FinanceSimply

Privacy Policy

Last updated: 19 April 2026

1. Introduction and Data Controller

FinanceSimply ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use and safeguard your personal information when you use our newsletter service, in accordance with the UK GDPR and the Data Protection Act 2018.

Data controller: FinanceSimply. Registered entity details (legal name, company number and registered office) are being finalised and will be added here once confirmed. Privacy contact and correspondence address available on request at privacy@financesimply.co.uk. We will provide a geographic address within 5 working days of any request. Privacy contact: privacy@financesimply.co.uk.

We are not required to appoint a statutory Data Protection Officer under UK GDPR Art. 37. All privacy queries should go to privacy@financesimply.co.uk.

2. Information We Collect

We collect and process the following categories of personal data:

  • Email address, when you subscribe to the free or premium newsletter.
  • Name, optional, if you choose to provide it.
  • Account credentials, for premium subscribers, an Argon2id password hash (we never store your password in plain text).
  • Stripe customer ID, a reference issued by Stripe. We do not store card numbers, expiry dates or CVC codes; these are handled directly by Stripe.
  • IP address and request metadata, used for rate limiting, fraud and abuse prevention and server security.
  • Email delivery events from Resend, opens, clicks, bounces, spam complaints and deliverability signals relayed to us by our email provider.
  • Session cookies, login tokens and password-reset / unsubscribe tokens, used to keep you signed in, to authenticate sensitive actions and to process unsubscribe requests.

Email tracking: our emails contain a 1x1 tracking pixel and tagged links, provided by Resend, which record opens and clicks. You can disable image loading in your email client to prevent the pixel firing; disabling tracking does not affect newsletter delivery.

3. How We Use Your Information and Lawful Bases (UK GDPR Art. 6)

We process your data for the following purposes, relying on the lawful bases below:

  • Sending the free daily newsletter, consent (Art. 6(1)(a)) and, where applicable, PECR reg. 22 soft opt-in for existing customers.
  • Processing premium subscription payments and providing the paid service, performance of a contract (Art. 6(1)(b)).
  • Rate-limiting, IP logging, fraud prevention and site security, legitimate interests (Art. 6(1)(f)). Our interest is keeping the service available, secure and free from abuse.
  • Analytics on aggregate open / click rates and editorial improvement, legitimate interests (Art. 6(1)(f)). Our interest is operating and improving a sustainable editorial product; we balance this against your privacy by using aggregated analytics and offering opt-outs (see Section 8 on cookies and the email tracking note in Section 2).
  • Responding to legal requests, tax filings and accounting, legal obligation (Art. 6(1)(c)), in particular HMRC record-keeping requirements.

We do not carry out solely automated decision-making or profiling that produces legal or similarly significant effects about you (UK GDPR Art. 22).

4. Processors and Recipients

We share personal data with the following processors strictly to provide the service. Where a processor is based outside the UK, the transfer mechanism is set out in Section 6.

  • Resend, transactional and newsletter email delivery, bounce and engagement event reporting (United States).
  • Stripe, payment processing, subscription billing and customer portal (United States / United Kingdom).
  • Groq, large language model inference used to draft and summarise editorial copy. Receives newsroom content only; does not receive subscriber personal data (United States).
  • Ollama, self-hosted large language model used for editorial drafting. Runs on our own infrastructure; no third-party access.
  • Redis, session store and rate-limit counters (self-hosted).
  • Postgres, primary application database storing subscriber records and operational data (self-hosted).

5. Data Retention

  • Active subscribers: retained indefinitely for as long as you remain subscribed.
  • Unsubscribed email addresses (suppression list): retained indefinitely while the business continues to operate, on the basis of legitimate interests, so that we do not accidentally re-add you and so we can demonstrate PECR reg. 22 compliance.
  • Login, password-reset and unsubscribe tokens: 24 hours, or until used, whichever is sooner.
  • IP rate-limit and security logs: 7 days.
  • Resend delivery events: up to 12 months.
  • Stripe payment and subscription records: 6 years, to comply with HMRC and Companies Act record-keeping obligations.

6. International Transfers

Some of our processors (notably Resend, Stripe and Groq) are based outside the United Kingdom. Where the destination country is not covered by a UK adequacy decision, transfers rely on the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses together with the UK Addendum, as required by Chapter V of the UK GDPR. Copies of the relevant safeguards are available on request to privacy@financesimply.co.uk.

7. Your Rights (UK GDPR)

You have the following rights in relation to your personal data:

  • Access, request a copy of the personal data we hold about you.
  • Rectification, ask us to correct inaccurate or incomplete data.
  • Erasure, ask us to delete your data, subject to limited legal exceptions.
  • Restriction, ask us to pause processing while a query is resolved.
  • Portability, receive your data in a structured, commonly used, machine-readable format, or ask us to transmit it to another controller.
  • Objection, object to processing based on legitimate interests, including any profiling.
  • Withdraw consent, where processing is based on consent, you may withdraw it at any time; every email also includes a one-click unsubscribe link.

To exercise any of these rights, email privacy@financesimply.co.uk. We aim to respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at https://ico.org.uk/make-a-complaint/ or on 0303 123 1113.

8. Cookies and Similar Technologies

We use two categories of cookies and similar technologies:

  • Strictly necessary cookies, session cookie (keeps you logged in), CSRF token (protects against cross-site request forgery) and a theme preference cookie (remembers your dark / light mode). These are always set because the site cannot function without them and are exempt from consent under PECR reg. 6(4).
  • Analytics cookies, Google Analytics 4, loaded only after you click "Accept" on the cookie banner. If you click "Reject", no GA4 script is loaded and no analytics cookies are set. Your choice is remembered in a first-party cookie (fs_consent) for 6 months.

You can change your choice at any time via the Change cookie preferences link (also available in the page footer). Withdrawing consent removes the GA4 cookies on your next page load.

9. Data Security

We implement industry-standard security measures including encrypted HTTPS connections, Argon2id password hashing, secure database storage, regular security updates and restricted internal access to subscriber data. If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and notify affected users without undue delay where the risk is high, in accordance with UK GDPR Arts. 33–34.

10. Children's Privacy

UK law sets the age of consent for information society services at 13 (DPA 2018 s.9). We set a higher contractual minimum of 16 because our content concerns personal finance. Our service is not intended for anyone under 16 and we do not knowingly collect data from children.

11. Changes to This Policy

We may update this policy from time to time. We will notify subscribers of significant changes via email and publish a dated changelog at the foot of this page.

12. Contact Us

For privacy questions or to exercise your rights, email us at:

privacy@financesimply.co.uk

Terms of Service · Change cookie preferences · Back to Home