Get Started
Product
Legal

Privacy Policy

Last updated: 14 June 2026

This policy explains how Barn2 Media Limited collects, uses and protects personal data when you use the Document Library Pro hosted service (the “Service”) and our website.

1. Who we are

Barn2 Media Limited is a company registered in England and Wales (company number 08565444), with its registered office at Harscombe House, 1 Darklake View, Estover, Plymouth PL6 7TL, United Kingdom. We are the data controller for the personal data we collect about our customers and website visitors. For any privacy question, email privacy@barn2.com.

2. The data we collect

  • Account and billing data. When you sign up, we collect your name, email address and billing information. Payments are handled by Stripe; we receive confirmation and limited billing details (such as your country and the last four digits of your card), but we never see or store your full card number. You can read how Stripe handles data in Stripe’s privacy policy.
  • Contact form data. If you contact us through a form on our website, we collect the information you provide along with your IP address. We delete contact form submissions after 12 months.
  • Your library content. The documents, files and information you upload to your hosted library. We store this only to provide the Service. We act as a data processor for any personal data contained in your library content; you remain the controller of that data and decide what to upload and who may access it. We do not access your library content except where necessary to operate, support or secure the Service, and we never sell it.
  • Library visitor data. The hosted library is designed to work without collecting your visitors’ personal data. If you switch on an optional feature such as lead capture, the email address a visitor submits is sent directly to you, the library owner, by email. We do not store it. You are responsible for how you use any details your visitors provide.
  • Marketing data. If you opt in to our emails, we store your email address and engagement (such as whether you opened or clicked an email) to send and improve our communications. We never sell your data, and we never share it with third parties for their own marketing. You can unsubscribe at any time.
  • Technical data. Like most websites, our hosting and security providers log IP addresses and basic technical information to keep the Service secure and working correctly.

3. How we use your data

We use your data to provide and maintain the Service; to take payment and manage your subscription; to provide support; to send essential service and account emails; to send marketing emails where you have opted in; to keep the Service secure and prevent fraud; and to meet our legal and accounting obligations.

4. Our legal bases

We process personal data to perform our contract with you (providing the Service), to comply with legal obligations (such as keeping tax records), for our legitimate interests (securing and improving the Service, and contacting customers), and with your consent where required (such as marketing emails).

5. Who we share data with

We use a small number of trusted providers to run the Service, and we only share what is needed for each of them to do their job:

  • Stripe handles secure payment processing.
  • Kinsta provides our website and application hosting.
  • Cloudflare provides security and content delivery in front of our site.
  • Mailgun delivers our transactional and account emails.

These providers act as our processors and are required to protect your data and use it only on our instructions. We manage our email communications using FluentCRM, which runs on our own servers, so your marketing data is not handed to a separate marketing company. We do not sell your personal data to anyone.

6. Cookies

We keep cookies to a minimum and do not use advertising or third-party analytics-tracking cookies. The cookies we use are:

  • Security (strictly necessary). Our security provider Cloudflare sets a cookie (__cf_bm) to tell genuine visitors apart from bots.
  • Account (strictly necessary). When you log in to manage your library, WordPress sets session cookies so you stay signed in. These are only set for account holders.
  • Payment (necessary for checkout). When you reach a payment page, Stripe sets cookies (such as __stripe_mid and __stripe_sid) to help prevent fraud.
  • Email engagement (optional). If you are subscribed to our emails, a cookie may record when you visit us via a link in one of those emails, so we can measure engagement.

You can block or delete cookies in your browser settings, though some necessary cookies are required for the Service and checkout to work.

7. Data retention

We keep your account and library data for as long as you hold an active subscription. When your subscription ends, your library is taken offline straight away, and we keep your documents and settings for 90 days in case you reactivate, after which they are permanently deleted. We keep billing and tax records for as long as the law requires. Contact form data is deleted after 12 months.

8. Your rights

Under data protection law you have the right to access, correct, delete or export your personal data, to object to or restrict certain processing, and to withdraw consent for marketing at any time. To exercise any of these rights, email privacy@barn2.com. You also have the right to complain to your local data protection authority (in the UK, this is the Information Commissioner’s Office, ico.org.uk).

9. How we keep your data secure

We take the security of your data and documents seriously:

  • All traffic to and from the Service is encrypted in transit using HTTPS/TLS.
  • Your data is encrypted at rest by our hosting provider, and stored on enterprise infrastructure (Kinsta, running on Google Cloud).
  • Each customer’s library runs as its own isolated site within our platform, separated from other customers.
  • Access to customer data is restricted to authorised staff on a least-privilege basis, and only when needed to operate, support or secure the Service.
  • Payments are handled entirely by Stripe, so we never see or store your card details.
  • We rely on a security provider (Cloudflare) and a managed host (Kinsta) that maintain firewalls, monitoring and regular automated backups.
  • When you embed your library on another website, it is served inside a secure iframe. Password-protected libraries are checked on our server before any content is shown, and the embed does not rely on third-party cookies.

No online service can be guaranteed completely secure, so we also recommend you keep your own backup copies of important documents.

10. Where your data is held and international transfers

Our application and your library data are hosted by Kinsta, on Google Cloud infrastructure located in Frankfurt, Germany, in the European Union. Cloudflare provides our security and content delivery network: to serve visitors quickly, it may cache and serve public content from edge locations around the world, and it processes connection data (such as IP addresses) at those locations. Some providers (for example Stripe) may process data outside the UK and EEA. Where data is transferred internationally, we rely on appropriate safeguards, such as the providers’ standard contractual clauses, to keep it protected.

11. Changes to this policy

We may update this policy from time to time and will post the current version here, along with the date it was last updated.

12. Contact

If you have any questions about this privacy policy or any other related concerns, please get in touch with us via our Support Center or send an email to privacy@barn2.com.