Sign in Subscribe

Privacy Policy

Last updated: March 2026 · This policy complies with the EU General Data Protection Regulation (GDPR). Worth Spreading is operated from the Netherlands.

The short version

We collect your email address when you subscribe. We use privacy-friendly analytics that do not track you personally. We do not sell your data to anyone. We do not run behavioural advertising. That is the whole story — the rest of this page explains the details.

Who we are

Worth Spreading is the trade name of a sole proprietorship (eenmanszaak) registered in the Netherlands. We are the data controller for the personal data collected through this site. Contact: worthspreading.com/contact.

What we collect and why

Email address — collected when you subscribe to the newsletter or create a membership account. We use this to send you the Friday Digest and, if you become a paid member, to manage your subscription. Legal basis: your consent (Article 6(1)(a) GDPR) and performance of contract (Article 6(1)(b) GDPR).

Payment information — if you subscribe to a paid tier in the future, payment is processed by Stripe. We do not store your credit card details. Stripe acts as an independent data controller for payment data. See Stripe's privacy policy.

Analytics data — we use Plausible Analytics, a privacy-friendly analytics tool that does not use cookies, does not collect personal data, and does not track you across sites. All data is aggregated. We see page views and referral sources — not individual visitors. See Plausible's data policy.

Contact form submissions — if you send us a message via the contact page, we receive your name, email address, and message content. We use this only to respond to your enquiry. Legal basis: legitimate interest (Article 6(1)(f) GDPR).

What we do not collect

  • We do not use tracking cookies
  • We do not run Google Analytics or any behavioural tracking tool
  • We do not use retargeting or advertising pixels
  • We do not sell, rent, or share your data with third parties for marketing purposes
  • We do not build advertising profiles based on your reading behaviour

Where your data is stored

Your email address and membership data are stored by Ghost (Ghost Foundation, based in Singapore, with infrastructure operated globally). Ghost acts as a data processor on our behalf. See Ghost's privacy policy.

Analytics data is stored by Plausible Analytics (based in the EU). Contact form data is stored by Tally (based in the EU). All processors comply with GDPR requirements.

How long we keep your data

Email and membership data: for as long as you have an active subscription or account. When you unsubscribe or delete your account, your data is removed from our systems within 30 days.

Contact form submissions: for up to 12 months after your enquiry, then deleted.

Analytics data: aggregated and anonymous — no personal data is stored.

Your rights

Under the GDPR, you have the right to:

  • Access your personal data — request a copy of what we hold
  • Rectify inaccurate data — ask us to correct it
  • Erase your data — ask us to delete it ("right to be forgotten")
  • Restrict processing — ask us to limit how we use your data
  • Port your data — receive your data in a structured, machine-readable format
  • Object to processing — withdraw consent at any time
  • Withdraw consent — unsubscribe from emails at any time using the link in every email

To exercise any of these rights, contact us. We will respond within 30 days as required by law.

Cookies

This site does not use tracking cookies. Ghost may set a functional cookie to manage your logged-in session if you are a member — this is strictly necessary for the service and does not require consent under GDPR. No cookie banner is needed.

Children

This site is not directed at anyone under the age of 16. We do not knowingly collect personal data from children. If you believe we have, please contact us and we will delete it immediately.

Changes to this policy

We may update this policy from time to time. The "last updated" date at the top will always reflect the most recent version. If we make significant changes, we will notify subscribers via email.

Supervisory authority

If you believe we have not handled your data properly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): autoriteitpersoonsgegevens.nl.

Questions

Privacy should not be confusing. If anything here is unclear, get in touch.