Privacy Policy

Last Updated: January 2026

Welcome to Litopia, the original writers’ colony on the net! We value the trust of our community and are committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use Litopia.com and our Colony forum (colony.litopia.com), in compliance with UK data protection law and the UK General Data Protection Regulation (UK GDPR). We’ve written it in a clear, friendly tone so it’s easy to understand, while covering all the important details.

Who We Are (Data Controller)

The data controller – the organization responsible for your personal data – is Litopia Writers’ Colony, which is owned and operated by The Redhammer Management Ltd (a company registered in England & Wales, No. 05756519). In this policy, when we say “Litopia,” “we,” or “us,” we’re referring to this company. If you have any questions or concerns about your data, you can contact us via our Contact form.

What Personal Data We Collect

We only ask for the information we truly need to run our writers’ community. Here’s what we collect and why:

  • Name and Contact Details: When you register or join Litopia, we collect information like your name, email address, and a username. We need these to create your account and let you log in, and so other community members know who you are. Your email also helps us communicate important account information or community updates to you.
  • Account Information: You must provide a password (stored securely in encrypted form), and if you fill out profile details (like a short bio or avatar image), those are stored as part of your account.
  • Content You Submit: Anything you post or upload on Litopia – for example, forum posts, comments, or stories – is user-generated content linked to your profile. Keep in mind that this content is visible to other members (and possibly the public, depending on the area of the site). Only share what you’re comfortable having out there.
  • Payment and Subscription Data: If you choose to support Litopia by purchasing a membership or subscription, the payment details (credit/debit card information) you provide are NOT collected or stored by Litopia. Instead, payments are handled directly by a trusted third-party payment processor on our behalf. This means your card number and billing information go straight to the payment processor (which is compliant with strict security standards) – we never see or keep your full card details. We do record basic transaction info (like the fact that you paid and for which plan, and the amount and date) so we know your account status, but not your sensitive payment data.
  • IP Address and Technical Data: When you visit our sites, our system logs some technical information – such as your IP address, your browser type, and operating system. We use this standard data for things like displaying the site correctly, spam and fraud prevention, and understanding where our visitors come from (e.g. general geographic regions). For example, when someone leaves a comment or post, we may log their IP address and browser user-agent to help us detect spam or misuse. This kind of data is collected automatically by our web servers and analytics tools.
  • Cookies and Tracking Information: Like most websites, Litopia uses cookies (small text files stored on your device) and similar technologies. Cookies help run essential features – for instance, keeping you logged in and remembering your preferences (such as keeping the site in your chosen language or theme). We also use cookies to collect analytics data, which tells us how members use the site (e.g. which pages are popular) so we can improve it. These analytics are generally collected in an anonymous or aggregate form – we look at trends, not at individual behaviour. We do not use any invasive or unusual tracking: for example, we don’t use third-party advertising networks or track you across other websites. (More on cookies below.)
  • Communications: If you contact us (say, by using the contact form), we will receive whatever information you choose to provide (like your email address and the contents of your message). We’ll use that info to respond to you and help resolve your query.

We do not collect any special categories of personal data (like sensitive information about health, politics, etc.), and our site is not meant to collect data from children (see Children’s Privacy below). Our aim is to ask only for what’s needed to make Litopia a safe and enjoyable place for writers.

How We Use Your Data (Purposes of Processing)

We use personal data strictly for the following purposes:

  • Providing Our Services: First and foremost, we use your information to create and manage your account, and to let you use the Litopia community features. For example, we use your login credentials to authenticate you, your email to verify your account or reset your password, and your username to identify you in the forums. If you post content, we process that content so it can be displayed to other members.
  • Communicating with You: We might use your email to send important communications about your membership or the Litopia service. For instance, if you request a password reset, or if there are critical updates or issues affecting the site, we’ll get in touch via email. We won’t flood you with emails, and we won’t send marketing newsletters unless you’ve opted in.
  • Processing Payments: When you subscribe or make payments, we facilitate that transaction via our third-party payment processor (as noted, we don’t see your card details). We’ll use the info about your subscription (e.g. plan type and status) to activate your membership features and ensure you have access to members-only content or forums. We may also send you a receipt or confirmation email for your records.
  • Community Safety and Moderation: We have a legitimate interest in keeping Litopia a welcoming and secure environment. Thus, we may monitor activity and content on the site to prevent inappropriate behaviour, enforce our community rules, and protect against fraud or misuse. For example, IP addresses and other signals help us detect and block spammers or multiple fake accounts. We also keep an eye out for any content that violates our Terms of Use.
  • Improving and Maintaining Our Website: We analyze how users navigate and use Litopia (through cookies and analytics) to spot trends or problem areas. This helps us fix bugs, improve site performance, and decide on new features or improvements. For instance, we might look at aggregated data showing that a particular forum section is very active, or that certain features aren’t being used, and use that insight to enhance the community experience.
  • Compliance with Legal Obligations: In rare cases, we might need to process or disclose data to comply with a legal obligation. For example, if required by law or a governmental authority (such as a lawful request by law enforcement), or to meet financial record-keeping rules (we may keep records of payments for tax/audit purposes as required by law).

We will not use your personal information for any purposes that are incompatible with the above, and we don’t engage in any form of automated decision-making or profiling that has legal or significant effects on you (no algorithms are making big decisions about you on our site without human involvement).

Legal Bases for Processing

Under the UK GDPR, we must have a valid legal basis for using your personal data. We rely on the following bases, depending on the situation:

  • Contractual Necessity: When you sign up for Litopia and agree to our Terms, a contract is formed between you and us. We need to process certain data to fulfil that contract – i.e., to provide the services you requested. For example, we must use your account details to log you in, display your posts, and keep the community running for you.
  • Legitimate Interests: We process some data to pursue legitimate interests – ours or those of our community – in a balanced way that does not override your rights. This includes things like ensuring security (e.g., using IP addresses to prevent abuse), improving our platform (analytics), and communicating with members about community matters. We always consider your privacy and will not use your data for interests that are not legitimate or that are outweighed by potential risks to you.
  • Consent: For certain optional features, we may rely on your consent. For instance, if we introduce a newsletter or promotional emails, we will only send them if you’ve explicitly opted in. You have the right to withdraw consent at any time for any such processing – just let us know or use the provided opt-out mechanism (e.g., “unsubscribe” link in an email).
  • Legal Obligation: If we are under a legal obligation to process or disclose data (for example, a court order, or obligations under UK law to retain transaction records for a certain time), we will do so to comply with the law.

We will normally identify the appropriate legal basis at the time of collecting your data, and if we ever need to process your data for a new purpose that’s not covered here, we will seek your permission or inform you of the new legal basis.

Cookies and Tracking Technologies

As mentioned, Litopia uses cookies and similar technologies to make our website work smoothly and to understand usage. Here’s a bit more detail (and don’t worry – we won’t get too technical):

  • What Are Cookies? Cookies are small text files that websites store on your device to remember information about you, such as your login status or site preferences. They are widely used to enable basic site functionality and improve user experience.
  • How We Use Cookies: We use cookies for essential functions like keeping you logged in as you move around the Colony forums, remembering your preferences (e.g. your chosen theme: light or dark mode), and keeping the site secure (helping prevent cross-site request forgery, etc.). We also use cookies (and in some cases local storage) to remember if you’ve seen certain notifications or to save your progress in writing a post. Additionally, we use analytics cookies to count visitors and see how they navigate our pages. This statistical data helps us improve design and content – for example, seeing which discussion topics are most active.
  • Third-Party Cookies: We do not serve third-party ads that would plant tracking cookies, but when we embed content from other sites (like a YouTube video in a forum post, or share buttons for social media), those external sites may set their own cookies. For instance, if someone embeds a YouTube video, YouTube might set cookies per its own privacy policies. Similarly, if we have a Twitter/X “share” button, Twitter/X may recognize you if you interact with it. Litopia itself doesn’t control those cookies from third parties. We also integrate with our payment processor; during a payment, that service might set a cookie to remember your session as you complete checkout.
  • No Sneaky Tracking: Aside from the above, we don’t use any unusual tracking tech. There’s no spyware, no advertising profiles being built, and we don’t sell your browsing behavior to ad networks. Any analytics we run are primarily to make the site better for our community, not to advertise to you.
  • Your Choices: It’s up to you whether to accept cookies. When you first visit, we’ll inform you about our use of cookies. Most web browsers let you control or block cookies through their settings. If you choose to disable cookies entirely, note that some core features (like staying logged in) may not work properly. For guidance on managing cookies, you can refer to your browser’s help documentation or resources like the ICO’s cookie guide. You can also clear cookies at any time. For analytics cookies, you might opt out via tools like browser extensions if you wish (for example, Google offers a GA opt-out add-on if we were using Google Analytics).

Tracking: We do not use any form of cross-site tracking or targeted advertising trackers. We also do not use any automated decision-making or profiling cookies that would significantly affect you. If this ever changes, we will update this policy and, if required, ask for your consent.

Third-Party Services and Data Sharing

We treat your personal data with care and do not sell or rent your information to anyone. However, like many websites, we rely on a few trusted third-party service providers to help us run Litopia effectively. When it’s necessary, we share certain data with them – but strictly for the purposes described and under proper safeguards. Here’s who we may share data with and why:

  • Payment Processors: As noted, we use an external payment company to handle membership subscriptions and payments. When you subscribe or make a payment, you are securely redirected to that processor (or their embedded form) to enter your payment details. They process the transaction and let us know if it was successful. We share only the necessary information with them (like your name or member ID and the amount to charge). We do not send them any more of your data than needed, and conversely, they don’t share your full card details with us. These payment providers are PCI-DSS compliant and specialize in handling financial data securely. (If you’re curious, typical examples of such processors include services like Stripe, PayPal, etc., though we won’t name specific ones here as it may change.)
  • Hosting and Infrastructure: Litopia’s websites (including the Colony forum) are hosted on servers which may be provided by third-party hosting companies. In fact, our site is currently hosted on servers located outside the UK/EEA. We also use cloud storage and backup services (such as Amazon Web Services (AWS)) to securely store data and backups. These infrastructure providers technically process data (they store or transmit it on their machines), but they do not access it for their own purposes.
  • Email and Communication Tools: If we send emails (for account verification, notifications, or an optional newsletter), we may use an email service provider to dispatch those messages. That means our email list (your email address and name) might be stored with that provider solely to send you emails. They are not allowed to use your info for anything else.
  • Analytics and Anti-Spam Services: We use basic analytics tools to understand site usage; some of these might be third-party tools (for example, Google Analytics). Such tools may receive your IP address and cookie data to provide aggregated stats. We also use an anti-spam service to protect our forums (for instance, to automatically filter spam posts or malicious content). In doing so, when you post a comment or content, it might be checked by an automated spam detection service, which could involve sending the content of your post and your IP to that service. These providers are only allowed to use the data to provide their service to us (e.g., tell us “this post looks like spam”).
  • Other Service Providers: We may use other providers for specialized services, such as technical support, cloud functions, or website development. In all cases, we only share information that is needed for them to perform their work. For example, if we hire a developer to fix a bug, they might briefly have access to the database, but they will be under strict confidentiality and data protection obligations.

We ensure that any third parties we engage to process personal data on our behalf are bound by data protection obligations (through contracts or terms) equivalent to ours. They are not allowed to use your data for their own purposes.

Aside from service providers, we might share data in these rare scenarios:

  • Legal Requirements: If we are compelled by law, regulation, or legal process (for example, a court order, or a request by law enforcement or regulatory authorities), we may disclose certain data. Our policy is to verify any such request and only provide information if required and proportionate.
  • Enforcing Our Policies or Protecting Rights: If necessary, we may share data to enforce our Terms and community rules or to protect the rights, property, or safety of Litopia, our users, or others. For instance, we might provide information to law enforcement if someone is using Litopia for unlawful activity. Similarly, if a user seriously violates the rules, we might retain data about that incident to support any actions we take (such as suspension of the account).
  • Business Transfers: If Litopia (or The Redhammer Management Ltd) ever undergoes a business change, like a merger, acquisition, or transfer of assets, user data may be transferred to the new owner as part of that deal. If that happens, we will ensure your data remains subject to the same protections and inform users of any change. Your privacy will remain a priority.

Importantly, we do not share personal information with advertisers or marketing companies. You will not suddenly get third-party marketing messages because you joined Litopia. We also do not divulge your identity or contact info to other users without your consent – other members will just see what you choose to share on your profile or in posts.

International Data Transfers

Litopia is a global online community, and as mentioned, some of our infrastructure is located outside the United Kingdom or European Economic Area. In particular, our site may be hosted on servers in the United States, and our backups and cloud services (like AWS) may also reside in data centers outside the UK/EEA (including the USA). This means your personal data might be transferred and stored in a country that has different data protection laws than your home country.

Rest assured, no matter where your data is processed, we safeguard it to the same high standards required by UK GDPR. When we transfer data internationally, we take one or more of the following precautions:

  • Adequacy Decisions: If the country has been officially deemed to provide an “adequate” level of data protection by UK authorities, we rely on that decision (meaning it’s approved as having strong privacy laws).
  • Standard Contractual Clauses: In the absence of an adequacy finding (for example, for the US at this time), we implement Standard Contractual Clauses (SCCs) or the UK’s International Data Transfer Agreement with the receiving party. These are legal contracts approved by regulators that require the recipient to protect your data according to GDPR standards.
  • Other Safeguards: We ensure any US-based (or other non-UK) service providers we use are reputable and have robust security measures. Some may also certify under frameworks like the EU-U.S. Data Privacy Framework or similar, but since UK is not directly part of that, we primarily rely on contractual and technical protections. We may also encrypt data in transit and at rest, meaning that even if data is stored overseas, it’s unreadable to unauthorized parties.

You can contact us if you’d like more information about the international transfer safeguards we have in place for your data. Despite different jurisdictions, your rights travel with your data – we continue to uphold your privacy rights and protect your information globally.

Data Retention – How Long We Keep Your Data

We don’t keep your personal data forever – only for as long as necessary to fulfill the purposes described in this policy (or as required by law). The retention periods can vary depending on the type of data and how you use Litopia:

  • Account Information: If you have an account with Litopia, we retain your personal information while your account is active. If you decide to close your account or request deletion, we will remove or anonymize personal data associated with your account (such as your name, contact info, and profile details). However, we may keep certain records if needed for legitimate purposes – for example, if we must retain transaction records for financial reporting, or to resolve disputes, or if required by law. Also, note that content you have posted (like forum posts or comments) may remain visible to others even after your account is deleted, but it would no longer be attributed to you (we can, upon request, usually either remove your posts or disassociate them from your name, unless removal is impossible or would impair others’ rights – we’ll discuss options with you if needed).
  • Membership and Payment Records: We keep subscription/payment records for as long as you’re a paying member and for a period after (generally up to 6 years after the transaction, as recommended for UK tax record-keeping). This is to comply with accounting laws and to have a history in case of any issues or audits. These records would include things like invoice details, not your card information (which we don’t have), and they are kept securely.
  • Logs and Analytics: Server logs (which contain IP addresses and visit timestamps) are typically kept for a short period (a few weeks to a few months) for security monitoring and then are routinely deleted. Aggregated analytics data (which doesn’t directly identify individuals) may be retained longer for trend analysis, but this data is not personally identifiable. If we have raw analytics data that could identify you (like an IP in analytics), we will either delete or anonymize it after a reasonable period (for example, Google Analytics automatically anonymizes or deletes old data per their settings, often 14 to 26 months, if applicable).
  • Emails and Communication: If you contact us, we may retain correspondence (emails, support tickets) for a period of time to ensure we have a history of what was communicated, which can be useful if you contact us again with related issues. We typically won’t keep these longer than necessary – many communications might be deleted after, say, 1-2 years, unless needed for a longer period (e.g., a serious complaint or legal matter might be kept on file).

In all cases, when we no longer have a legitimate need to keep personal data, we will securely delete or anonymize it. We also periodically review the data we hold and erase or anonymize what’s no longer needed. For example, if someone registers but never verifies their account, we might purge that unactivated account after some time.

Backups: Please note that residual copies of your data might remain in backups for a short duration even after deletion. Our backup systems run on cycles, so any deleted data will be removed from backups once they cycle out. During that period, the data is of course protected and not used for any active purpose.

Your Rights Under UK GDPR

As a Litopia user, and particularly if you are in the UK or EU, you have robust rights regarding your personal data. We are committed to honoring these rights. Here’s a summary of your rights:

  • Right to Access: You have the right to request a copy of the personal data we hold about you. This is commonly known as a “subject access request.” We will provide you with a copy of the information in a commonly used format, explaining what data we have, why we have it, and who it may have been shared with, unless an exemption applies.
  • Right to Rectification: If any of your information is incorrect or incomplete, you have the right to have it corrected. You can update much of your profile data yourself through your account settings. For anything you can’t change yourself (or if you spot something like an email spelling error in our records), just contact us and we’ll fix it.
  • Right to Erasure: Also known as the “right to be forgotten.” You can ask us to delete your personal data. If you decide to leave Litopia, you can request full deletion of your account and personal info. We will do our best to erase the data we hold (subject to certain exceptions – e.g., we might retain minimal info if needed for legal reasons as explained in Data Retention). If full deletion isn’t possible (for instance, posts that are intertwined with others’ contributions), we can discuss alternatives, like anonymization.
  • Right to Restrict Processing: You have the right to ask us to limit how we use your data in certain circumstances. For example, if you contest the accuracy of your data, you can request we restrict usage until the issue is resolved. When processing is restricted, we can still store your data but not use it further (unless for legal claims, etc.).
  • Right to Data Portability: For data you provided to us and that we process by automated means on the basis of consent or contract, you have the right to get that data in a commonly used, machine-readable format and to request we transfer it to another provider if technically feasible. In practice, this might apply to things like data you gave in your profile or content you posted. We’ll help with providing exports (for instance, we can export your forum posts or profile info upon request).
  • Right to Object: You can object to certain processing of your data. You have an absolute right to object to use of your data for direct marketing (not that we do much of that), and you can also object if you feel our legitimate interest processing impacts you. For example, if we were sending out community update emails under legitimate interest and you prefer not to get them, you can object or opt-out and we will stop. If you object to analytics tracking, you can employ opt-out tools as described in Cookies section, or let us know and we’ll see if we can accommodate.
  • Right not to be subject to automated decisions: We do not make any purely automated decisions about you that have legal or significant effects. If that ever changes, you would have the right to human intervention and to express your point of view.
  • Right to Withdraw Consent: If we are processing any of your data based on your consent, you have the right to withdraw that consent at any time. For example, if you signed up for a newsletter, you can unsubscribe and we will stop that processing. Withdrawing consent doesn’t affect the lawfulness of processing before the withdrawal.

To exercise any of these rights, you can contact us through the contact form. We may need to verify your identity to ensure we’re giving access or making changes to the correct person (we wouldn’t want to accidentally give your data to someone else). We aim to respond to requests as quickly as possible, and certainly within the timeframe required by law (generally one month for most requests).

No Fees: We will not charge you a fee for exercising your rights. However, if a request is manifestly unfounded or excessive (e.g., repetitive requests), data protection law allows us to refuse or charge a reasonable fee. We’ve never had to do that, and hope we never will.

Right to Complain: If you have any concerns or are not satisfied with how we handle your personal data, please let us know and we will try our best to resolve it. However, if you feel we haven’t addressed your issue, you also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO), which is the supervisory authority for data protection in the UK. You can find details on the ICO’s website (ico.org.uk). If you’re in another country, you can complain to your local data protection authority as well. We really hope it never comes to that, and we welcome the opportunity to address your concerns directly first.

Children’s Privacy

Litopia is a community intended for adult writers (or at least writers over the age of 18). We do not knowingly collect personal information from children under 13 years of age, in compliance with UK data protection rules and COPPA (for U.S. users) which set protections for young children. If you are under 18, please do not register or use Litopia. If we learn that we have inadvertently collected personal data from a child under 13, we will delete that information as soon as possible.  If you’re a parent or guardian and you believe we have information about a minor that you want removed, please contact us.

Data Security

We take data security seriously at Litopia. We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes:

  • Using encryption (HTTPS/TLS) for all data transmissions on our site – you’ll notice the padlock in your browser’s address bar, meaning your connection is secure. This keeps your activities and personal info private while it’s in transit over the internet.
  • Storing passwords in hashed form (so even our team cannot read your actual password) and following best practices for securing our servers and databases. Access to systems that contain personal data is limited to authorized personnel who need it to perform their job (for example, support or technical staff), and they are bound by confidentiality.
  • Regularly updating our software and infrastructure to patch vulnerabilities, using firewalls and monitoring for intrusions, and employing security services from our hosting providers.
  • Ensuring our staff and any contractors are educated about data protection and privacy, so they handle your data with care.

Despite all this, it’s important to understand that no website or internet transmission is 100% secure. We cannot guarantee absolute security of data, and you should also take care with how you protect your account. Use a strong, unique password for Litopia, and notify us immediately if you suspect any unauthorized access to your account. We will act promptly if any security issue is discovered.

In the unlikely event of a data breach that could impact your rights or freedoms, we will inform you and the relevant authorities as required by law. We have a procedure in place to deal with such incidents, though we work hard to prevent them.

Changes to This Privacy Policy

From time to time, we may update this Privacy Policy – for example, if we add new features, use new services, or to comply with changes in privacy laws or regulations. If we make significant changes, we will notify our community (we might post an announcement on the site or send an email notification). The “Last Updated” date at the top will always tell you when we last revised the policy.

We encourage you to review this policy periodically, so you stay informed about how we are protecting your information. If you continue to use Litopia after changes to this policy, we will consider that as acceptance of the new terms. Of course, if the changes are substantial or require your consent (under applicable laws), we will make sure to gather consent where needed.

Contact Us

We’re here to help and answer any questions you may have about your privacy on Litopia. If you:

  • Have any questions or feedback about this Privacy Policy,
  • Want to exercise any of your rights described above,
  • Or have concerns about how we handle your data,

please don’t hesitate to contact us via our contact form.

We will do our best to respond promptly and address your inquiry. Your privacy is extremely important to us, and we genuinely welcome questions or suggestions on how we can improve our practices.

Thank you for being a part of Litopia and for taking the time to read our Privacy Policy. Happy writing, and stay creative – knowing that your personal data is in good hands!