Skip to content
MyClaimWorth
privacy policy

Privacy.

By 9 min read

One-paragraph summary.

MyClaimWorth is an editorial publication. We do not sell or share personal data with third parties. We do not run behavioural advertising. We collect privacy-first traffic statistics through Cloudflare Web Analytics (no cookies, no IP retention), the email address you give us if you fill in the contact or newsletter form, and standard server logs kept for security purposes. You can ask us to delete any record we hold on you at any time.

Who we are.

MyClaimWorth (“we”, “us”) is the publisher of myclaimworth.com. For data-protection purposes we are the data controller for the personal data we collect through this site. The contact for any privacy enquiry, including subject-access requests, is hello@myclaimworth.com.

What we collect.

Aggregate analytics. Privacy-first traffic statistics through Cloudflare Web Analytics: page views, referrer, country (derived without storing IP), device category, and session duration. No cookies are set. No IP addresses are retained beyond initial connection.

Contact and newsletter form data. If you submit the contact form, we collect the name, email address, topic, and message text you provide. If you sign up for the newsletter, we collect the email address you provide.

Server logs. Our hosting provider (Vercel) and our email provider (Resend) keep short-term logs for security and abuse-prevention purposes. These logs include connection metadata such as timestamps, user-agent strings, and originating IP addresses. They are retained for the minimum necessary period and are not used for marketing.

Cookies. The site does not set marketing or tracking cookies. Cloudflare may set a short-lived technical cookie for security purposes (anti-bot, rate-limiting). If we add a clearly labelled embedded video or external widget that sets cookies, we will surface a cookie banner before the cookies are set.

Why we collect it.

We collect aggregate analytics so we can understand which pages readers find useful and prioritise editorial work accordingly. We collect contact-form data so we can reply to your message. We collect newsletter sign-up data so we can send you the newsletter you asked for and so we can honour your unsubscribe.

The lawful basis for our processing under the EU GDPR and UK GDPR is, depending on the processing activity: consent (newsletter sign-up), contract (replying to a specific enquiry), or legitimate interests (security logging and aggregate analytics with no individual tracking). We do not rely on consent for the privacy-first analytics, because no personal data is processed by them.

Cookies and analytics.

We use Cloudflare Web Analytics. Cloudflare publishes a statement that this product does not set cookies, does not fingerprint visitors, and does not retain IP addresses beyond the initial connection. We treat that statement as accurate at the date of publication of this policy and would update this policy if Cloudflare's practices changed.

We do not use Google Analytics, Meta Pixel, or any cross-site tracking technology. We do not place advertising trackers on the site. If we add display advertising in future, we will update this section to describe the network and the cookies it sets, and we will add a granular consent banner for any cookies that require consent under the relevant law.

Advertising.

We may, at some point, run programmatic display advertising and clearly labelled sponsorship slots. When we do, we will update this policy to identify the advertising network or networks used, the categories of cookies they set, and the processors involved. Sponsorship slots are sold by us directly and do not involve cookie-based tracking. Sponsors do not see editorial copy before publication and do not receive any reader-level data from us.

Processors we use.

We use a small number of third-party services that act as data processors on our behalf:

  • Vercel — hosting and edge delivery. Server logs, session metadata.
  • Cloudflare — DNS, CDN, web analytics. Edge security and aggregate analytics.
  • Resend — outbound email for the contact form and newsletter.
  • Beehiiv (when configured) — newsletter delivery and subscription management.
  • GitHub — code hosting only; no reader data is stored on GitHub.

Each processor handles data under the terms of a data processing agreement and its own published privacy policy. Where any processor is located outside the European Economic Area, the transfer is governed by Standard Contractual Clauses or an equivalent transfer mechanism recognised by the EU, UK, or relevant authority.

Retention.

Aggregate analytics: aggregated indefinitely; no individual record is retained.

Contact-form messages: retained as long as needed to deal with the enquiry, then deleted within 24 months unless we need to keep them longer for a specific reason (for example, an open editorial correction or a partnership under negotiation).

Newsletter sign-ups: retained until you unsubscribe. Unsubscribing immediately removes you from active sending lists; we may keep a suppression record (your email address, an unsubscribe flag, the date you unsubscribed) for the minimum period needed to honour the unsubscribe and to demonstrate compliance.

Server logs: retained for the minimum period needed for security purposes, generally not exceeding 90 days, in line with our processors' default policies.

Sharing and disclosure.

We do not sell personal data. We do not share personal data with third parties for their own marketing. We do not participate in cross-site profiling.

We share data only with the processors listed above, and only to the extent needed to operate the site and respond to readers. We may disclose data to law enforcement or to comply with a court order if we are legally required to, and we will challenge requests we consider overbroad before complying.

International transfers.

Some of our processors are located outside the EEA and the UK, principally in the United States. Where a transfer of personal data is involved, we rely on Standard Contractual Clauses, the UK Addendum to the SCCs, the EU-US Data Privacy Framework where applicable, or equivalent recognised mechanisms. Cloudflare Web Analytics is designed not to transfer personal data because it does not collect personal data; the contact form and newsletter operate under the SCCs.

Your rights.

Depending on the jurisdiction you are in, you have the following rights over personal data we hold about you:

  • access to a copy of the data we hold
  • rectification of inaccurate data
  • erasure (the “right to be forgotten”) where applicable
  • restriction of processing in defined circumstances
  • data portability for data we hold under contract or consent
  • objection to processing based on legitimate interests
  • withdrawal of consent at any time, where consent is the basis
  • under the CCPA, the right to know, the right to delete, the right to correct, and the right to opt out of sale (we do not sell)
  • under the GDPR and UK GDPR, the right to lodge a complaint with a supervisory authority — in the UK that is the Information Commissioner's Office (ICO); in Ireland that is the Data Protection Commission; in other EU states, the relevant national authority

To exercise any of these rights, write to hello@myclaimworth.com from the email address that the data relates to. We aim to respond within 30 days; complex requests may take longer, in which case we will explain the delay.

Children.

The site is not directed at children. We do not knowingly collect personal data from anyone under 16. If you believe we hold data on a minor, write to us and we will delete the record promptly.

Changes to this policy.

We may update this policy from time to time. The last-updated date at the top of the page reflects the most recent substantive change. Material changes will be announced in the newsletter where one is published, or by a banner on the site for two weeks after the change.

Contact.

For privacy enquiries, subject-access requests, or to report a data-protection concern, write to hello@myclaimworth.com.