Privacy Policy
Last updated: 23 March 2026
1. Introduction
This privacy policy explains how The Daily Brief ("we", "us", "our") collects, uses, and protects your personal data when you use our website at thedailybrief.co.uk (the "Site"). We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data Controller
The data controller for the purposes of UK GDPR is:
The Daily Brief
Trading name of Edward Charles Stephen Dickinson
[YOUR CORRESPONDENCE ADDRESS]
Email: thedailybriefuk@gmail.com
Telephone: [YOUR PHONE NUMBER]
The data protection contact for The Daily Brief is Edward Charles Stephen Dickinson, contactable at the email address above.
3. Data We Collect
3.1 Data Stored Locally (localStorage)
We store the following data in your browser's localStorage. This data never leaves your device unless otherwise stated:
| Key | Purpose | Data Stored |
|---|---|---|
theme |
Remember your light/dark mode preference | "light" or "dark" |
db_bookmarks |
Store your saved stories | JSON array of bookmarked article data |
notifySubscribed |
Track browser notification permission | "true" or "false" |
db_markets |
Cache market data to reduce API calls | JSON with market prices and timestamp |
db_cookie_consent |
Record your cookie consent | "accepted" with timestamp |
db_subscribe_email |
Store your email for subscription interest | Email address you provide |
breakingDismissed_* |
Track which breaking news stories you have dismissed | "1" (dismissed flag) |
3.2 Push Notifications
If you enable push notifications, your browser generates a subscription object containing an endpoint URL and encryption keys. This subscription is sent to our Cloudflare Worker (daily-brief-push.thedailybrief.workers.dev), which stores it in order to deliver edition alerts to your device. No other personal data is collected. You can unsubscribe at any time using the bell icon, which removes your subscription from both your browser and our Worker.
3.3 HTTP Headers
When you visit the Site, standard HTTP headers (IP address, browser type, referring page) are processed by GitHub Pages' servers. We do not have direct access to these server logs.
3.4 Future: Subscriber and Payment Data
When premium subscriptions launch, the following additional data will be processed:
- Data collected by us: email address, name, subscription status, billing history, cancellation date (if applicable).
- Data collected by Stripe: full card number, expiry date, CVC, billing address. This data is collected and stored exclusively by Stripe and never touches our servers.
- Data received from Stripe: last four digits of your card, card brand (e.g. Visa), expiry date, billing postcode, and transaction records (amount, date, status).
- Retention after cancellation: subscriber records will be retained for 6 years after the end of your subscription, as required by UK tax law (HMRC). After this period, records will be deleted.
4. Lawful Basis for Processing
We process your data under the following lawful bases:
- Legitimate interest (Article 6(1)(f) UK GDPR) — for essential site functionality such as remembering your display preferences and caching market data to improve performance. We have conducted a Legitimate Interest Assessment (LIA) for each processing activity relying on this basis, weighing the purpose, necessity, and your rights. A copy is available on request.
- Consent (Article 6(1)(a) UK GDPR) — for browser notifications and cookie consent. You can withdraw consent at any time.
- Contractual necessity (Article 6(1)(b) UK GDPR) — for future subscription services, processing will be necessary for the performance of a contract.
5. Third-Party Services
The Site uses the following third-party services:
| Service | Data Shared | Purpose | Privacy Policy |
|---|---|---|---|
| Google Fonts | IP address, browser headers | Font delivery. When you load the Site, your browser connects to Google's servers to retrieve font files. This shares your IP address and browser information with Google. We are evaluating self-hosting fonts to eliminate this transfer. | Google Privacy Policy |
| RSS2JSON (rss2json.com) | IP address | RSS feed proxying for live news feeds | RSS2JSON Privacy Policy |
| AllOrigins (allorigins.win) | IP address | CORS proxy for cross-origin feed requests | AllOrigins (open-source, no formal policy) |
| CORSProxy (corsproxy.io) | IP address | Fallback CORS proxy | CORSProxy (no formal policy) |
| Yahoo Finance | IP address | Market data | Yahoo Privacy Policy |
| Cloudflare Web Analytics | None (cookieless, no personal data) | Privacy-first site analytics. Collects only aggregate, anonymised metrics (page views, referrers, country, device type). Does not set cookies, track users across sites, or collect IP addresses. | Cloudflare Privacy Policy |
| GitHub Pages | IP address, browser headers | Site hosting | GitHub Privacy Statement |
| Cloudflare Workers (daily-brief-push) | Push subscription endpoint URL, encryption keys | Delivers push notifications for new editions. Subscription data is stored on the Worker and deleted when you unsubscribe. | Cloudflare Privacy Policy |
| Stripe (future) | Payment details, billing address, email | Payment processing | Stripe Privacy Policy |
6. Data Retention
- localStorage data persists in your browser until you clear it manually or clear your browser data. We have no server-side access to this data.
- GitHub Pages logs are retained according to GitHub's data retention policies.
- Future Stripe data — transaction records will be retained for a minimum of 6 years in accordance with UK tax law (HMRC requirements) and Stripe's data retention policies.
7. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request correction of inaccurate personal data.
- Right to erasure — request deletion of your personal data.
- Right to restrict processing — request that we limit how we use your data.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interests.
To exercise any of these rights, please email thedailybriefuk@gmail.com. We will respond within one calendar month of receiving your request.
8. International Transfers
Some of our third-party services (GitHub, Google) may process data on servers located outside the United Kingdom. Where this occurs, transfers are protected by:
- UK adequacy decisions for the relevant jurisdiction, or
- Standard Contractual Clauses (SCCs) approved by the ICO.
9. Children
The Site is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take steps to delete it.
10. Changes to This Policy
We may update this privacy policy from time to time. The "last updated" date at the top of this page will be revised accordingly. Material changes will be communicated via a notice on the Site.
11. Complaints
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Telephone: 0303 123 1113
12. Contact
For any questions about this privacy policy or your personal data, please contact us at:
thedailybriefuk@gmail.com