent to our use of cookies for advertising, you can later disable those cookies via our cookie banner or browser settings, and we will honor your choice. Withdrawing consent will not affect the lawfulness of processing already carried out but will stop the specific processing going forward (e.g., you’ll stop receiving the marketing emails you unsubscribed from).

Legal Obligation: In some cases, we have a legal obligation to process data, such as retaining transaction records for tax and accounting purposes or providing information to authorities if lawfully required (e.g., for law enforcement or regulatory inquiries).

Cookies and Tracking Technologies:

Our website uses cookies and similar technologies to provide and optimize our services:

Essential Cookies: These are small data files placed on your device that are necessary for the website to function (e.g., to remember items in your cart or to ensure security). We may use a session cookie to remember your session as you navigate the site. These cookies are typically exempt from consent requirements, as they are needed for service delivery.

Analytics Cookies/Tools: As noted, we use Fathom Analytics which does not use cookies at all, and instead employs anonymization techniques to gather insights . This means you can visit our site without any analytics cookies being stored on your browser, yet we still count your visit in an anonymized way. We do not use Google Analytics, so your usage data is not sent to Google. Fathom’s cookie-less approach helps us respect your privacy while still understanding our website traffic.

Advertising Cookies/Pixels: The Meta Pixel and HYROS scripts may set cookies or utilize browser local storage to track user activity and attribute conversions. These are considered non-essential cookies used for marketing. We will only deploy these tracking technologies where you have given consent via our cookie consent mechanism (if you are in a jurisdiction, like the EU, that requires prior consent for marketing cookies). If you decline or withdraw consent, these tools will not collect your data on our site. You can also use tools like the browser’s “Do Not Track” setting or privacy plugins to block third-party trackers. (Note: Meta Pixel and similar might still track if you have a Facebook account and are logged in, based on their own cookies, but our site will not intentionally send your data without consent.)

Third-Party Websites and Social Media: If our site ever embeds content from third parties (e.g. YouTube videos, social media share buttons), those third parties may set their own cookies. Our website currently focuses on selling e-books and may not have such embeds, but if present, we will inform you and obtain necessary consents. This Privacy Policy does not cover third-party sites or services – please review those third parties’ privacy policies for information on their practices.

You have control over cookies. Most web browsers allow you to refuse or delete cookies through settings. You can also adjust preferences in any cookie consent banner we provide. Note that disabling cookies may affect site functionality (for instance, the checkout might not remember that you added a product to cart).

Disclosure of Your Data to Third Parties:

We treat your personal data with care and confidentiality. We do not sell or rent your personal information to any third party for their own marketing purposes. However, we do share certain data with trusted third parties in order to operate our business and provide services to you, under the following circumstances:

Service Providers (Processors): We use reputable third-party companies to support our operations, which may process personal data on our behalf, such as:

Payment Processor: Your payment for our e-books is handled by Stripe, Inc. (or its affiliates). Stripe processes your payment information (credit card numbers, etc.) securely. We share with Stripe the necessary transaction details to charge you (like purchase amount, currency, and an identifier for your order, plus your billing info). Stripe is a PCI-DSS compliant payment provider and is contractually prohibited from using your data for anything other than processing payments. Please refer to Stripe’s Privacy Policy for details on how they handle your data.

Email Service Provider: We may use an email delivery service to send transactional emails (order confirmations, download links) and marketing emails (newsletters, if subscribed). This means your name and email address, and email content, could pass through that service. We ensure any such provider has appropriate security and GDPR-compliant data processing terms. Currently, our customer emails are sent from our own domain via our hosting provider or a service like SendGrid/Mailchimp (for example).

Analytics/Tracking Providers: As described, data is shared with Meta (Facebook) via the Pixel, with HYROS, and with Fathom Analytics. These providers might directly collect data through their embedded code on our site. We have agreements or terms in place with each that protect your data (for example, a Data Processing Addendum with HYROS as they process data on our behalf, and Fathom’s terms ensuring compliance). Meta, as a separate controller for data it receives, uses the information for its own purposes as well (e.g., improving ad targeting on their platform). You can consult Meta’s supplemental privacy terms regarding data collected via their Pixel. We only implement these trackers in compliance with applicable law and with your consent.

Cloud/Hosting Providers: Our website and database may be hosted on servers provided by third-party hosting companies. Personal data that you submit (e.g., through an order form) will be stored on those servers. We choose hosting providers with strong security practices. These providers act as data processors storing data on our behalf; they do not access your data except for storing it and making it available to us for retrieval.

All these third parties are bound by confidentiality and data protection obligations. They only receive the data necessary for their function and must not use it for other purposes. We maintain Data Processing Agreements where appropriate (for example, with our analytics and email service providers) to ensure they uphold GDPR standards.

Business Transfers: If Calm Kids System (or the underlying business operated by Erik Moravčík) is involved in a merger, acquisition, sale of assets, or similar corporate transaction, your personal data may be transferred to the successor or new owner as part of that deal. If such a transfer occurs, we will ensure the new owner is contractually obligated to respect the terms of this Privacy Policy or we will notify you and obtain any required consents.

Legal Requirements: We may disclose personal information if required to do so by law or legal process, or if we have a good-faith belief that such action is necessary to (a) comply with an obligation, investigation, or request from law enforcement, a court, or regulatory authority; (b) enforce our Terms & Conditions or other agreements; (c) detect or protect against fraud, security, or technical issues; or (d) protect the rights, property, or safety of our users, our business, or the public. We will strive to notify you of any such disclosure, if permitted by law.

Aggregated or Anonymized Data: We may share information that has been aggregated or anonymized (so it is no longer associated with an identifiable individual) for any legitimate business purpose. For example, we might publish trends about e-book interest (e.g., “X% of our customers are from Europe”) or share statistics with a partner or in marketing materials. This data will not identify you personally.

We do not share your personal data with third-party advertisers or ad networks aside from the tools (Meta, etc.) we ourselves use to advertise. You will never receive communications from third parties as a result of sharing your data, unless you explicitly opt in to such third-party communications.

Data Retention:

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or to comply with legal or contractual obligations.

Order and Transaction Data: We generally retain records of purchases (including your name, contact, and transaction details) for at least the duration required by Czech accounting and tax laws (which is typically 10 years for financial records). This is to have proof of sales for tax audits and to honor our refund policy or provide support. After this period, or if the data is no longer needed, we will delete or anonymize these records.

Email and Marketing Data: If you have subscribed to our newsletter or agreed to receive marketing emails, we will keep your contact information on our mailing list until you unsubscribe or ask us to delete it. If you opt out, we will remove you from the mailing list promptly, but may keep a record of your request to ensure we honor it (and not email you again). Transactional emails related to purchases are retained as part of your order history.

Analytics Data: Fathom Analytics data is largely non-identifiable and stored in aggregate form. We may keep site traffic logs and aggregated reports indefinitely for historical comparison, but this data contains no personal identifiers. Raw server logs that include IP addresses are typically rotated or deleted within a short timeframe (often 30 days) unless needed for security analysis. HYROS and Meta Pixel data may be stored on their platforms; we have access to analytics dashboards but not raw personal data beyond what we already collect. We generally do not download or store locally any personal-level analytics data from these platforms. If we ever do, we will treat it as personal data and erase it when no longer needed.

Support Communications: Copies of customer support emails or messages are retained for as long as necessary to assist you and improve our services. We may keep them for a period (e.g., 2 years) in case you have follow-up queries or to train our team, after which we will delete or anonymize them, unless they contain information we must keep longer (like record of a refund issuance).

When we no longer have a legitimate need or legal obligation to retain your personal data, we will securely delete or anonymize it. If deletion is not immediately possible (for example, because backups are stored offsite), we will ensure the data is isolated and protected until deletion is feasible.

Your Rights (GDPR and Equivalent):

If you are a resident of the EU, EEA, UK, or other regions with similar data protection laws, you have certain rights regarding your personal data. We are committed to upholding these rights. Specifically, you have the right to:

Access Your Information: You can request a copy of the personal data we hold about you, as well as information about how we use it. This is commonly known as a Subject Access Request. We will provide this information free of charge within the legally required timeframes (typically within 1 month). 

Rectification: If any of your personal data that we have is inaccurate or incomplete, you have the right to have it corrected or updated. For example, if you change email addresses or notice a typo in the data we hold, let us know and we will fix it.

Erasure: You can request that we delete your personal data under certain circumstances – for instance, if the data is no longer necessary for the purpose it was collected, or if you withdraw consent and we have no other legal basis to continue processing. This is often called the “right to be forgotten.” Note that we may need to retain some information if required by law (e.g., we cannot delete transactional data if it’s needed for tax purposes) or if another lawful basis applies.

Restriction of Processing: You have the right to ask us to restrict (pause) the processing of your personal data in certain scenarios – for example, while we are verifying the accuracy of data you contested or assessing an objection you raised.

Data Portability: For data you provided to us and which we process by automated means on the basis of consent or contract, you can request to receive that data in a structured, commonly used, machine-readable format (for example, CSV file), and you have the right to have us transmit it to another data controller where technically feasible.

Object to Processing: You can object to certain processing activities. Specifically, you have the right to object to processing based on legitimate interests and to processing for direct marketing purposes. If we are processing your data on the basis of our legitimate interest, you can object, and we will stop processing it unless we have compelling legitimate grounds that override your interests or it’s needed for legal claims. If you object to direct marketing (including any profiling related to marketing), we will cease processing your data for those purposes immediately. For example, you can unsubscribe from our emails (which is an objection to further marketing emails) or turn off marketing cookies (an objection to profiling via tracking).

Withdraw Consent: Where we rely on your consent to process data (e.g., sending newsletters or using certain cookies), you can withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing done before the withdrawal. You can withdraw by using the unsubscribe link in emails, adjusting cookie settings, or contacting us directly. If you withdraw consent for a specific purpose, we will stop the processing for that purpose.

Not to be Subject to Automated Decisions: We do not engage in solely automated decision-making (including profiling) that produces legal or similarly significant effects on you. However, if we ever did, you would have the right to not be subject to such decisions without human intervention.

To exercise any of these rights, please contact us at [email protected] with your request. We may need to verify your identity before fulfilling certain requests (for example, by confirming you have access to the email associated with your data or asking for additional ID in case of doubt) to ensure we do not disclose data to the wrong person. We will respond to your request as soon as possible, and at least within the timeframe required by applicable law (under GDPR, typically within one month). If your request is complex or if we have received numerous requests, we may extend the period by up to two further months, but we will inform you of any delay and the reason.

Please note that some rights have limitations. For example, if you request deletion of data that we are legally required to keep, we may deny that request but will explain our reasoning. Similarly, if fulfilling your request would adversely affect the rights and freedoms of others (e.g., deleting data that is also contained in another user’s records), we might not be able to fully comply. In any case, we will communicate clearly with you about actions taken.

Data Security:

We take the security of your personal data seriously. We have implemented a variety of technical and organizational security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. These include:

Encryption: Our website uses HTTPS (Secure Sockets Layer/Transport Layer Security) to encrypt data transmitted between your browser and our site. This means any personal data entered (such as your name or payment details) is encrypted during transmission. Additionally, sensitive information handled by Stripe is transmitted and stored securely using their encryption and security protocols.

Access Controls: Personal data stored in our systems (including order information and email lists) is accessible only by authorized personnel who need the information to perform their job (for example, customer support or site administration). Access to administrative interfaces is protected with strong passwords and, where possible, two-factor authentication. Our team is trained on data privacy principles and bound by confidentiality agreements.

Secure Storage: We use reputable hosting providers and cloud services that maintain high levels of security (firewalls, intrusion detection systems, etc.). We regularly update our systems and software to patch vulnerabilities. Any physical devices (computers) that might contain personal data are secured and encrypted where feasible.

Payment Security: We entrust payment processing to Stripe, which is certified to PCI DSS (a strict security standard for handling credit card data). We do not store your credit card numbers on our systems. Stripe only provides us with limited information such as the last four digits of your card or a token, which cannot be used to reconstruct your card details.

Monitoring and Testing: We monitor our website for potential vulnerabilities or attacks. If we offer account creation (currently, purchases are one-time and do not require an ongoing account login, but if that changes) we will ensure passwords are hashed and not stored in plain text. We may perform periodic security audits and assessments to ensure our measures are effective.

Despite all these precautions, it’s important to note that no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of data. However, we will continuously update and improve our security practices. In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the affected individuals and the relevant authorities as required by law.

Children’s Privacy:

Calm Kids System’s products and website are not directed to children, even if the content of our e-books concerns children’s wellbeing. Our customers are typically parents, guardians, or educators – adults who purchase resources to help children. We do not knowingly collect personal data from anyone under the age of 16 (and for children under 13, we comply with COPPA in the U.S. by not collecting such data). If you are under 16, please do not provide any personal information on our site or purchase products without parental consent.

If we discover that we have inadvertently collected personal information from a child under the age of 16 without proper consent, we will take immediate steps to delete that information. If you believe a minor has provided us with personal data, please contact us at [email protected], and we will investigate and remove the information as necessary.

Note: Parents or guardians purchasing on behalf of a child will necessarily provide their own details (not the child’s) for the transaction. Any information about children contained in our products (e.g., if you share a success story about your child with us) will be kept confidential and treated with the utmost care and only processed with your permission.

International Data Transfers:

calmkidsystem.com is based in the Czech Republic, which is part of the European Union. When you provide information to us, it will be processed in the EU (primarily in Czech Republic or where our EU-based servers are located). However, some of our third-party service providers are located outside the EU/EEA, which means your personal data may be transferred to and stored in countries outside your country of residence. For example:

Meta (Facebook) and Stripe have servers in the United States and other global locations.

HYROS is a service likely operated from the United States.

Our email or cloud service providers might use servers globally (e.g., the USA).

Whenever we transfer personal data out of the EEA/UK, we ensure appropriate safeguards are in place to protect it, as required by GDPR. Typically, this means relying on European Commission approved standard contractual clauses (SCCs) in our contracts with those service providers, which legally oblige them to protect your data to EU standards. For instance, Stripe and Facebook (Meta) are certified under relevant frameworks or implement SCCs for EU data transfers . Fathom Analytics offers EU-based data residency options, and if we use that, data stays in the EU; if not, we ensure they also commit to GDPR compliance.

We will only transfer data to jurisdictions that are deemed adequate by the EU or where we can be sure your data will be given equivalent protection. You can contact us for more information on the safeguards in place for international transfers.

Changes to This Privacy Policy:

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. If we make any material changes, we will notify you by posting the updated policy on our website and updating the “Last Updated” date at the top. In cases where changes are significant or where required by law, we may also notify you via email (if we have your email on file) or when you next visit the site. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services after any modifications indicates your acceptance of the updated Privacy Policy.

Contact Us:

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us at:

Email: [email protected]

Postal Mail: Erik Moravčík , Bítovská 1226/7, Michle, Praha, 140 00, Czech Republic.

We will gladly assist you and address any issues to the best of our ability. Your privacy is extremely important to us, and we welcome your feedback.

Your Right to Lodge a Complaint:

If you are in the EU and believe we have infringed your data protection rights, you have the right to lodge a complaint with a supervisory authority, particularly in the EU country where you live, work, or where the alleged infringement occurred. In the Czech Republic, the supervisory authority is the Office for Personal Data Protection (Úřad pro ochranu osobních údajů – UOOU). You can find their contact details on their official website. We would, however, appreciate the chance to deal with your concerns before you approach the authority, so please consider contacting us first so we can work to resolve the issue.

Governing Law:

This Privacy Policy and any disputes related to it or to our handling of personal data are governed by the laws of the Czech Republic, without regard to its conflict of law principles . By using our services, you agree that any legal actions or proceedings regarding this Privacy Policy shall be brought in the competent courts of the Czech Republic. We also recognize that you may have rights under mandatory local laws if you reside outside of Czech Republic, and nothing in this Policy limits your rights under those laws. For instance, if you reside in a country with consumer privacy protections or data localization requirements, we will comply with those to the extent applicable.

Thank you for reading our Privacy Policy. We value your trust and are dedicated to protecting your personal information.