Effective Date: January 2026

This Privacy Policy explains how /thepaymentsnerd ("we", "us", or "our") collects, uses, and protects your personal data when you use our website and subscribe to our newsletter. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable UK data protection legislation.

1. Data Controller

• Controller: /thepaymentsnerd
• Website: https://www.thepaymentsnerd.co
• Contact: cesar@thepaymentsnerd.co

As the data controller, we determine the purposes and means of processing your personal data and are responsible for ensuring compliance with data protection law.

2. Personal Data We Collect

We collect and process the following categories of personal data:

• Email Address: When you subscribe to our newsletter, we collect your email address to deliver our fintech and payments industry insights directly to your inbox.
• Technical Data: Our servers automatically log certain technical information when you access the site, including IP address, date and time of access, browser type, device type, and operating system.
• Usage Data: We may collect anonymised data about how you interact with our website to improve our service.

3. Legal Basis for Processing

We process your personal data on the following lawful bases under Article 6 of the UK GDPR:

• Consent (Article 6(1)(a)): When you subscribe to our newsletter, you provide explicit consent for us to send you email communications. You may withdraw this consent at any time by unsubscribing.
• Legitimate Interests (Article 6(1)(f)): We process technical data to ensure the security, integrity, and proper functioning of our website, and to protect against malicious activity. We have assessed that this processing does not override your fundamental rights and freedoms.

4. How We Use Your Data

We use your personal data for the following purposes:

• To deliver our daily newsletter containing curated fintech and payments industry news
• To maintain and improve the security and functionality of our website
• To compile anonymised usage statistics
• To respond to enquiries you may send us
• To comply with legal obligations

5. Data Processors and Third Parties

We work with the following categories of third-party data processors who process data on our behalf:

• Database Provider (Supabase): We use Supabase to securely store subscriber email addresses and newsletter content. Supabase operates under a Data Processing Agreement compliant with UK GDPR requirements.
• Hosting Provider: Our website is hosted by a provider that processes technical log data under a data processing agreement.

We ensure all processors provide sufficient guarantees regarding data protection and only process data in accordance with our documented instructions.

6. International Data Transfers

Some of our data processors may be located outside the United Kingdom. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including:

• Transfers to countries with UK adequacy decisions
• Standard Contractual Clauses (UK International Data Transfer Agreement where applicable)
• Additional technical and organisational measures to protect your data

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Newsletter Subscribers: Your email address is retained until you unsubscribe or request deletion
• Technical Logs: Server logs are retained for a maximum of 12 months for security purposes and then automatically deleted

8. Your Rights Under UK Data Protection Law

Under the UK GDPR and Data Protection Act 2018, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent (this does not affect the lawfulness of processing before withdrawal)

To exercise any of these rights, please contact us at cesar@thepaymentsnerd.co. We will respond to your request within one month, as required by law.

9. Unsubscribing from the Newsletter

You can unsubscribe from our newsletter at any time by clicking the unsubscribe link included in every email we send, or by contacting us directly. Upon unsubscription, we will cease sending marketing communications and delete your email address from our active mailing list.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS/SSL), access controls, and regular security assessments.

11. Your Right to Complain

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

• Website: https://ico.org.uk
• Telephone: 0303 123 1113

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any material changes will be communicated via our website. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:

cesar@thepaymentsnerd.co