Privacy Policy

Effective Date: 16 Aug 2025 Last Updated: 16 Aug 2025

1. Introduction

This Privacy Policy describes how jonathanmair.com ("we," "us," or "our") collects, uses, and protects your personal information. We are committed to protecting your privacy and handling your data transparently and securely.

Data Controller: Jonathan Mair, European Union

2. Information We Collect

2.1 Information You Provide

• Email Address: When you subscribe to our newsletter or create an account
• Account Information: Username, password (encrypted), and profile information
• Payment Information: Processed by third-party payment processors (we do not store payment card details)
• Contact Information: When you contact us directly

2.2 Information Collected Automatically

• Server Logs: We collect anonymized server access logs for security and performance monitoring
• Analytics Data: We use privacy-friendly, server-side analytics that anonymize IP addresses and do not use cookies
• Technical Information: Browser type, operating system, and referring website (anonymized)

2.3 Information We Do NOT Collect

• We do not use cookies for tracking or analytics
• We do not collect or store your full IP address
• We do not use third-party tracking services (Google Analytics, Facebook Pixel, etc.)
• We do not create detailed user profiles for advertising

3. How We Use Your Information

3.1 Service Provision

• Deliver newsletter content and account notifications
• Process membership subscriptions and payments
• Provide customer support
• Maintain and improve our services

3.2 Communication

• Send newsletters you've subscribed to
• Send transactional emails (welcome messages, password resets, billing notifications)
• Respond to your inquiries and support requests

3.3 Legal and Security

• Comply with legal obligations
• Protect against fraud and abuse
• Maintain service security and performance

4. Legal Basis for Processing (GDPR)

We process your personal data based on:

• Consent: Newsletter subscriptions and marketing communications
• Contract Performance: Membership services and account management
• Legitimate Interest: Service improvement, security, and fraud prevention
• Legal Obligation: Compliance with applicable laws

5. Email Communications and Mailgun

5.1 Email Service Provider

We use Mailgun (owned by Sinch) to send our emails. When you subscribe to our newsletter or create an account, your email address is stored on Mailgun's servers for delivery purposes.

5.2 Mailgun's Data Handling

• Mailgun processes your email address solely for email delivery
• Mailgun maintains appropriate security measures and complies with GDPR
• Your data may be processed in the United States with appropriate safeguards
• Mailgun's privacy policy: https://www.mailgun.com/privacy-policy

5.3 Your Email Choices

• Newsletter Subscriptions: Opt-in only, you can unsubscribe anytime
• Transactional Emails: Required for account functionality
• Unsubscribe: Use the link in any email or contact us directly

6. Data Sharing and Disclosure

6.1 Third-Party Services

We only share your data with trusted service providers:

• Mailgun: Email delivery service
• Payment Processors: For subscription billing (they have their own privacy policies)

6.2 Legal Disclosure

We may disclose your information if required by law, court order, or to protect our rights and safety.

6.3 No Data Sales

We never sell, rent, or trade your personal information to third parties for marketing purposes.

7. Data Security

7.1 Security Measures

• Encrypted data transmission (HTTPS)
• Secure password storage (hashed and salted)
• Regular security updates and monitoring
• Limited access to personal data

7.2 Data Breach

In case of a data breach affecting your personal information, we will notify you and relevant authorities as required by law.

8. Your Rights (GDPR)

As an EU data subject, you have the right to:

8.1 Access and Portability

• Request a copy of your personal data
• Receive your data in a portable format

8.2 Correction and Deletion

• Correct inaccurate personal information
• Request deletion of your personal data ("right to be forgotten")

8.3 Processing Control

• Object to or restrict processing of your data
• Withdraw consent for marketing communications

8.4 Complaints

• Lodge a complaint with your local data protection authority

To exercise your rights, contact us at [your contact email].

9. Data Retention

9.1 Retention Periods

• Newsletter Subscribers: Until you unsubscribe
• Account Data: Until account deletion or 3 years of inactivity
• Analytics Data: Anonymized data retained for up to 2 years
• Support Communications: Up to 3 years for quality assurance

9.2 Deletion

When data is no longer needed, it is securely deleted from our systems and third-party services.

10. International Data Transfers

10.1 Mailgun

Your email data may be processed by Mailgun in the United States. Appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs)
• Mailgun's commitment to data protection principles
• Security measures equivalent to EU standards

11. Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete the information promptly.

12. Changes to Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via:

• Email notification to subscribers
• Prominent notice on our website
• Updated "Last Modified" date

Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Information

13.1 Data Protection Inquiries

For questions about this Privacy Policy or your personal data, contact us at:

• Email: [email protected]
• Subject Line: "Privacy Policy Inquiry"

13.2 Response Time

We will respond to privacy-related inquiries within 30 days, or sooner when required by law.

This Privacy Policy is compliant with the General Data Protection Regulation (GDPR) and other applicable privacy laws.