A. Hally — Field notes on AI product
Appendix · PrivacyUK GDPR/ai-pm/privacy
— Appendix · Data & privacy

How your data is handled.

The same policy that governs the rest of the site, set here in the field-notes edition. If you write to me through the contact form below the article, this is what happens to what you send.

DraftDRAFT — not yet legally reviewed. Bracketed [PLACEHOLDERS] must be completed by the owner before this is published (before dev -> main).

§ 01Who we are

This site is run by Angus Hally, who is the data controller responsible for the personal data described in this policy. If you have a question about your data, or want to make a data-protection request, contact [PRIVACY_CONTACT_EMAIL].

Registered entity: [LEGAL_ENTITY].

§ 02What we collect, why, and our lawful basis

We only collect the personal data we need for the purposes below, and for each we rely on a lawful basis under UK GDPR.

We collect:

  • Contact form — your name, email address, subject, message, and the source (which persona or page you submitted from). Lawful basis: consent, and our legitimate interest in responding to your enquiry.
  • Anti-spam — we use Google reCAPTCHA, which processes your IP address and interaction signals to tell humans from bots. Lawful basis: our legitimate interest in keeping forms secure.
  • Analytics — we use PostHog product analytics (usage events) to understand how the site is used. Lawful basis: your consent; no analytics is collected unless you allow it.
  • Account / sign-in (if used) — when you sign in we use Supabase authentication to manage your session. Lawful basis: performance of the service you have asked for.
  • Preferences — your theme choice and your consent choices are stored locally in your browser so the site remembers them. Lawful basis: our legitimate interest in providing a consistent experience.

§ 03Cookies and local storage

We use a small number of cookies and browser-storage items, grouped into categories so you can control the non-essential ones.

These are:

  • Supabase authentication cookies — strictly necessary; keep you signed in securely.
  • Your consent choice — strictly necessary; remembers which cookie categories you have allowed.
  • Theme preference ("mantine-color-scheme-value") — functional; remembers your light/dark choice.
  • Google reCAPTCHA ("_GRECAPTCHA") — security; used for anti-spam protection on forms.
  • PostHog cookies — analytics; set only after you give consent.

You can change your choices at any time in the cookie preference centre (the same "cookie preferences" link in the footer and on this page).

§ 04Who we share your data with

We do not sell your personal data. We share it only with the service providers (processors) we rely on to run the site, and only as needed for the purposes above.

Our processors are:

  • Google — provides reCAPTCHA anti-spam protection.
  • PostHog — provides product analytics, hosted in [POSTHOG_REGION].
  • Supabase — provides hosting, authentication, and the database.
  • Our email provider, [EMAIL_PROVIDER] — delivers the emails generated by the contact form.

§ 05How long we keep your data

Contact submissions and the leads created from them are kept for [LEAD_RETENTION_PERIOD], after which they are deleted. We do not keep personal data for longer than we need it.

§ 06International transfers

Some of our processors may process your data outside the UK. Where they do, we rely on appropriate safeguards — such as a UK adequacy decision or Standard Contractual Clauses (SCCs) — to protect it. The exact position depends on where analytics is hosted ([POSTHOG_REGION]).

§ 07Your rights

Under UK GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected (rectification);
  • have your data deleted (erasure);
  • restrict how we use your data;
  • object to our processing;
  • receive your data in a portable format (portability).

To exercise any of these rights, contact [PRIVACY_CONTACT_EMAIL]. Where we rely on your consent, you can withdraw it at any time using the cookie preference centre; withdrawing consent does not affect processing already carried out.

§ 08Complaints

If you are unhappy with how we have handled your data, you can complain to the Information Commissioner’s Office (ICO), the UK data-protection regulator, at ico.org.uk. We would appreciate the chance to address your concerns first via [PRIVACY_CONTACT_EMAIL].

§ 09Changes to this policy

We may update this policy from time to time. When we make material changes we will update the date below.

Last updated: [DATE_TBD].

A. Hally — Field notes on AI product
Appendix · PrivacyUK GDPR/ai-pm/privacy
— Appendix · Data & privacy

How your data is handled.

The same policy that governs the rest of the site, set here in the field-notes edition. If you write to me through the contact form below the article, this is what happens to what you send.

DraftDRAFT — not yet legally reviewed. Bracketed [PLACEHOLDERS] must be completed by the owner before this is published (before dev -> main).

§ 01Who we are

This site is run by Angus Hally, who is the data controller responsible for the personal data described in this policy. If you have a question about your data, or want to make a data-protection request, contact [PRIVACY_CONTACT_EMAIL].

Registered entity: [LEGAL_ENTITY].

§ 02What we collect, why, and our lawful basis

We only collect the personal data we need for the purposes below, and for each we rely on a lawful basis under UK GDPR.

We collect:

  • Contact form — your name, email address, subject, message, and the source (which persona or page you submitted from). Lawful basis: consent, and our legitimate interest in responding to your enquiry.
  • Anti-spam — we use Google reCAPTCHA, which processes your IP address and interaction signals to tell humans from bots. Lawful basis: our legitimate interest in keeping forms secure.
  • Analytics — we use PostHog product analytics (usage events) to understand how the site is used. Lawful basis: your consent; no analytics is collected unless you allow it.
  • Account / sign-in (if used) — when you sign in we use Supabase authentication to manage your session. Lawful basis: performance of the service you have asked for.
  • Preferences — your theme choice and your consent choices are stored locally in your browser so the site remembers them. Lawful basis: our legitimate interest in providing a consistent experience.

§ 03Cookies and local storage

We use a small number of cookies and browser-storage items, grouped into categories so you can control the non-essential ones.

These are:

  • Supabase authentication cookies — strictly necessary; keep you signed in securely.
  • Your consent choice — strictly necessary; remembers which cookie categories you have allowed.
  • Theme preference ("mantine-color-scheme-value") — functional; remembers your light/dark choice.
  • Google reCAPTCHA ("_GRECAPTCHA") — security; used for anti-spam protection on forms.
  • PostHog cookies — analytics; set only after you give consent.

You can change your choices at any time in the cookie preference centre (the same "cookie preferences" link in the footer and on this page).

§ 04Who we share your data with

We do not sell your personal data. We share it only with the service providers (processors) we rely on to run the site, and only as needed for the purposes above.

Our processors are:

  • Google — provides reCAPTCHA anti-spam protection.
  • PostHog — provides product analytics, hosted in [POSTHOG_REGION].
  • Supabase — provides hosting, authentication, and the database.
  • Our email provider, [EMAIL_PROVIDER] — delivers the emails generated by the contact form.

§ 05How long we keep your data

Contact submissions and the leads created from them are kept for [LEAD_RETENTION_PERIOD], after which they are deleted. We do not keep personal data for longer than we need it.

§ 06International transfers

Some of our processors may process your data outside the UK. Where they do, we rely on appropriate safeguards — such as a UK adequacy decision or Standard Contractual Clauses (SCCs) — to protect it. The exact position depends on where analytics is hosted ([POSTHOG_REGION]).

§ 07Your rights

Under UK GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected (rectification);
  • have your data deleted (erasure);
  • restrict how we use your data;
  • object to our processing;
  • receive your data in a portable format (portability).

To exercise any of these rights, contact [PRIVACY_CONTACT_EMAIL]. Where we rely on your consent, you can withdraw it at any time using the cookie preference centre; withdrawing consent does not affect processing already carried out.

§ 08Complaints

If you are unhappy with how we have handled your data, you can complain to the Information Commissioner’s Office (ICO), the UK data-protection regulator, at ico.org.uk. We would appreciate the chance to address your concerns first via [PRIVACY_CONTACT_EMAIL].

§ 09Changes to this policy

We may update this policy from time to time. When we make material changes we will update the date below.

Last updated: [DATE_TBD].