Privacy Policy
Last updated: 25 April 2026.
This policy explains how Morningfold ("we", "us", "our") collects and uses personal data, in compliance with the General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations 2003 (PECR).
1. Who we are (data controller)
Morningfold is a publication operated from the United Kingdom. Editorial and data enquiries should be sent to:
- Email: privacy@morningfold.co.uk
- Postal contact: [address to be inserted before launch]
For the purposes of UK GDPR, Morningfold is the data controller for all personal data described below.
2. What we collect, and why
We collect the minimum information needed to deliver the service.
| Data | When collected | Why |
|---|---|---|
| Email address | When you subscribe to our newsletter | To send you the newsletter you signed up for |
| Engagement data (opens, clicks) | Automatically when you receive our emails | To understand what readers find useful and improve content |
| IP address (briefly, on signup) | At signup | Anti-abuse, to prevent fraudulent signups |
| Browser type / device (aggregated) | When visiting the site | Site analytics in aggregate form |
| Reply content | When you email us | To respond to your message |
We do not collect, store, or process: payment information, health information, identity documents, or any data classified as "special category data" under UK GDPR.
3. Lawful basis for processing
Our lawful bases under UK GDPR Article 6 are:
- Consent (Art. 6(1)(a)), for sending you the newsletter and any related marketing emails. This is given when you subscribe through our signup form, or when you opted in via a previous landing page operated by the publisher prior to Morningfold's launch and confirmed continued consent in our re-permission email.
- Legitimate interest (Art. 6(1)(f)), for fraud prevention, basic site analytics, and responding to your enquiries.
The lawful basis for sending email marketing is consent, in line with Regulation 22 of PECR.
4. Where consent originates
Some Morningfold subscribers were originally collected by the publisher through earlier consumer-facing landing pages (between approximately 2022 and 2025) where users opted in to receive "similar offers and recommendations." Before sending Morningfold content to those subscribers, we send a re-permission email asking each person to confirm they still want to hear from us. Anyone who does not confirm is removed from the list.
If you believe you are receiving Morningfold without having opted in, please email privacy@morningfold.co.uk and we will remove you immediately and investigate the source.
5. Who we share data with (sub-processors)
We use the following sub-processors:
- ElasticEmail (email service provider), to deliver our newsletter. Subscriber email addresses and engagement events are processed by ElasticEmail under contract.
- Microsoft 365 (Exchange Online), to receive replies and operate our editorial mailboxes.
- Hostinger (hosting provider), to host the morningfold.co.uk website and database.
- Cloudflare (where used as CDN), to deliver site assets quickly and securely.
We do not sell, rent, or trade your data to anyone. We do not use data brokers.
When you click an outbound link in a Morningfold article or email to a third-party brand, that brand's own privacy policy applies once you arrive on their site. We are not responsible for what they do with data you give them.
6. International transfers
Some sub-processors (e.g. ElasticEmail, Microsoft 365) may process data outside the UK. Where they do, transfers are protected by the International Data Transfer Agreement (IDTA) or the Addendum to the EU Standard Contractual Clauses, plus supplementary safeguards required under UK GDPR.
7. How long we keep data
- Newsletter subscribers: for as long as you remain subscribed. If you unsubscribe, your email is moved to a suppression list (kept indefinitely so we don't accidentally email you again) but is not used for marketing.
- Email correspondence: kept for up to 24 months from the last reply, then deleted, unless we need it longer to handle a complaint or legal matter.
- Aggregated analytics: retained indefinitely in aggregate (non-identifying) form.
8. Your rights
Under UK GDPR you have the right to:
- Access the data we hold about you
- Correct inaccurate data
- Delete your data ("right to erasure")
- Restrict processing
- Object to processing based on legitimate interest
- Data portability (receive your data in a portable format)
- Withdraw consent at any time (every email contains a one-click unsubscribe; you can also email privacy@morningfold.co.uk)
We will respond to all rights requests within one calendar month.
9. Complaints
If you believe we have mishandled your personal data, please contact us first at privacy@morningfold.co.uk, we will work with you to fix it.
You also have the right to complain to the supervisory authority:
- Information Commissioner's Office (ICO)
- Website: ico.org.uk
- Helpline: 0303 123 1113
10. Cookies
See our separate Cookie Policy.
11. Updates to this policy
If we materially change this policy, we will notify subscribers by email at least 14 days before the change takes effect. Minor clarifications will be reflected in the "Last updated" date at the top of this page.