Join GuideNotes™ for Free Tips from Our Guides
Last updated: November 15, 2025
Contact Information Data Controller: Alphabet Guides (trading name) Email: hello@alphabetguides.com
This privacy policy explains how Alphabet Guides ("we," "us," or "our") collects, uses, and protects your personal information when you provide your email address through our website. We are committed to protecting your privacy and complying with applicable data protection laws. For any questions about this policy, to exercise your rights or to make a complaint, please contact hello@alphabetguides.com.
We collect only the following personal information:
• Email address — provided voluntarily when you subscribe to our mailing list via our website forms or when you purchase digital products • Purchase information — transaction data necessary to process your purchase and deliver digital content (processed by Stripe via MailerLite) • Support correspondence — emails and messages you send us when requesting customer support • Usage Data — information collected automatically through our website, including IP addresses, browser type, device information, pages visited, time spent on pages, and referring website addresses
We do not collect any other personal data, such as names, addresses, phone numbers, or browsing behaviour, beyond what is necessary for our services.
We use your personal information for the following purposes:
• Marketing communications: Sending automated email sequences, promotional content, and newsletters where you have been clearly informed and provided your email voluntarily • Transaction processing: Processing purchases of digital products through MailerLite (payment processing by Stripe) • Service updates: Providing notifications relating to content you have requested or purchased • Customer support: Responding to your enquiries and support requests • Content delivery: Delivering digital content and managing access to purchased products • Access management: Maintaining suppression lists to respect unsubscribe requests • Service operation and maintenance: Using Usage Data for website operation, security, performance monitoring, troubleshooting, and improvement of our services • Legal compliance and protection: Complying with legal obligations, responding to enforcement requests, protecting our rights and interests (or those of our users or third parties), and detecting malicious or fraudulent activity
Methods of Processing
We take appropriate security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of your personal data. Data processing is carried out using computers and IT-enabled tools, following organisational procedures and modes strictly related to the purposes indicated in this policy.
In addition to us (the Owner), in some cases, personal data may be accessible to certain types of persons involved with the operation of our services (administration, customer support, technical service providers) or external parties (such as email service providers, payment processors, hosting providers, IT companies) appointed, if necessary, as Data Processors. The updated list of these parties may be requested from us at any time.
Place of Processing
Personal data is processed at our operating offices in the UK and at the facilities of the third-party service providers involved in data processing. Depending on your location, data transfers may involve transferring your data to a country other than your own. For more information about international data transfers, see Section 8 of this policy.
We rely on the following lawful bases under UK GDPR / EU GDPR:
• Marketing communications: Consent. We will only send marketing emails to UK/EU individuals where you have been clearly informed about receiving marketing communications before providing your email address and have voluntarily provided your email. While we do not always use double opt-in, you are always notified and informed before giving your email address about the purpose of collection. • Purchase processing and content delivery: Contract. Processing is necessary to fulfil our contract with you when you purchase digital products. • Customer support and access management: Legitimate interests. We process email addresses to operate and administer our Service, respond to enquiries, and protect our rights. • Service operation and security: Legitimate interests. We process Usage Data to ensure the security, proper functioning, and improvement of our services. • Legal compliance: Legal obligation. Processing may be necessary to comply with legal obligations to which we are subject.
We record consent evidence (timestamp, IP address where applicable, the specific information provided to users, and the method of collection) to demonstrate compliance with PECR and GDPR requirements.
For UK and EU Residents: • Right of access — Request copies of your personal data • Right to rectification — Request correction of inaccurate data • Right to erasure — Request deletion of your data (subject to legal exceptions) • Right to restrict processing — Limit how we use your data under certain circumstances • Right to object — Object to processing based on legitimate interests, including for direct marketing purposes (you may object at any time without justification) • Right to data portability — Receive your data in a structured, commonly used, and machine-readable format • Right to withdraw consent — Withdraw consent at any time where processing is based on consent • Right to complain — Bring a claim before your competent data protection authority
For California Residents (CCPA/CPRA): • Right to know — What personal information we collect and how it's used • Right to delete — Request deletion of your personal information (subject to legal exceptions) • Right to opt-out — Opt out of the sale of personal information (we do not sell data) • Right to non-discrimination — We will not discriminate against you for exercising your rights
For Canadian Residents: • Right of access — Access your personal information we hold • Right to correction — Request correction of inaccurate information • Right to withdraw consent — Withdraw consent for marketing communications
For Residents of Other Countries: We serve customers globally and will honour similar privacy rights where legally required in your jurisdiction.
Details About the Right to Object to Processing
Where personal data is processed for our legitimate interests, you may object to such processing by providing grounds related to your particular situation to justify the objection.
However, if your personal data is processed for direct marketing purposes, you can object to that processing at any time without providing any justification. You can exercise this right by using the unsubscribe link in any marketing email or by contacting us directly.
To exercise any of your privacy rights:
• Email us: hello@alphabetguides.com • Unsubscribe link: Use the unsubscribe link in any marketing email (for marketing opt-out) • Response time: We will respond within one month (UK/EU) or as required by applicable law
Making a Request:
• All requests can be made free of charge • We may request information to verify your identity before fulfilling rights requests to protect your privacy • We will minimize the amount of data requested for verification and only use it for that purpose • You may authorize a representative to make requests on your behalf where permitted by law • We will address your request as early as possible and always within the timeframes required by applicable law
What We Will Provide:
When you exercise your rights, we will provide: • Confirmation of whether we are processing your personal data • Information about the purposes of processing, categories of data, and recipients • A copy of your personal data undergoing processing (where applicable) • Information about retention periods and your rights
Unsubscribe and Suppression Policy: • Immediate cessation — We stop sending marketing emails immediately upon unsubscribe • Suppression records — We maintain suppression lists for 3–6 years to prevent accidental re-contact • Re-subscription — If you wish to re-subscribe after unsubscribing, you must actively opt in again through our signup process • No re-contact — We will not contact unsubscribed addresses for marketing purposes, even if obtained from other sources
We share your information only with:
• MailerLite (Ireland) — Our website platform, email service provider, and digital product sales platform, acting as a data processor for managing subscriptions, processing purchases, sending marketing communications, and delivering digital content • Stripe — Payment processor used by MailerLite to process transactions. Stripe acts as an independent controller for payment data processing. See Stripe's privacy policy: https://stripe.com/privacy
We do not sell, rent, or otherwise share your email address with any other third parties for their marketing purposes.
MailerLite Processing:
We use MailerLite to manage our email marketing subscriber list, host our website, process digital product sales, and send emails to our subscribers. MailerLite is a third-party provider, which may process your data using industry-standard technologies to help us monitor and improve our newsletter and services.
MailerLite acts as our processor and processes subscriber data only on our instructions under a Data Processing Agreement (DPA). MailerLite's data centres are located in Germany (MailerLite Classic) and the Netherlands (New MailerLite), with data hosted by Google Ireland Limited. Current sub-processors include Google Ireland Limited and Vercom S.A. (Poland). We have reviewed their GDPR compliance documentation.
MailerLite's privacy policy is available at https://www.mailerlite.com/legal/privacy-policy
More details about MailerLite's data processing: https://www.mailerlite.com/legal/data-processing-agreement
You can unsubscribe from our newsletter by clicking on the unsubscribe link provided at the end of each newsletter at any time.
MailerLite Analytics:
MailerLite collects essential analytics data necessary for the operation of our website and email services, including: • Email open rates and click-through rates • Website performance metrics • Form submission data • Basic technical information (browser type, device type)
These analytics are essential for the proper functioning of our services and do not require separate consent. The data is processed by MailerLite as our processor and is used solely to improve our services and deliver content to you effectively.
Your information may be processed in the UK (by us) and in other countries when you interact with our service providers:
• MailerLite: Data processed in Germany and the Netherlands via Google Ireland Limited data centres • Stripe: Payment data may be processed in the US and other countries
Transfers outside the UK/EEA are made only with appropriate safeguards such as adequacy decisions, the UK International Data Transfer Agreement (IDTA), or standard contractual clauses. MailerLite uses Standard Contractual Clauses (SCCs) and the UK Addendum for international transfers. Check Stripe's privacy policy for their current transfer mechanisms: https://stripe.com/privacy
Users are entitled to learn about the legal basis of data transfers to a country outside the European Union or to any international organisation and about the security measures taken to safeguard their data. If any such transfer takes place, users can find out more by checking the relevant sections of this document or by contacting us.
Personal data shall be processed and stored for as long as required by the purpose for which it has been collected. Therefore:
• Active subscribers: Retained while you remain subscribed • Purchase records: Transaction data retained as long as necessary to fulfill the contract, provide access to purchased content, and comply with legal obligations (typically 6-7 years for tax purposes) • Customer support: Support emails and correspondence retained for 3 years to assist with ongoing issues and warranty matters • Inactive subscribers: Where there is no engagement for 24 months, we will send a re-engagement message; if there is no response, we will delete the email address • Suppression records: We retain a suppression record (hashed email + unsubscribe date) for 3–6 years to ensure you are not contacted for marketing in error • Legal/tax retention: Where law requires longer retention (e.g., tax records), we will retain the necessary data for that period • Usage Data: Retained for as long as necessary for security, service operation, and improvement purposes, typically no longer than necessary for those purposes
We may be allowed to retain personal data for a longer period whenever you have given consent to such processing, as long as such consent is not withdrawn. Furthermore, we may be obliged to retain personal data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, personal data shall be deleted or anonymised. Therefore, the right of access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced after the expiration of the retention period.
Technical and Organisational Measures:
We implement appropriate security measures to protect your personal data, including: • Secure data transmission using encryption (SSL/TLS) • Access controls limiting who can view your data • Regular security assessments of our service providers • Secure payment processing through Stripe's PCI-compliant systems • Staff training on data protection requirements • Confidentiality obligations for all persons authorised to process personal data
Data Breaches:
If we become aware of a personal data breach that is likely to result in a risk to people's rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where required, within 72 hours. Where the breach is likely to result in a high risk to individuals, we will also notify affected individuals without undue delay and provide recommended steps to protect themselves.
System Logs and Maintenance:
For operation and maintenance purposes, our website and our third-party service providers may collect files that record interaction with our website (system logs) and use other Usage Data (such as IP addresses) for this purpose. This processing is necessary for the security, proper functioning, and improvement of our services.
Legal Action:
Your personal data may be used for legal purposes in court or in the stages leading to possible legal action arising from improper use of our website or services, or to protect our rights and interests. You acknowledge that we may be required to reveal personal data upon request of public authorities.
Information Not Contained in This Policy:
More details concerning the collection or processing of personal data may be requested from us at any time. Please see the contact information at the beginning of this document.
Our services are not directed to individuals under 13 years of age. We do not knowingly collect email addresses from children under 13. If we learn we have collected information from a child under 13, we will delete it immediately.
Note: While UK GDPR sets the age of consent for information society services at 13, some EU member states may apply higher age limits. We recommend parents and guardians supervise children's online activities.
Our website (hosted by MailerLite) uses only essential cookies and trackers necessary for basic functionality, such as: • Session cookies for form submissions and website functionality • Security cookies to prevent fraud • Essential cookies required for the MailerLite platform to function properly
We do not use non-essential tracking cookies, third-party analytics cookies (such as Google Analytics), or advertising cookies. MailerLite may use essential cookies for website operation and to provide analytics data necessary for service delivery, which does not require separate consent, as these are necessary for the legitimate operation of the service.
We may update this privacy policy periodically to reflect changes in our practices or for legal, operational, or regulatory reasons. We will: • Post the updated policy on our website • Update the "Last updated" date at the top of this document • Notify you via email if changes significantly affect your rights or how we process your data
Should changes affect processing activities performed on the basis of your consent, we will collect new consent from you where required. We strongly recommend checking this page regularly, referring to the date of the last modification.
UK/EU Residents:
If you're unhappy with how we handle your data, you can complain to:
UK Information Commissioner's Office (ICO) • Website: https://ico.org.uk/make-a-complaint/ • Phone: 0303 123 1113 • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Your local EU data protection authority (if you're an EU resident)
California Residents: You may contact the California Attorney General's office regarding privacy complaints.
Canadian Residents: You may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca
Other Jurisdictions: Contact your local data protection or privacy authority for complaints relating to data protection in your country.
California Residents: We do not sell personal information as defined by the CCPA. In the past 12 months, we have not sold personal information of consumers.
Nevada Residents: We do not sell personal information as defined under Nevada law.
Canadian Residents: This policy complies with PIPEDA requirements for organisations processing personal information of Canadian residents.
Global Customers: This policy is designed to provide appropriate protection for customers worldwide. We will comply with applicable data protection laws in jurisdictions where we have customers.
As required by data protection law, we maintain records of our processing activities, including: • The purposes of processing • Categories of data subjects and personal data • Recipients of personal data • Data retention periods • Security measures implemented
These records are available to supervisory authorities upon request.
To help you understand this privacy policy, here are definitions of key terms used throughout this document:
Personal Data (or Personal Information) Any information that directly, indirectly, or in connection with other information allows for the identification or identifiability of a natural person.
Usage Data Information collected automatically through our website, which can include: IP addresses or domain names of computers used by users, URI addresses (Uniform Resource Identifier), time of requests, method used to submit requests to the server, size of files received in response, numerical codes indicating server response status, country of origin, browser and operating system features, time details per visit, page sequence visited, and other parameters about the device operating system and/or the user's IT environment.
User: The individual using our website who, unless otherwise specified, is the Data Subject.
Data Subject: The natural person to whom personal data refers.
Data Processor: The natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Data Controller, as described in this privacy policy.
Data Controller (or Owner) The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, including security measures concerning the operation and use of our website. The Data Controller, unless otherwise specified, is Alphabet Guides.
Service: The service provided by our website, including the website itself, email communications, and digital product delivery.
Cookies: Small sets of data stored in the user's browser that enable certain website functionality.
Tracker: Any technology (e.g., cookies, unique identifiers, web beacons, embedded scripts, e-tags, and fingerprinting) that enables the tracking of users, for example, by accessing or storing information on the user's device.
Legal Information This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation), the UK General Data Protection Regulation, the California Consumer Privacy Act (CCPA), and other applicable privacy laws.
Contact Us
For any questions about this privacy policy or to exercise your privacy rights: • Email: hello@alphabetguides.com • Response time: Within one month of receiving your request
This privacy policy is designed to comply with UK GDPR, EU GDPR, CCPA/CPRA, PIPEDA, and other applicable privacy laws for our international customers.