Privacy Policy

Last update: 29 January 2021

Privacy policies are boring and hard to read. And most of them wouldn’t survive a competent legal challenge.

So, I’ve ditched the templates and written my own privacy policy.

Summary for humans.

  • I’m John Espirian and I’m the data controller for this site.
  • I use cookies but not for collecting personally identifiable data.
  • I use forms to collect minimal personal information.
  • I won’t spam you or sell or share your personal data, because that would probably kill my business and I’m not an idiot.
  • I don’t use the Facebook Pixel to annoy you with ads for the rest of your life.
  • My site uses HTTPS/SSL security.
  • I’m registered with the Information Commissioner’s Office (ICO) in the UK – see ZA254256.

Learn more about how I deal with the following areas:

General Data Protection Regulations (GDPR).

Most people have heard of the GDPR, the updated set of data-protection rules that become enforceable on 25 May 2018.

You may have heard that the GDPR means you have to give your explicit consent before being signed up to receive marketing communications. That’s a good thing but the GDPR is about more than that.

Briefly, you also have the right to:

  • LEARN how your data is being used.
  • REQUEST that your data is deleted.
  • RETRIEVE your data in a format you can read and re-use elsewhere.

By the way, the GDPR means you really ought to have your own privacy policy on your website.

The internet is full of free templates. I can’t vouch for their quality but they may act as a useful starting point for building your own privacy policy.

Lawyers will tell you that something you copy and adapt from the internet might not stand up to much scrutiny in a court of law.

My advice is to be as clear as possible about what data you collect and what you plan to do with it, so that your users can make informed choices before handing over their info.


Cookies are simple text files that your web browser uses to record some settings relevant to each website you visit.

I use Google Analytics to see how many people view my site and to understand which pages are most popular. This requires the use of cookies.

Some sites don’t use cookies at all, but every site that uses Google Analytics does – and that’s a lot of sites.

I don’t use cookies to collect personally identifiable data about the visitors to my site.

Email newsletters.

I use MailChimp to send my Espresso ☕️ email newsletters to subscribers.

When you sign up, you go through a double opt-in system before your details are added to my list. That means you have to:

  1. ENTER your email address and name via a form on my website, and
  2. CLICK an activation link in a confirmation email.

There’s an unsubscribe link at the bottom of each Espresso ☕️ email, so it’s easy to remove yourself from the list should you no longer wish to hear from me.

This isn’t the Hotel California – you can leave at any time.

Collecting personal information.

I collect minimal personal information via the following web forms, so that I can communicate with you:

I don’t sell, trade or share your personally identifiable information, and you’re able to unsubscribe from my communications at any time.

Trust is everything for a sole trader like me. I’m not stupid enough to mess that up. Obviously, these are just words and I could be a very good liar.

Data processing.

I use MailChimp and Dropbox to store and manage data.

Both companies use data servers in the US. That’s OK for GDPR because each company is registered on the Privacy Shield:

It seems that the EU-US Privacy Shield Framework was ruled invalid in July 2020, but MailChimp have put out a statement to explain why this isn’t an issue for their service: see the statement.

Any questions?

If you want to learn more about how I handle and protect your data, please email me at .

Thanks for reading,

John Espirian