Privacy Policy
Last updated: May 2026
We keep this simple. The only personal data we collect is your email address if you subscribe to the letter. We do not sell it, share it with advertisers, or use it for anything other than keeping you informed.
1. Who We Are
Kieran Duff operates this website and the associated newsletter ("the letter") as the data controller. For any data-related queries, contact us via the details on the main site.
2. What Data We Collect
The letter subscribers: Email address only.
Website usage: Our web server may log standard technical data including your IP address, browser type, pages visited, and timestamps.
Analytics: We use Cloudflare Web Analytics, a privacy-first, cookieless analytics service. It does not use cookies, does not track individual users, and does not collect personal data.
What we do not collect: We do not use advertising trackers, marketing pixels, or collect payment information or sensitive personal data.
3. How We Use Your Data
Email addresses are used to:
- Send the letter
- Notify you of important updates
- Respond to your enquiries
We will never use your email address for unrelated marketing or share it with third parties for their marketing purposes.
4. Legal Basis for Processing (UK GDPR)
Processing is based on your consent (Article 6(1)(a) UK GDPR). You can withdraw consent at any time by unsubscribing or contacting us directly.
5. Data Retention
Your email is retained while you remain subscribed. Upon request, it will be removed within 30 days. Server logs are retained for a maximum of 90 days.
6. Data Sharing
We do not sell, rent, or share your personal data, except where necessary for service providers who are contractually bound to protect it, or where required by law.
7. Cookies
We do not use cookies. Cloudflare Web Analytics is cookieless and does not require a cookie consent banner.
8. Your Rights Under UK GDPR
You have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data, as well as to withdraw consent. We will respond within one calendar month.
9. Security
We take reasonable technical and organisational measures to protect your personal data from unauthorised access, loss, or disclosure.
10. International Transfers
Our servers are located in the UK/EEA. Where any external services process data outside this region, appropriate GDPR safeguards are in place.
11. Changes to This Policy
Material changes will be communicated by email to subscribers. The "last updated" date at the top of this page will be revised accordingly.
12. Complaints
If you are unsatisfied with how we handle your data, you may escalate your complaint to the Information Commissioner's Office at ico.org.uk or by calling 0303 123 1113.