This page describes how SafeFinanceHub ("we", "us") collects, uses and protects personal data when you visit safefinancehub.com (the "Site"). We have written it in plain English. If anything is unclear, please contact us.
What we collect, and when
1. Information you give us voluntarily
- Newsletter signup. If you submit our newsletter form we collect your email address. The address is stored on our database server (access controlled, daily backups) and is used only to send the newsletter and operational messages about it (for example, a confirmation that you have been added).
- Account signup. If you create an account to use the Plus toolkit, we store your email address, the country you selected for tax purposes, your subscription status and any saved data you create inside the tools (watchlists, price alerts, saved tool snapshots). Sign-in is passwordless: we email you a single-use link, so we never store a password. CSVs you upload to a tool are processed in memory and discarded immediately - we only keep the resulting summary if you click "save snapshot".
- Contact form / direct email. If you write to us at [email protected] we keep your email address and the message so we can reply.
2. Information collected automatically when you visit the Site
- Server access logs. Our web server records each request with the requesting IP address, the page requested, the time, the user agent string, and the referring URL. These logs are retained for up to 30 days for security and abuse-prevention purposes and are not used for marketing.
- Newsletter form anti-abuse data. When you submit the newsletter form, we record an HMAC hash of your IP address (so we can rate-limit submissions) and basic metadata about the attempt (timestamp, source page, outcome). The original IP address is not stored.
- Edge-network data. Our content delivery network, Cloudflare, processes incoming requests and may store technical information for security purposes. See Cloudflare's privacy policy.
3. Marketing measurement
The Site loads Google Ads' gtag.js on every page so we can attribute Plus sign-ups back to the paid search keyword that brought you here. The tag may set the _gcl_au, _ga and _gid cookies. We use this data only in aggregate inside the Google Ads dashboard - we do not run a behavioural analytics product (no Plausible, no Matomo, no Hotjar) and we do not run social-advertising pixels (no Meta Pixel, no LinkedIn Insight, no TikTok pixel). The full list of cookies and how to opt out is on our Cookie Policy.
4. What we do not collect
We do not build behavioural profiles, we do not sell or share personal data with data brokers, and we do not track you across other websites. If we add any cross-site tracking or behavioural advertising in the future, this page will be updated and the cookie banner will offer you the choice to refuse it before it loads.
Cookies
We describe every cookie that may be set during your visit, by us or by third parties we embed, on a separate page: Cookie Policy.
How long we keep data
- Newsletter subscribers: until you unsubscribe, plus 30 days for our records of consent. Every email we send includes a one-click unsubscribe link.
- Contact-form messages: up to 24 months after the conversation ends, so we can refer back to it if you contact us again.
- Server access logs: up to 30 days, then automatically rotated and deleted.
- Newsletter anti-abuse hashes: up to 30 days.
Where we store data
Our application server and database are hosted with a commercial cloud provider in the United States, behind a Cloudflare edge network for caching and DDoS protection. Daily encrypted backups are kept on the same provider. Cloudflare may process traffic through edge servers in other jurisdictions for performance and security; see their privacy policy.
If you are located in the United Kingdom, the European Union or another jurisdiction with cross-border data transfer rules, your personal data is therefore transferred outside that region. We rely on the legitimate interest of running the Site you chose to visit, plus the contractual safeguards published by our hosting and edge providers. You may withdraw consent and request deletion at any time using the contact details above.
Sharing
We do not sell, rent or trade personal data. We share data with third parties only in the following cases:
- Service providers who process data on our behalf (currently Cloudflare for content delivery and bot protection, and our hosting provider for the server). Each is bound by a written data-processing arrangement.
- Legal obligations if we are required by court order, regulator or law enforcement to disclose information. We will challenge any request that appears overbroad or unlawful.
Your rights under GDPR and UK data protection law
If you live in the European Economic Area, the United Kingdom or Switzerland, you have the right to:
- request a copy of the personal data we hold about you;
- ask us to correct inaccurate data;
- ask us to delete your data ("right to be forgotten") where we have no overriding lawful reason to keep it;
- object to processing or ask us to restrict it;
- withdraw any consent you have given (for example by unsubscribing from the newsletter);
- complain to your national data-protection regulator. In the UK this is the Information Commissioner's Office; in the EU you can find your regulator via the European Data Protection Board.
To exercise any of these rights, email [email protected]. We will respond within 30 days.
Children
The Site is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with their information, contact us and we will delete it.
Changes to this policy
If we materially change how we handle personal data we will update the date at the top of this page and, where appropriate, notify newsletter subscribers by email before the change takes effect.