Privacy Policy

Last updated: 14 May 2026

This Privacy Policy explains how Shareholder Inbox (the "Site") handles information when you visit. The Site is read-only: there are no reader accounts, no logins for visitors, and no tracking cookies.

Information we collect

• Reading preferences (on your device only). Stars and read-state are stored in your browser's localStorage. This information never reaches the Site's servers and is not accessible to the operator. Clearing your browser storage erases it.
• Cookieless analytics. The Site collects aggregate, non-identifying usage data — page views, referrer, approximate device type, and a small number of interaction events — to understand how the Site is used.
• IP addresses. Your IP is processed to enforce rate limits, detect abuse, and investigate security incidents. IPs may appear in short-lived server and access logs retained for a brief period — typically a few weeks — after which they are rotated out automatically. IPs are not stored in any database and are not used to build a profile of you. The lawful basis for this processing is our legitimate interest in keeping the Site secure (GDPR Article 6(1)(f)).
• Newsletter email. If you subscribe to a newsletter, your email address is stored solely to send you that newsletter.

The Site does not collect names, postal addresses, phone numbers, payment information, or any other personal data beyond what is described above.

How we use information

To operate, secure, and improve the Site; to send a newsletter you have subscribed to; and to comply with legal obligations.

Cookies and tracking

The Site does not set tracking, advertising, or analytics cookies on its reader interface. Where advertising or affiliate links appear on editorial pages, the third parties involved may set their own cookies under their own privacy policies.

How information is shared

The Site uses third-party providers for hosting, file storage, email delivery, and analytics. These providers process information only as needed to perform their services for the Site. The Site does not sell personal data. Personal data may also be disclosed where required by law.

International transfers

Some service providers may process information outside the European Economic Area. Where applicable, transfers rely on standard contractual safeguards.

Children

The Site is not directed at children under 16, and the operator does not knowingly collect personal data from anyone under 16. If you believe a child has provided personal data, please contact the operator and it will be deleted.

Your rights

You may request access to, correction of, or deletion of any personal data the Site holds about you — in practice, your newsletter email address, if you subscribed. You may unsubscribe from the newsletter at any time using the link in any newsletter email. EU and UK residents have additional rights under the GDPR, including the right to object to processing based on legitimate interests, the right to data portability, and the right to lodge a complaint with a data-protection supervisory authority.

Data security

The Site uses HTTPS and standard operational safeguards. No system is perfectly secure; you provide information at your own risk.

Changes

This Policy may be updated. The "Last updated" date reflects the most recent revision.