Alphabet Guides: Evidence-Based Health & Fitness Guides

Privacy Policy
Last updated: September 02, 2025

Contact Information
Data Controller: Alphabet Guides (trading name)
Email: hello@alphabetguides.com

1. Introduction
This privacy policy explains how Alphabet Guides ("we," "us," or "our") collects, uses, and protects your personal information when you provide your email address through our website or third-party platforms. We are committed to protecting your privacy and complying with applicable data protection laws. For any questions about this policy, to exercise your rights or to make a complaint, please contact hello@alphabetguides.com.

2. What Information We Collect
We collect only the following personal information:
Email address — provided voluntarily when you subscribe to our mailing list via our website forms or transferred from third-party platforms
Support correspondence — emails and messages you send us when requesting customer support

We do not collect any other personal data, such as names, addresses, phone numbers, or browsing behaviour. We may also receive your email address from third-party platforms (for example, Gumroad) if you choose to download or purchase Digital Content via those platforms. When you provide your email on a third-party site, that third party may act as an independent controller for the processing it carries out on its platform.

3. How We Use Your Information
We use your email address for the following purposes:
Marketing communications: Sending automated email sequences, promotional content, and newsletters where you have given explicit consent
Service updates: Providing notifications relating to content you have requested or purchased
Customer support: Responding to your enquiries and support requests
Content delivery: Delivering or enabling access to Digital Content or previews that you requested via third-party platforms (such as Gumroad)
Access management: Managing access to purchased or downloaded content and maintaining suppression lists to respect unsubscribe requests

4. Legal Basis for Processing (UK/EU Users)
We rely on the following lawful bases under UK GDPR / EU GDPR:
Marketing communications: Consent. We will only send marketing emails to UK/EU individuals where explicit, informed consent has been given (we use a non-pre-ticked checkbox and double opt-in). PECR requires prior opt-in for most electronic marketing.
Delivery of requested Digital Content/previews: Contract (where delivery forms part of a purchase) or Consent (for free previews requested via a third-party platform). We will make the lawful basis clear at the point of collection.
Customer support and access management: Legitimate interests. We process email addresses to operate and administer our Service, respond to enquiries, and protect our rights.

We record consent (timestamp, IP address, the specific wording agreed and the confirmation method) so we can demonstrate compliance. Where appropriate (limited circumstances involving existing customer relationships), a "soft opt-in" may apply, but we primarily rely on explicit opt-in for marketing.

5. Your Privacy Rights For UK and EU Residents:
Right of access — Request copies of your personal data
Right to rectification — Request correction of inaccurate data
Right to erasure — Request deletion of your data
Right to restrict processing — Limit how we use your data
Right to object — Object to processing based on legitimate interests
Right to data portability — Receive your data in a portable format
Right to withdraw consent — Withdraw consent at any time

For California Residents (CCPA/CPRA):
Right to know — What personal information we collect and how it's used
Right to delete — Request deletion of your personal information
Right to opt-out — Opt out of the sale of personal information (we do not sell data)
Right to non-discrimination — We will not discriminate against you for exercising your rightsFor Canadian Residents:
Right of access — Access to your personal information we hold
Right to correction — Request correction of inaccurate information
Right to withdraw consent — Withdraw consent for marketing communications

For Residents of Other Countries:
We serve customers globally and will honour similar privacy rights where legally required in your jurisdiction.

6. How to Exercise Your Rights
To exercise any of your privacy rights or unsubscribe from our communications:
Email us: hello@alphabetguides.com
Unsubscribe link: Use the unsubscribe link in any marketing email
Response time: We will respond within one month (UK/EU) or as required by applicable law

Unsubscribe and Suppression Policy:
Immediate cessation — We stop sending marketing emails immediately upon unsubscribe
Suppression records — We maintain suppression lists for 3–6 years to prevent accidental re-contact
Re-subscription — If you wish to re-subscribe after unsubscribing, you must actively opt in again through our signup process
No re-contact — We will not contact unsubscribed addresses for marketing purposes, even if obtained from other sourcesVerification:
To protect your privacy, we may request information to verify your identity before fulfilling rights requests. We will minimise the amount of data requested and only use it for verification.

7. Data Sharing and Third Parties
We share your email address only with:
MailerLite (Ireland) — Our email service provider, acting as a data processor for sending marketing communications and managing subscriptions
Customer support tools — Where necessary to manage and respond to your support requests

We do not sell, rent, or otherwise share your email address with any other third parties for their marketing purposes.MailerLite Processing:
MailerLite acts as our processor and processes subscriber data only on our instructions under a Data Processing Agreement (DPA). MailerLite's data centres are located in Germany (MailerLite Classic) and the Netherlands (New MailerLite), with data hosted by Google Ireland Limited. Current sub-processors include Google Ireland Limited and Vercom S.A. (Poland). We have reviewed their GDPR compliance documentation. More details: https://www.mailerlite.com/legal/data-processing-agreement

Third-party downloads (Gumroad):
Our site links to Gumroad for downloading previews and sales. When you click that link, you will leave our site and interact with Gumroad's platform. Gumroad is an independent controller for the processing it carries out on its platform — Gumroad's privacy policy applies to data you provide on Gumroad: https://gumroad.com/privacy.If Gumroad shares your email with Alphabet Guides (for example, to enable delivery of a preview), Alphabet Guides will be the controller for its processing of that email. We will only use any email received from Gumroad to: (a) deliver the requested preview or content; and (b) send marketing communications only if you have explicitly consented to receive them from Alphabet Guides.

Lawful basis: For the delivery of content, we will rely on contract (if the download forms part of a sale) or consent (for free previews). For marketing, we rely on consent. For more on Gumroad's processing and transfer safeguards, see their privacy policy.

8. International Data Transfers
Your email may be processed in the UK (by us) and in other countries when you interact with our service providers:
MailerLite: Data processed in Germany and the Netherlands via Google Ireland Limited data centres
Gumroad: Processing may occur in the US and other countries

Transfers outside the UK/EEA are made only with appropriate safeguards such as adequacy decisions, the UK International Data Transfer Agreement (IDTA) or standard contractual clauses. MailerLite uses Standard Contractual Clauses (SCCs) and the UK Addendum for international transfers. Check Gumroad's privacy policy for their current transfer mechanisms: https://gumroad.com/privacy.

9. Data Retention

Active subscribers: Retained while you remain subscribed
Content access (Gumroad): Emails obtained via Gumroad to enable delivery or access are retained as long as necessary to perform the contract and provide access
Customer support: Support emails and correspondence retained for 3 years to assist with ongoing issues and warranty matters
Inactive subscribers: Where there is no engagement for 24 months, we will send a re-engagement message; if there is no response, we will delete the email address
Suppression records: We retain a suppression record (hashed email + unsubscribe date) for 3–6 years to ensure you are not contacted for marketing in error
Legal/tax retention: Where law requires longer retention (e.g., tax records), we will retain the necessary data for that periodAfter the applicable retention period, your email will be deleted or anonymised.

10. Data SecurityTechnical and Organisational Measures:
We implement appropriate security measures to protect your personal data, including:
Secure data transmission using encryption
Access controls limiting who can view your data
Regular security assessments of our service providers
Staff training on data protection requirements

Data Breaches:
If we become aware of a personal data breach that is likely to result in a risk to people's rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where required, within 72 hours. Where the breach is likely to result in a high risk to individuals, we will also notify affected individuals without undue delay and provide recommended steps to protect themselves.

Verification:
To protect your privacy, we may request information to verify your identity before fulfilling rights requests. We will minimise the amount of data requested and use it only for verification.

11. Children's Privacy
Our services are not directed to individuals under 13 years of age. We do not knowingly collect email addresses from children under 13. If we learn we have collected information from a child under 13, we will delete it immediately.

Note: While UK GDPR sets the age of consent for information society services at 13, some EU member states may apply higher age limits. We recommend parents and guardians supervise children's online activities.

12. Cookies and Tracking
Our website uses cookies to enhance your experience and to understand how visitors use the site. Cookies are small text files stored on your device that help the website function properly and provide useful information.

Types of cookies we use:
Essential cookies necessary for basic functionality, such as:
Session cookies for form submissions
Security cookies to prevent fraud
Analytics cookies are used to help us understand how visitors interact with our website and improve the user experience.

These are provided by Google Analytics and may collect information such as:
Pages visited and time spent on the site
Device and browser information
Approximate location

Consent:
Analytics cookies are non-essential. We will only set these cookies if you provide consent via our cookie banner. You can accept or reject analytics cookies at any time.

Managing Cookies and Opt-Out:
You can change or withdraw your consent at any time via the cookie banner on our site.
You can also opt out of Google Analytics by using the Google Analytics opt-out browser add-on or by adjusting your browser settings.

Third-Party Privacy Policy:
For more information about how Google Analytics processes your data, see the Google Privacy Policy.

13. Changes to This Policy
We may update this privacy policy periodically. We will:
Post the updated policy on our website
Update the "Last updated" date
Notify you via email if changes significantly affect your rights

14. Complaints and Disputes

UK/EU Residents:
If you're unhappy with how we handle your data, you can complain to:
UK Information Commissioner's Office (ICO)
Website: https://ico.org.uk/make-a-complaint/
Phone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Your local EU data protection authority (if you're an EU resident)

California Residents:
You may contact the California Attorney General's office regarding privacy complaints.

Canadian Residents:
You may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.Other Jurisdictions:
Contact your local data protection or privacy authority for complaints relating to data protection in your country.

15. Jurisdiction-Specific Information

California Residents:
We do not sell personal information as defined by the CCPA. In the past 12 months, we have not sold personal information of consumers.

Nevada Residents:
We do not sell personal information as defined under Nevada law.

Canadian Residents:
This policy complies with PIPEDA requirements for organisations processing personal information of Canadian residents.

Global Customers:
This policy is designed to provide appropriate protection for customers worldwide. We will comply with applicable data protection laws in jurisdictions where we have customers.

16. Records of Processing Activities
As required by data protection law, we maintain records of our processing activities, including:
The purposes of processing
Categories of data subjects and personal data
Recipients of personal data
Data retention periods
Security measures implemented

These records are available to supervisory authorities upon request.

Contact Us
For any questions about this privacy policy or to exercise your privacy rights:
Email: hello@alphabetguides.com
Response time: Within one month of receiving your request

This privacy policy is designed to comply with UK GDPR, EU GDPR, CCPA/CPRA, PIPEDA, and other applicable privacy laws for our international customers.