Privacy Policy | MoneyMoodBoard

Who we are

"MoneyMoodBoard", "we", "us" and "our" refer to the operator of moneymoodboard.com. For UK and EU GDPR purposes, MoneyMoodBoard is the data controller for personal data processed through this website. You can reach our privacy team at privacy@moneymoodboard.com.

Information we collect

We collect the following categories of personal information:

Information you provide directly, your email address when you subscribe to our newsletter, and any details you include when you contact us by email.
Automatically collected data, IP address, device type, browser, operating system, referring URL, pages viewed, time on page, and approximate location (city/country) from server logs and analytics scripts.
Cookies and similar technologies, small files placed in your browser for essential site functions, analytics, and advertising. See "Cookies and tracking technologies" below.
Advertising identifiers, third-party advertising networks may set cookies or use mobile advertising IDs to serve interest-based ads.

We do not knowingly collect government identifiers, financial account numbers, biometric data, precise geolocation, or health information.

How we use your information

To deliver the website and the content you request.
To send the newsletter you've subscribed to and respond to your enquiries.
To measure traffic, diagnose technical issues, and improve our content and tools.
To serve and measure advertising, including, where lawful, interest-based advertising.
To comply with legal obligations and enforce our Terms of Use.

We do not sell your personal information for money. Some sharing with advertising partners may qualify as a "sale" or "share" under California law, see your CCPA/CPRA rights below.

Legal bases (EU/UK GDPR)

Where the UK GDPR or EU GDPR applies, we rely on the following lawful bases under Article 6:

Consent, for non-essential cookies, advertising personalisation, and newsletter sign-up. You can withdraw consent at any time.
Legitimate interests, to operate, secure and improve the site, and to measure aggregate audience metrics, where these interests are not overridden by your rights.
Legal obligation, to retain records and respond to lawful requests from regulators or courts.

Cookies and tracking technologies

We use three categories of cookies and similar technologies:

Strictly necessary, required for core functionality such as page navigation, security, and remembering your cookie preferences. These do not require consent.
Analytics, help us understand how readers find and use our content (for example, Google Analytics). Aggregated, not used to identify you.
Advertising, set by ad networks (such as Google AdSense) to deliver and measure ads, and where you've consented, to personalise them.

You can control cookies through your browser settings, refuse non-essential cookies via our consent banner where shown, and opt out of personalised advertising through industry tools such as the DAA, NAI, or YourOnlineChoices (EU).

Advertising and analytics partners

We work with third parties whose privacy practices we encourage you to review:

Google AdSense, display advertising and ad measurement (policy).
Google Analytics, audience measurement with IP-anonymisation enabled (policy).
Supabase, hosts our newsletter database and form submissions (policy).
Email service provider, sends our newsletter and operational email.

How we share information

We share personal data with: (i) the service providers listed above, acting as processors on our instructions; (ii) advertising partners, where you have consented or where permitted by law; (iii) law-enforcement, regulators or other parties where required by valid legal process; and (iv) any successor entity in the event of a merger, acquisition or asset sale.

International data transfers

Our service providers may be located outside the United Kingdom and the European Economic Area, including in the United States. Where we transfer personal data outside the UK or EEA, we rely on adequacy decisions where they exist or on the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, together with supplementary technical and organisational measures.

Data retention

We keep newsletter records for as long as you remain subscribed plus 24 months for suppression-list compliance. Server logs and analytics data are retained for up to 26 months in aggregate form. Email correspondence is retained for up to 36 months unless a longer period is required by law.

Security

We use HTTPS across the site, encrypt data in transit, restrict database access via Row Level Security, and limit administrative access on a least-privilege basis. No internet transmission is ever 100% secure, so we encourage strong, unique passwords and a password manager.

Your rights, United States (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA, gives you the right to:

Know what personal information we have collected about you and how we use it.
Request a copy in a portable format.
Request correction of inaccurate personal information.
Request deletion, subject to legal exceptions.
Opt out of the "sale" or "sharing" of personal information for cross-context behavioural advertising.
Limit the use of sensitive personal information (we do not knowingly collect any).
Be free from discrimination for exercising your rights.
Designate an authorised agent to act on your behalf.

To exercise these rights, email privacy@moneymoodboard.com with the subject line "California Privacy Request". We may need to verify your identity before responding. Similar rights are available to residents of Colorado, Connecticut, Virginia, Utah and other states with comprehensive privacy laws.

Your rights, EU/UK (GDPR)

If you are in the United Kingdom or the European Economic Area, you have the right to:

Access the personal data we hold about you (Art. 15).
Have inaccurate data corrected (Art. 16).
Have your data erased ("right to be forgotten") (Art. 17).
Restrict processing (Art. 18).
Receive your data in a portable format (Art. 20).
Object to processing based on legitimate interests, including profiling (Art. 21).
Withdraw consent at any time, without affecting prior lawful processing.
Lodge a complaint with your supervisory authority, the UK Information Commissioner's Office (ICO) in the UK, or your national data protection authority in the EU.

Children's privacy

MoneyMoodBoard is intended for adults (16+ in the EU/UK; 13+ in the US under COPPA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it.

Do Not Track and Global Privacy Control

We honour the Global Privacy Control (GPC) signal as a valid opt-out of the "sale" or "sharing" of personal information under California and similar US state laws. We do not currently respond to legacy "Do Not Track" browser signals because there is no industry standard for them.

Changes to this policy

We may update this notice from time to time. Material changes will be flagged at the top of the page, and we will update the "last updated" date. Continued use of the site after a change constitutes acceptance of the revised policy.

Contact the data controller

For any privacy question or to exercise your rights, write to privacy@moneymoodboard.com. We aim to respond within 30 days (45 days for CCPA/CPRA requests, extendable in accordance with law).