Privacy Policy

Last updated: March 18, 2026

Contact Information Data Controller: Alphabet Guides (trading name) Email: hello@alphabetguides.com

Introduction

This privacy policy explains how Alphabet Guides ("we," "us," or "our") collects, uses, and protects your personal information when you provide your email address through our website. We are committed to protecting your privacy and complying with applicable data protection laws. For any questions about this policy, to exercise your rights or to make a complaint, please contact hello@alphabetguides.com.

What Information We Collect

We collect only the following personal information:

  • Email address — provided voluntarily when you subscribe to our mailing list via our website forms or when you purchase digital products
  • Purchase information — transaction data necessary to process your purchase and deliver digital content (processed by Stripe via MailerLite)
  • Support correspondence — emails and messages you send us when requesting customer support
  • Usage Data — information collected automatically through our website, including IP addresses, browser type, device information, pages visited, time spent on pages, and referring website addresses

We do not collect any other personal data, such as names, addresses, phone numbers, or browsing behaviour, beyond what is necessary for our services.

How We Use Your Information

We use your personal information for the following purposes:

  • Marketing communications: Sending automated email sequences, promotional content, and newsletters where you have been clearly informed and provided your email voluntarily
  • Transaction processing: Processing purchases of digital products through MailerLite (payment processing by Stripe)
  • Service updates: Providing notifications relating to content you have requested or purchased
  • Customer support: Responding to your enquiries and support requests
  • Content delivery: Delivering digital content and managing access to purchased products
  • Access management: Maintaining suppression lists to respect unsubscribe requests
  • Service operation and maintenance: Using Usage Data for website operation, security, performance monitoring, troubleshooting, and improvement of our services
  • Legal compliance and protection: Complying with legal obligations, responding to enforcement requests, protecting our rights and interests (or those of our users or third parties), and detecting malicious or fraudulent activity

Mode and Place of Processing

Methods of Processing

We take appropriate security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of your personal data. Data processing is carried out using computers and IT-enabled tools, following organisational procedures and modes strictly related to the purposes indicated in this policy.

In addition to us (the Owner), in some cases, personal data may be accessible to certain types of persons involved with the operation of our services (administration, customer support, technical service providers) or external parties (such as email service providers, payment processors, hosting providers, IT companies) appointed, if necessary, as Data Processors. The updated list of these parties may be requested from us at any time.

Place of Processing

Personal data is processed at our operating offices in the UK and at the facilities of the third-party service providers involved in data processing. Depending on your location, data transfers may involve transferring your data to a country other than your own. For more information about international data transfers, see Section 8 of this policy.

Legal Basis for Processing (UK/EU Users)

We rely on the following lawful bases under UK GDPR / EU GDPR:

  • Marketing communications: Consent. We will only send marketing emails to UK/EU individuals where you have been clearly informed about receiving marketing communications before providing your email address and have voluntarily provided your email. While we do not always use double opt-in, you are always notified and informed before giving your email address about the purpose of collection. 
  • Purchase processing and content delivery: Contract. Processing is necessary to fulfil our contract with you when you purchase digital products. 
  • Customer support and access management: Legitimate interests. We process email addresses to operate and administer our Service, respond to enquiries, and protect our rights. 
  • Service operation and security: Legitimate interests. We process Usage Data to ensure the security, proper functioning, and improvement of our services. 
  • Legal compliance: Legal obligation. Processing may be necessary to comply with legal obligations to which we are subject.

We record consent evidence (timestamp, IP address where applicable, the specific information provided to users, and the method of collection) to demonstrate compliance with PECR and GDPR requirements.

Your Privacy Rights

For UK and EU Residents: 

  • Right of access — Request copies of your personal data
  • Right to rectification — Request correction of inaccurate data
  • Right to erasure — Request deletion of your data (subject to legal exceptions)
  • Right to restrict processing — Limit how we use your data under certain circumstances
  • Right to object — Object to processing based on legitimate interests, including for direct marketing purposes (you may object at any time without justification)
  • Right to data portability — Receive your data in a structured, commonly used, and machine-readable format
  • Right to withdraw consent — Withdraw consent at any time where processing is based on consent
  • Right to complain — Bring a claim before your competent data protection authority

For California Residents (CCPA/CPRA): 

  • Right to know — What personal information we collect and how it's used
  • Right to delete — Request deletion of your personal information (subject to legal exceptions)
  • Right to opt-out — Opt out of the sale of personal information (we do not sell data)
  • Right to non-discrimination — We will not discriminate against you for exercising your rights

For Canadian Residents: 

  • Right of access — Access to your personal information we hold
  • Right to correction — Request correction of inaccurate information
  • Right to withdraw consent — Withdraw consent for marketing communications

For Residents of Other Countries: We serve customers globally and will honour similar privacy rights where legally required in your jurisdiction.

Details About the Right to Object to Processing

Where personal data is processed for our legitimate interests, you may object to such processing by providing grounds related to your particular situation to justify the objection.

However, if your personal data is processed for direct marketing purposes, you can object to that processing at any time without providing any justification. You can exercise this right by using the unsubscribe link in any marketing email or by contacting us directly.

How to Exercise Your Rights

To exercise any of your privacy rights:

  • Email us: hello@alphabetguides.com
  • Unsubscribe link: Use the unsubscribe link in any marketing email (for marketing opt-out)
  • Response time: We will respond within one month (UK/EU) or as required by applicable law

Making a Request:

  • All requests can be made free of charge
  • We may request information to verify your identity before fulfilling rights requests to protect your privacy
  • We will minimise the amount of data requested for verification and only use it for that purpose
  • You may authorise a representative to make requests on your behalf, where permitted by law
  • We will address your request as early as possible and always within the timeframes required by applicable law

What We Will Provide:

When you exercise your rights, we will provide: 

  • Confirmation of whether we are processing your personal data
  • Information about the purposes of processing, categories of data, and recipients
  • A copy of your personal data is undergoing processing (where applicable)
  • Information about retention periods and your rights

Unsubscribe and Suppression Policy: 

  • Immediate cessation — We stop sending marketing emails immediately upon unsubscribe
  • Suppression records — We maintain suppression lists for 3–6 years to prevent accidental re-contact 
  • Re-subscription — If you wish to re-subscribe after unsubscribing, you must actively opt in again through our signup process
  • No re-contact — We will not contact unsubscribed addresses for marketing purposes, even if obtained from other sources

Data Sharing and Third Parties

We share your information only with:

  • MailerLite (Ireland) — Our website platform, email service provider, and digital product sales platform, acting as a data processor for managing subscriptions, processing purchases, sending marketing communications, and delivering digital content
  • Stripe — Payment processor used by MailerLite to process transactions. Stripe acts as an independent controller for payment data processing. See Stripe's privacy policy:

We do not sell, rent, or otherwise share your email address with any other third parties for their marketing purposes.

MailerLite Processing:

We use MailerLite to manage our email marketing subscriber list, host our website, process digital product sales, and send emails to our subscribers. MailerLite is a third-party provider, which may process your data using industry-standard technologies to help us monitor and improve our newsletter and services.

MailerLite acts as our processor and processes subscriber data only on our instructions under a Data Processing Agreement (DPA). MailerLite's data centres are located in Germany (MailerLite Classic) and the Netherlands (New MailerLite), with data hosted by Google Ireland Limited. Current sub-processors include Google Ireland Limited and Vercom S.A. (Poland). We have reviewed their GDPR compliance documentation.

MailerLite's privacy policy is available at https://www.mailerlite.com/legal/privacy-policy

More details about MailerLite's data processing: https://www.mailerlite.com/legal/data-processing-agreement

You can unsubscribe from our newsletter by clicking on the unsubscribe link provided at the end of each newsletter at any time.

MailerLite Analytics:

MailerLite collects essential analytics data necessary for the operation of our website and email services, including:

  • Email open rates and click-through rates
  • Website performance metrics
  • Form submission data
  • Basic technical information (browser type, device type)

    These analytics are essential for the proper functioning of our services and do not require separate consent. The data is processed by MailerLite as our processor and is used solely to improve our services and deliver content to you effectively.

    International Data Transfers

    Your information may be processed in the UK (by us) and in other countries when you interact with our service providers:

    • MailerLite: Data processed in Germany and the Netherlands via Google Ireland Limited data centres
    • Stripe: Payment data may be processed in the US and other countries

    Transfers outside the UK/EEA are made only with appropriate safeguards such as adequacy decisions, the UK International Data Transfer Agreement (IDTA), or standard contractual clauses. MailerLite uses Standard Contractual Clauses (SCCs) and the UK Addendum for international transfers. Check Stripe's privacy policy for their current transfer mechanisms: https://stripe.com/privacy

    Users are entitled to learn about the legal basis of data transfers to a country outside the European Union or to any international organisation and about the security measures taken to safeguard their data. If any such transfer takes place, users can find out more by checking the relevant sections of this document or by contacting us.

    Data Retention

    Personal data shall be processed and stored for as long as required by the purpose for which it has been collected. Therefore:

    • Active subscribers: Retained while you remain subscribed
    • Purchase records: Transaction data retained as long as necessary to fulfil the contract, provide access to purchased content, and comply with legal obligations (typically 6-7 years for tax purposes)
    • Customer support: Support emails and correspondence retained for 3 years to assist with ongoing issues and warranty matters
    • Inactive subscribers: Where there is no engagement for 24 months, we will send a re-engagement message; if there is no response, we will delete the email address
    • Suppression records: We retain a suppression record (hashed email + unsubscribe date) for 3–6 years to ensure you are not contacted for marketing in error
    • Legal/tax retention: Where law requires longer retention (e.g., tax records), we will retain the necessary data for that period
    • Usage Data: Retained for as long as necessary for security, service operation, and improvement purposes, typically no longer than necessary for those purposes

    We may be allowed to retain personal data for a longer period whenever you have given consent to such processing, as long as such consent is not withdrawn. Furthermore, we may be obliged to retain personal data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

    Once the retention period expires, personal data shall be deleted or anonymised. Therefore, the right of access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced after the expiration of the retention period.

    Data Security

    Technical and Organisational Measures:

    We implement appropriate security measures to protect your personal data, including: 

    • Secure data transmission using encryption (SSL/TLS)
    • Access controls limiting who can view your data
    • Regular security assessments of our service providers
    • Secure payment processing through Stripe's PCI-compliant systems
    • Staff training on data protection requirements
    • Confidentiality obligations for all persons authorised to process personal data

    Data Breaches:

    If we become aware of a personal data breach that is likely to result in a risk to people's rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where required, within 72 hours. Where the breach is likely to result in a high risk to individuals, we will also notify affected individuals without undue delay and provide recommended steps to protect themselves.

    Additional Information About Data Collection and Processing

    System Logs and Maintenance:

    For operation and maintenance purposes, our website and our third-party service providers may collect files that record interaction with our website (system logs) and use other Usage Data (such as IP addresses) for this purpose. This processing is necessary for the security, proper functioning, and improvement of our services.

    Legal Action:

    Your personal data may be used for legal purposes in court or in the stages leading to possible legal action arising from improper use of our website or services, or to protect our rights and interests. You acknowledge that we may be required to reveal personal data upon request of public authorities.

    Information Not Contained in This Policy:

    More details concerning the collection or processing of personal data may be requested from us at any time. Please see the contact information at the beginning of this document.

    Children's Privacy

    Our services are not directed to individuals under 13 years of age. We do not knowingly collect email addresses from children under 13. If we learn we have collected information from a child under 13, we will delete it immediately.

    Note: While UK GDPR sets the age of consent for information society services at 13, some EU member states may apply higher age limits. We recommend parents and guardians supervise children's online activities.

    Cookies and Tracking

    MailerLite

    Our website (hosted by MailerLite) uses essential cookies necessary for basic functionality, such as:

    • Session cookies for form submissions and website functionality
    • Security cookies to prevent fraud
    • Essential cookies required for the MailerLite platform to function properly

    Google Analytics with anonymised IP (Google Ireland Limited)

    Google Analytics is a web analysis service provided by Google Ireland Limited (“Google”). Google utilises the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualise and personalise the ads of its own advertising network.

    We collect this information for statistical purposes and to improve the functionality of our website.

    This integration of Google Analytics anonymises your IP address. It works by shortening Users’ IP addresses within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the complete IP address be sent to a Google server and shortened within the US.

    Personal Data processed    : Tracker and Usage Data.

    Place of processing    : Ireland – Privacy PolicyOpt Out.

    How to manage preferences and provide or withdraw consent

    There are various ways to manage tracker-related preferences and to provide and withdraw consent, where relevant. Users can manage preferences related to trackers directly within their own device settings, for example, by preventing the use or storage of trackers. It is also possible, via relevant browser or device features, to delete previously stored trackers, including those used to remember the user’s initial consent. 

    Other trackers in the browser’s local memory may be cleared by deleting the browsing history. With regard to any third-party trackers, users can manage their preferences and withdraw their consent via the related opt-out link (where provided), by using the means indicated in the third party’s privacy policy, or by contacting the third party.

    Changes to This Policy

    We may update this privacy policy periodically to reflect changes in our practices or for legal, operational, or regulatory reasons. We will: 

    • Post the updated policy on our website
    • Update the "Last updated" date at the top of this document
    • Notify you via email if changes significantly affect your rights or how we process your data

    Should changes affect processing activities performed on the basis of your consent, we will collect new consent from you where required. We strongly recommend checking this page regularly, referring to the date of the last modification.

    Complaints and Disputes

    UK/EU Residents:

    If you're unhappy with how we handle your data, you can complain to:

    UK Information Commissioner's Office (ICO):

    Website: https://ico.org.uk/make-a-complaint/ 

    Phone: 0303 123 1113 

    Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

    Your local EU data protection authority (if you're an EU resident)

    California Residents: You may contact the California Attorney General's office regarding privacy complaints.

    Canadian Residents: You may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca

    Other Jurisdictions: Contact your local data protection or privacy authority for complaints relating to data protection in your country.

    Jurisdiction-Specific Information

    California Residents: We do not sell personal information as defined by the CCPA. In the past 12 months, we have not sold personal information of consumers.

    Nevada Residents: We do not sell personal information as defined under Nevada law.

    Canadian Residents: This policy complies with PIPEDA requirements for organisations processing personal information of Canadian residents.

    Global Customers: This policy is designed to provide appropriate protection for customers worldwide. We will comply with applicable data protection laws in jurisdictions where we have customers.

    Records of Processing Activities

    As required by data protection law, we maintain records of our processing activities, including: 

    • The purposes of processing
    • Categories of data subjects and personal data
    • Recipients of personal data
    • Data retention periods
    • Security measures implemented

    These records are available to supervisory authorities upon request.

    Definitions and Legal References

    To help you understand this privacy policy, here are definitions of key terms used throughout this document:

    Personal Data (or Personal Information): Any information that directly, indirectly, or in connection with other information allows for the identification or identifiability of a natural person.

    Usage Data Information collected automatically through our website, which can include: IP addresses or domain names of computers used by users, URI addresses (Uniform Resource Identifier), time of requests, method used to submit requests to the server, size of files received in response, numerical codes indicating server response status, country of origin, browser and operating system features, time details per visit, page sequence visited, and other parameters about the device operating system and/or the user's IT environment.

    User: The individual using our website who, unless otherwise specified, is the Data Subject.

    Data Subject: The natural person to whom personal data refers.

    Data Processor: The natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Data Controller, as described in this privacy policy.

    Data Controller (or Owner): The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, including security measures concerning the operation and use of our website. The Data Controller, unless otherwise specified, is Alphabet Guides.

    Service: The service provided by our website, including the website itself, email communications, and digital product delivery.

    Cookies: Small sets of data stored in the user's browser that enable certain website functionality.

    Tracker: Any technology (e.g., cookies, unique identifiers, web beacons, embedded scripts, e-tags, and fingerprinting) that enables the tracking of users, for example, by accessing or storing information on the user's device.

    Legal Information This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation), the UK General Data Protection Regulation, the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

    Contact Us

    For any questions about this privacy policy or to exercise your privacy rights: 

    Email: hello@alphabetguides.com 

    Response time: Within one month of receiving your request

    This privacy policy is designed to comply with UK GDPR, EU GDPR, CCPA/CPRA, PIPEDA, and other applicable privacy laws for our international customers.