Privacy Policy

Last Updated: 28 May 2025

FibromyWho? (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.fibromywho.com, use our services, purchase our products, or interact with our digital community.

“For more detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.”


Who We Are

FibromyWho? is a UK-registered business offering e-commerce products and digital services for individuals with fibromyalgia and chronic pain. Our services include product sales (e.g., CBD products, supplements, massage tools), digital downloads, online courses, AI coaching, and a paid membership community.


What Information We Collect

We may collect and process the following types of personal data:

Information You Provide Voluntarily

  • Account Details: Name, email address, password, billing/shipping addresses
  • Order Information: Products purchased, payment method, order notes
  • Health-Related Data (Optional): When voluntarily disclosed via our forums or AI coach
  • Community Profile: Bio, photos, posts, interactions
  • Emails/Support Tickets: Any correspondence you send us

Automatically Collected Information

  • IP address, browser type, device data
  • Cookies and usage data (see section 7)
  • Referral source, pages visited, and time spent on site

Payment Data

  • We use third-party processors (e.g., Stripe, PayPal). We do not store full credit/debit card details on our servers.

Why We Collect Your Data

We collect your data for the following purposes:

  • To process and fulfill your orders
  • To manage your account and membership
  • To personalize your experience (e.g., product recommendations)
  • To provide customer support
  • To operate the BuddyBoss community and AI coach
  • To send marketing emails (with your consent)
  • To comply with legal obligations (e.g., VAT, returns)

Lawful Basis for Processing (UK GDPR)

We rely on the following lawful bases:

  • Contractual necessity: to fulfill orders and memberships
  • Consent: for optional health discussions, marketing emails, and cookies
  • Legal obligation: for record-keeping, fraud prevention
  • Legitimate interests: to improve services, prevent abuse, and moderate community posts

Who We Share Data With

We never sell your data. We may share data with:

  • Payment processors (Stripe, PayPal)
  • Dropshipping partners (e.g., CBD Supermarket, CJ Dropshipping, Spocket) to fulfill your orders
  • Email providers (e.g., MailChimp) for newsletters
  • Hosting and platform services (e.g., WordPress, BuddyBoss)
  • Law enforcement or regulatory bodies, when legally required

All third-party partners are GDPR-compliant and only process data to the extent necessary to provide services.


Data Retention

We retain your personal data:

  • As long as you have an active account
  • For 6 years after your last purchase (for tax/legal compliance)
  • For community content: indefinitely unless you request deletion

Cookies and Tracking

We use cookies to improve your experience, analyze traffic, and personalize content. You can manage cookie preferences via your browser.

Cookies may include:

  • Session cookies (essential)
  • Analytics cookies (e.g., Google Analytics)
  • Marketing cookies (only if you consent)

Your Rights (Under UK GDPR)

You have the right to:

  • Access your data
  • Correct inaccurate data
  • Delete your data (right to be forgotten)
  • Object to processing (e.g., marketing)
  • Request data portability
  • Withdraw consent at any time

To exercise any rights, email us at fibromywho@gmail.com.


How We Protect Your Data

  • SSL encryption across our website
  • Strong password hashing
  • Regular security updates and backups
  • Access controls for team and suppliers
  • BuddyBoss private community and privacy settings

Children’s Privacy

We do not knowingly collect data from anyone under 18. You must be at least 18 to use our site or purchase CBD/vape products.


Data Transfers Outside the UK

Some of our partners (e.g., hosting/email services) may store data in the EU or USA. We ensure all transfers comply with GDPR using standard contractual clauses or UK adequacy decisions.


AI Coaching and Sensitive Data

Our AI Coach may process data you provide voluntarily. It does not store this information permanently, make medical diagnoses, or replace professional advice. Do not share sensitive personal data unless you are comfortable doing so.


Changes to This Policy

We may update this policy from time to time. The latest version will always be available at fibromywho.com/privacy-policy. We’ll notify you by email or banner if changes are significant.

“For more detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.”


Contact Us

For any questions, complaints, or data requests, contact:

Email: fibromywho@gmail.com

Address: No Physical Address Yet

Supervisory Authority: If you’re not satisfied, you may contact the Information Commissioner’s Office (ICO) at www.ico.org.uk