Privacy Policy
Alphabet Guides publishes concise, evidence-based health and fitness articles focused on clarity, not hype.
Last updated: June 27, 2026
Contact Information
Data Controller: Alphabet Guides (trading name)
Email: hello@alphabetguides.com
Introduction
This privacy policy explains how Alphabet Guides ("we," "us," or "our") collects, uses, and protects your personal information when you visit our website, subscribe to our free newsletter, or become a paid member. We are committed to protecting your privacy and complying with applicable data protection laws. For any questions about this policy, to exercise your rights or to make a complaint, please contact hello@alphabetguides.com.
What Information We Collect
We collect only the following personal information:
- Email address — provided voluntarily when you subscribe to our free mailing list/newsletter or create a member account
- Name — provided voluntarily if you choose to include it when subscribing or creating a member account
- Account and subscription information — for paid members, this includes your membership tier, subscription status, and renewal dates
- Payment information — for paid members, payment is handled entirely by Stripe; we do not collect or store your card details ourselves (see "Data Sharing and Third Parties" below)
- Support correspondence — emails and messages you send us when requesting customer support
- Usage Data — information collected automatically through our website's native analytics, including approximate visit counts, pages viewed, and general traffic patterns. This is collected on a cookie-free, first-party basis (see "Cookies and Tracking" below) and, for logged-in members, may include which posts you have viewed and whether you are a free or paid member
We do not collect any other personal data, such as physical addresses or phone numbers, beyond what is necessary for our services.
How We Use Your Information
We use your personal information for the following purposes:
- Newsletter and marketing communications: Sending our free newsletter, automated email sequences, and promotional content where you have been clearly informed and provided your email voluntarily
- Membership and subscription management: Creating and managing your member account, processing recurring subscription payments, and providing access to paid/premium content
- Service updates: Providing notifications relating to content you have requested, your subscription, or your account
- Customer support: Responding to your enquiries and support requests
- Content delivery: Granting and managing access to free and paid content
- Access management: Maintaining suppression lists to respect unsubscribe requests
- Service operation and maintenance: Using Usage Data for website operation, security, performance monitoring, troubleshooting, and improvement of our content and services
- Legal compliance and protection: Complying with legal obligations, responding to enforcement requests, protecting our rights and interests (or those of our users or third parties), and detecting malicious or fraudulent activity
Mode and Place of Processing
Methods of Processing
We take appropriate security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of your personal data. Data processing is carried out using computers and IT-enabled tools, following organisational procedures and modes strictly related to the purposes indicated in this policy.
In addition to us (the Owner), in some cases, personal data may be accessible to certain types of persons involved with the operation of our services (administration, customer support, technical service providers) or external parties (such as our website/membership platform, payment processors, hosting providers) appointed, if necessary, as Data Processors. The updated list of these parties may be requested from us at any time.
Place of Processing
Personal data is processed at our operating offices in the UK and at the facilities of the third-party service providers involved in data processing, including within the EU. Depending on your location, data transfers may involve transferring your data to a country other than your own. For more information about international data transfers, see the "International Data Transfers" section of this policy.
Legal Basis for Processing (UK/EU Users)
We rely on the following lawful bases under UK GDPR / EU GDPR:
- Free newsletter communications: Consent. We will only send marketing emails to UK/EU individuals where you have been clearly informed about receiving communications before providing your email address and have voluntarily provided your email.
- Paid membership and subscription processing: Contract. Processing is necessary to fulfil our contract with you when you sign up for and maintain a paid membership, including recurring billing and access to premium content.
- Customer support and access management: Legitimate interests. We process personal data to operate and administer our Service, respond to enquiries, and protect our rights.
- Service operation and security: Legitimate interests. We process Usage Data to ensure the security, proper functioning, and improvement of our services.
- Legal compliance: Legal obligation. Processing may be necessary to comply with legal obligations to which we are subject (for example, retaining transaction records for tax purposes).
We record consent evidence (timestamp, IP address where applicable, the specific information provided to users, and the method of collection) to demonstrate compliance with PECR and GDPR requirements.
Your Privacy Rights
For UK and EU Residents:
- Right of access — Request copies of your personal data
- Right to rectification — Request correction of inaccurate data
- Right to erasure — Request deletion of your data (subject to legal exceptions)
- Right to restrict processing — Limit how we use your data under certain circumstances
- Right to object — Object to processing based on legitimate interests, including for direct marketing purposes (you may object at any time without justification)
- Right to data portability — Receive your data in a structured, commonly used, and machine-readable format
- Right to withdraw consent — Withdraw consent at any time where processing is based on consent
- Right to complain — Bring a claim before your competent data protection authority
For California Residents (CCPA/CPRA):
- Right to know — What personal information we collect and how it's used
- Right to delete — Request deletion of your personal information (subject to legal exceptions)
- Right to opt-out — Opt out of the sale of personal information (we do not sell data)
- Right to non-discrimination — We will not discriminate against you for exercising your rights
For Canadian Residents:
- Right of access — Access to the personal information we hold
- Right to correction — Request correction of inaccurate information
- Right to withdraw consent — Withdraw consent for marketing communications
For Residents of Other Countries:
We serve customers globally and will honour similar privacy rights where legally required in your jurisdiction.
Details About the Right to Object to Processing
Where personal data is processed for our legitimate interests, you may object to such processing by providing grounds related to your particular situation to justify the objection.
However, if your personal data is processed for direct marketing purposes, you can object to that processing at any time without providing any justification. You can exercise this right by using the unsubscribe link in any marketing email or by contacting us directly.
How to Exercise Your Rights
To exercise any of your privacy rights:
- Email us: hello@alphabetguides.com
- Unsubscribe link: Use the unsubscribe link in any marketing email (for newsletter opt-out)
- Account management: Paid members can update certain account details directly via their member account portal
- Response time: We will respond within one month (UK/EU) or as required by applicable law
Making a Request:
- All requests can be made free of charge
- We may request information to verify your identity before fulfilling rights requests to protect your privacy
- We will minimise the amount of data requested for verification and only use it for that purpose
- You may authorise a representative to make requests on your behalf, where permitted by law
- We will address your request as early as possible and always within the timeframes required by applicable law
What We Will Provide:
When you exercise your rights, we will provide:
- Confirmation of whether we are processing your personal data
- Information about the purposes of processing, categories of data, and recipients
- A copy of your personal data undergoing processing (where applicable)
- Information about retention periods and your rights
Unsubscribe, Cancellation and Suppression Policy:
- Newsletter unsubscribe — We stop sending marketing emails immediately upon unsubscribe
- Membership cancellation — Paid members may cancel their subscription at any time via their account portal or by contacting us; cancellation stops future billing but does not automatically delete your account data (see "Data Retention" below)
- Suppression records — We maintain suppression lists for 3–6 years to prevent accidental re-contact
- Re-subscription — If you wish to re-subscribe to the newsletter after unsubscribing, you must actively opt in again through our signup process
- No re-contact — We will not contact unsubscribed addresses for marketing purposes, even if obtained from other sources
Data Sharing and Third Parties
We share your information only with:
- Ghost Foundation Ltd ("Ghost") — Our website, publishing, membership, and newsletter platform, which hosts our site, manages free and paid subscriber/member accounts, and delivers our newsletter. Ghost acts as our data processor for this purpose, and separately as a data controller for limited account/billing-adjacent information it holds about platform customers. See Ghost's privacy policy: https://ghost.org/privacy/ and their Data Processing Agreement: https://ghost.org/dpa/
- Stripe — Payment processor used via Ghost's native membership integration to process subscription payments. Stripe acts as an independent controller for payment data processing. Billing details are held directly in Stripe and are not stored by us. See Stripe's privacy policy: https://stripe.com/privacy
We do not sell, rent, or otherwise share your personal data with any other third parties for their marketing purposes.
Ghost Processing:
We use Ghost to host our website, manage our free newsletter list, manage paid member accounts and subscriptions, and publish our content. When you subscribe to our free list or become a member, Ghost stores your email address, name (if provided), membership/subscription status, and related account metadata (such as IP address and signup date, used for security and verification purposes).
Ghost Foundation Ltd is based in the Netherlands and stores data in EU data centres. In certain limited circumstances, Ghost may process data outside the EU when carrying out support and maintenance of its services, under appropriate safeguards.
Ghost's privacy policy is available at https://ghost.org/privacy/
Ghost's Data Processing Agreement is available at https://ghost.org/dpa/
You can unsubscribe from our free newsletter at any time using the unsubscribe link included in every newsletter email.
Stripe and Membership Payments:
If you sign up for a paid membership tier, you will be directed to Stripe's secure checkout to enter your payment details. Stripe processes and stores your payment information; we do not see or store your full card details. Ghost stores a record that you are a paying member and your subscription tier/status, which it receives from Stripe to manage your access to premium content.
Native Website Analytics:
Our website uses Ghost's built-in, first-party, cookie-free analytics (powered by Tinybird) to understand how visitors and members interact with our content. This does not use cookies or any other persistent browser storage to track you across sessions or devices, and does not require cookie consent. Analytics data for our site is stored in EU regions.
When you are logged in as a member, we may record which posts you view to help us understand what content is most engaging and improve our service. This data is used internally only and is never shared with third parties for marketing purposes.
International Data Transfers
Your information may be processed in the UK (by us) and in other countries when you interact with our service providers:
- Ghost: Data is stored in EU data centres. In limited circumstances, data may be processed outside the EU for support and maintenance purposes, with appropriate safeguards in place.
- Stripe: Payment data may be processed in the US and other countries, subject to Stripe's own safeguards.
Transfers outside the UK/EEA are made only with appropriate safeguards such as adequacy decisions, the UK International Data Transfer Agreement (IDTA), or standard contractual clauses (SCCs). Check Ghost's and Stripe's privacy policies for their current transfer mechanisms: https://ghost.org/privacy/ and https://stripe.com/privacy
Users are entitled to learn about the legal basis of data transfers to a country outside the European Union or to any international organisation and about the security measures taken to safeguard their data. If any such transfer takes place, users can find out more by checking the relevant sections of this document or by contacting us.
Data Retention
Personal data shall be processed and stored for as long as required by the purpose for which it has been collected. Therefore:
- Free newsletter subscribers: Retained while you remain subscribed
- Paid members: Account and subscription data retained for as long as your membership is active, and for a reasonable period afterward to handle billing queries, disputes, or re-activation, after which it will be deleted or anonymised
- Transaction records: Payment and billing records retained as long as necessary to comply with legal obligations (typically 6–7 years for tax purposes); these are primarily held within Stripe
- Customer support: Support emails and correspondence retained for 3 years to assist with ongoing issues and warranty matters
- Inactive free subscribers: Where there is no engagement for 24 months, we will send a re-engagement message; if there is no response, we will delete the email address
- Suppression records: We retain a suppression record (hashed email + unsubscribe date) for 3–6 years to ensure you are not contacted for marketing in error
- Legal/tax retention: Where law requires longer retention (e.g., tax records), we will retain the necessary data for that period
- Usage Data: Retained for as long as necessary for security, service operation, and improvement purposes, typically no longer than necessary for those purposes
We may be allowed to retain personal data for a longer period whenever you have given consent to such processing, as long as such consent is not withdrawn. Furthermore, we may be obliged to retain personal data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, personal data shall be deleted or anonymised. Therefore, the right of access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced after the expiration of the retention period.
Data Security
Technical and Organisational Measures:
We implement appropriate security measures to protect your personal data, including:
- Secure data transmission using encryption (SSL/TLS)
- Access controls limiting who can view your data
- Reliance on reputable service providers (Ghost, Stripe) with their own robust security and compliance programmes
- Secure payment processing through Stripe's PCI-compliant systems
- Staff training on data protection requirements
- Confidentiality obligations for all persons authorised to process personal data
Data Breaches:
If we become aware of a personal data breach that is likely to result in a risk to people's rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where required, within 72 hours. Where the breach is likely to result in a high risk to individuals, we will also notify affected individuals without undue delay and provide recommended steps to protect themselves.
Additional Information About Data Collection and Processing
System Logs and Maintenance:
For operation and maintenance purposes, our website and our third-party service providers may collect files that record interaction with our website (system logs) and use other Usage Data (such as IP addresses) for this purpose. This processing is necessary for the security, proper functioning, and improvement of our services.
Legal Action:
Your personal data may be used for legal purposes in court or in the stages leading to possible legal action arising from improper use of our website or services, or to protect our rights and interests. You acknowledge that we may be required to reveal personal data upon request of public authorities.
Information Not Contained in This Policy:
More details concerning the collection or processing of personal data may be requested from us at any time. Please see the contact information at the beginning of this document.
Children's Privacy
Our services are not directed to individuals under 13 years of age. We do not knowingly collect personal data from children under 13, and our paid membership is not intended for use by anyone under 13. If we learn we have collected information from a child under 13, we will delete it immediately.
Note: While UK GDPR sets the age of consent for information society services at 13, some EU member states may apply higher age limits. We recommend parents and guardians supervise children's online activities.
Cookies and Tracking
Essential Cookies
Our website (hosted by Ghost) uses essential cookies necessary for basic functionality, such as:
- Session cookies to keep you logged in as a member
- Security cookies to prevent fraud
- Cookies required by Stripe to process membership payments securely
Native Analytics (Cookie-Free)
We use first-party, cookie-free analytics, built into our website platform and powered by Tinybird, to understand how visitors and members interact with our content. This does not use cookies or other persistent identifiers to track you across sessions, browsers, or devices, and therefore does not require separate cookie consent. When you're logged in as a member, we may record which posts you view to help improve our service and better understand what content is most engaging; this data is never shared with third parties.
Google Analytics with anonymised IP (Google Ireland Limited)
Google Analytics is a web analysis service provided by Google Ireland Limited (“Google”). Google utilises the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualise and personalise the ads of its own advertising network.
We collect this information for statistical purposes and to improve the functionality of our website.
This integration of Google Analytics anonymises your IP address. It works by shortening Users’ IP addresses within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the complete IP address be sent to a Google server and shortened within the US.
Personal Data processed: Tracker and Usage Data.
Place of processing: Ireland – Privacy Policy – Opt Out.
How to Manage Cookie Preferences
Because we rely only on essential cookies and basic analytics cookies, there is no non-essential cookie consent banner on our site. You can manage or block essential cookies through your own browser settings, but doing so may prevent core features (such as staying logged in as a member) from working correctly.
Changes to This Policy
We may update this privacy policy periodically to reflect changes in our practices or for legal, operational, or regulatory reasons. We will:
- Post the updated policy on our website
- Update the "Last updated" date at the top of this document
- Notify you via email if changes significantly affect your rights or how we process your data
Should changes affect processing activities performed on the basis of your consent, we will collect new consent from you where required. We strongly recommend checking this page regularly, referring to the date of the last modification.
Complaints and Disputes
UK/EU Residents:
If you're unhappy with how we handle your data, you can complain to:
UK Information Commissioner's Office (ICO)
- Website: https://ico.org.uk/make-a-complaint/
- Phone: 0303 123 1113
- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Your local EU data protection authority (if you're an EU resident)
California Residents:
You may contact the California Attorney General's office regarding privacy complaints.
Canadian Residents:
You may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca
Other Jurisdictions:
Contact your local data protection or privacy authority for complaints relating to data protection in your country.
Jurisdiction-Specific Information
California Residents:
We do not sell personal information as defined by the CCPA. In the past 12 months, we have not sold personal information of consumers.
Nevada Residents:
We do not sell personal information as defined under Nevada law.
Canadian Residents:
This policy complies with PIPEDA requirements for organisations processing personal information of Canadian residents.
Global Customers:
This policy is designed to provide appropriate protection for customers worldwide. We will comply with applicable data protection laws in jurisdictions where we have customers.
Records of Processing Activities
As required by data protection law, we maintain records of our processing activities, including:
- The purposes of processing
- Categories of data subjects and personal data
- Recipients of personal data
- Data retention periods
- Security measures implemented
These records are available to supervisory authorities upon request.
Definitions and Legal References
Personal Data (or Personal Information): Any information that directly, indirectly, or in connection with other information allows for the identification or identifiability of a natural person.
Usage Data: Information collected automatically through our website, which can include: IP addresses or domain names of computers used by users, URI addresses (Uniform Resource Identifier), time of requests, method used to submit requests to the server, size of files received in response, numerical codes indicating server response status, country of origin, browser and operating system features, time details per visit, page sequence visited, and other parameters about the device operating system and/or the user's IT environment.
Member: A registered user of our website who has created an account, whether on the free or paid tier.
User: The individual using our website who, unless otherwise specified, is the Data Subject.
Data Subject: The natural person to whom personal data refers.
Data Processor: The natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Data Controller, as described in this privacy policy.
Data Controller (or Owner): The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, including security measures concerning the operation and use of our website. The Data Controller, unless otherwise specified, is Alphabet Guides.
Service: The service provided by our website, including the website itself, free newsletter, paid membership, and content delivery.
Cookies: Small sets of data stored in the user's browser that enable certain website functionality.
Tracker: Any technology (e.g., cookies, unique identifiers, web beacons, embedded scripts, e-tags, and fingerprinting) that enables the tracking of users, for example, by accessing or storing information on the user's device.
Legal Information: This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation), the UK General Data Protection Regulation, the California Consumer Privacy Act (CCPA), and other applicable privacy laws.
Contact Us
For any questions about this privacy policy or to exercise your privacy rights:
- Email: hello@alphabetguides.com
- Response time: Within one month of receiving your request
This privacy policy is designed to comply with UK GDPR, EU GDPR, CCPA/CPRA, PIPEDA, and other applicable privacy laws for our international customers.