Privacy Policy

Who I am

This website address is:

This website is controlled and operated by Thom Morecroft, a self-employed musician from Shrewsbury in the United Kingdom.

Your support and offer of a small amount of personal data for means of communication or order transactions are greatly appreciated. I take this responsibility very seriously, I have listed this privacy policy below to provide transparency where there could have been dangerous opacity. My solemn commitment is to protect said data, which I promise never to share with other persons or have used in any other ways than those outlined in my privacy policy. However, there are a few small jokes here to help people with reading. They do not however detract from my solemn outlook on personal privacy.

What personal data I collect and why I collect it

Purchase Information

At the very most, your full name, phone number, email address and home address are collected. This information is necessary to successfully conducting a business transaction of a physical or digital product order. Data of this kind is for short term usage and will not used for any other purposes once the transaction is complete.

Mailing List

My mailing list is a voluntary subscription form, collected online or at gigs and performances. It contains the email address of the person who has chosen to stay in touch. It also contains the date on which they were added, and may contain either the first or full name of the self-petitioned individual. All this information must be voluntarily supplied (either physically handwritten or digitally) to be added to the list. I will never involuntarily add data to the mailing list ie. without unambiguous consent. The Thom Morecroft mailing list is for purposes of communication only with regards to tour dates, music releases and any information that might interest the individual. Information in this list is shared only with me and, in good faith, with the Mail Chimp server.


When comments are left on the website, all data therein (including the IP address and browser user agent of the visitor) is collected to help spam detection. Spam continues to be a grave problem in the twenty-first century, and the collection of this data by the website provider is the only hope I have.

Anonymised string created from that email address (also called a hash – but not as fun as other types of hash are alleged to be) may be provided to the Gravatar service, to see if you are a user. The Gravatar service privacy policy is available here: After said comment is approved, your global avatar is visible to the public in the context of your comment. I hope you’ve commented sensibly, because the world is watching (whilst innocently browsing and not collecting your data in a sinister way to sway to outcome of a foreign election).


If you upload images to the website, please refrain from doing so using images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website. Those visitors are often the baddies, but they usually just want to sell you things.


If you bless me with comments on my site, you can opt-in to saving your name, email address and website in cookies. This is designed for your ease, so that you do not have to fill in your details again when you leave another comment, or even another comment. These cookies will last for twelve months.

If you have an account and you log in to this site, the website provider will set a temporary cookie to determine if your browser accepts cookies. This cookie contains none of your personal data and will be totally eradicated when you close your browser.

When logging in, I will have also set up several cookies to save the login information and your screen display choices. Login cookies last 48hrs, and screen options cookies last twelve months. In selecting “Remember Me”, your login will persist for two weeks. Logging out of your account, login cookies will be removed.

Embedded content from other websites

Posts on this site include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the same way as if you, the visitor, had visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content. This includes tracing your interaction with embedded content if you have an account and are logged in to that website.


Who I share your data with

Personal data will not be shared with any persons, companies or any parties not pertaining to the Thom Morecroft website or business. As previously mentioned, trustworthy third-party websites such as Paypal are used in the collection of data required to carry out any digital or physical product transactions. Third party website Mailchimp is also used to carry out mailing list newsletters.

How long I retain your data

Purchase information is retained for as long as necessary to carry out a product order transaction and may be held for up to seven years, in case they are required for legal or tax purposes.

If you leave a website comment, that data is retained indefinitely. This is so I can recognise and approve any new comments from the same commenter automatically, instead them being held in a moderation queue. This may also be for my protection, as there are some crazy people out there.

For users who register on this website (if any), I also store that personal information in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). As the administrator I can also see and edit that information.

What rights you have over your data

You can request, review and order changes to the personal data I have collected. This may include updating to a current email address, checking collected data or requesting the deletion of all data. If you would like to do any of the above please contact – or use the contact form available on the website.

If you have an account on this site, or have simply left anonymised or other types of comments, you may request to receive an exported file of the personal data I hold ob you, including any data you have provided to me. You can also request that I erase any personal data I hold about you. This does not include any data I am obliged to keep for administrative, legal, or security purposes.

Where I send your data

Personal data is not shared with any parties or persons except in the case of trustworthy, third-party websites that are used to operate transactions when requested by the customer.

Visitor comments may be checked through an automated spam detection service.

Your contact information

If you’d like further information or to request, review or delete your data/metadata, please contact tm@thommorecroft or simply use the website contact form.

Additional information

How I protect your data

All personal, digital data is protected by security parameters that allow only authorised personnel access. Any physical data records are equally locked, secured and stored.

What data breach procedures we have in place

The risk of a data breach is regularly reviewed and the necessary measures, like those listed above, are added when it is deemed imperative to do so. This privacy policy will be updated with new rules and regulations whenever they are enforced.

What third parties I receive data from

Third party websites include Paypal, WordPress and Mailchimp that allow the smooth running of transactions, website provision and a mailing list service.

What automated decision making and/or profiling I do with user data

All personal data is managed and used manually by authorised persons only, except in the context of store transactions when third-party websites share responsibility.

Thank you for taking the time to read this,