Privacy Policy

TheCityBrief.com

Last updated: 23 February 2026

1. Who We Are

TheCityBrief.com operates a network of hyperlocal email newsletters across UK towns and cities.

For the purposes of UK data protection law, TheCityBrief.com is the data controller of personal data collected through this website and associated city subdomains (for example, norwich.thecitybrief.com).

If you have any questions about this policy or wish to exercise your data protection rights, you may contact:

privacy@thecitybrief.com

2. What Data We Collect

We collect only the data necessary to operate our newsletter and related services.

2.1 When You Subscribe

When you subscribe to a newsletter, we collect:

• Email address
• Selected city
• Selected content category preferences
• Date and time of subscription
• IP address at time of subscription
• Browser user agent at time of subscription
• Date and time of double opt-in confirmation
• IP address and browser user agent at confirmation
• Date and time of unsubscription (if applicable)
• IP address and browser user agent at unsubscription

This information is logged for security, fraud prevention, and legal compliance purposes.

2.2 Referral Programme Data

If you participate in our referral programme, we collect and store:

• Unique referral token linked to your email address
• Referral counts
• Email addresses of subscribers who join using your referral link
• Reward eligibility status (for example, access to premium editions)

We do not allow users to upload third-party contact lists. Referral participation occurs only through voluntary sharing of unique links or codes.

2.3 Website Usage & Analytics

When you visit our website, we may collect:

• IP address
• Browser type and version
• Device type
• Pages visited
• Referrer information
• Interaction data
• Timestamp data

This data is collected via:

• Meta Pixel and associated Meta tracking technologies
• Google Analytics 4
• Google Ads conversion tracking

2.4 Email Engagement Data

When you receive our emails, we collect engagement data through Amazon SES, including:

• Email open tracking
• Link click tracking
• Delivery status
• Bounce and complaint status

This helps us improve deliverability and content relevance.

2.5 Advertiser Data

If you purchase advertising or sponsorship through TheCityBrief.com, payments are processed via Stripe.

We do not store card or billing data ourselves. Stripe processes and stores payment information in accordance with its own privacy and security standards.

We may store:

• Business contact details
• Email address
• Invoicing metadata
• Campaign information

3. Lawful Basis for Processing

We process personal data under the following lawful bases:

Consent

• Sending newsletter emails
• Email marketing communications
• Tracking email engagement

Legitimate Interest

• Website analytics
• Fraud prevention
• System security
• Referral tracking
• Improving content and performance

Contractual Necessity

• Processing advertiser payments
• Providing referral rewards

You may withdraw consent at any time by unsubscribing from emails.

4. Email Marketing Compliance

We operate a double opt-in subscription system.

You will only receive newsletter emails after confirming your subscription via email verification.

Every newsletter contains:

• A clear unsubscribe link
• Our contact details

You may unsubscribe at any time.

5. Cookies & Tracking Technologies

We use cookies and similar tracking technologies for:

• Analytics
• Advertising measurement
• Performance monitoring

These may include:

• Meta tracking cookies
• Google Analytics cookies
• Google Ads tracking cookies

We will implement a cookie consent mechanism where required under UK law.

6. Data Storage & Security

Our infrastructure is hosted in the United Kingdom using DigitalOcean UK data centres.

Email processing is handled by Amazon Web Services (Amazon SES).

We implement appropriate technical and organisational security measures, including:

• Encrypted transmission (HTTPS)
• Secure server configuration
• Access controls
• Logging and monitoring

7. International Data Transfers

Some of our service providers, including:

• Amazon Web Services
• Meta Platforms
• Google
• Stripe

may process data outside the United Kingdom.

Where international transfers occur, we rely on:

• UK adequacy regulations
• Standard contractual clauses
• Appropriate safeguards implemented by the provider

8. Data Retention

We retain personal data only for as long as necessary.

Subscribers

• Active subscriber data: retained while subscription is active
• Unsubscribed data: retained for up to 24 months to prevent re-subscription fraud and manage suppression lists

Referral Data

• Retained while referral programme participation remains active

Advertiser Data

• Retained in accordance with accounting and tax obligations (typically 6 years)

Log and security data may be retained for up to 24 months.

9. Your Rights

Under UK data protection law, you have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion
• Restrict processing
• Object to processing
• Request data portability

To exercise your rights, contact:

privacy@thecitybrief.com

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK.

10. Children

The City Brief newsletters are intended for adults.

We do not knowingly collect personal data from children.

If you believe a child has submitted personal data, please contact us and we will remove it.

11. Changes to This Policy

We may update this Privacy Policy from time to time.

The latest version will always be available at:

www.thecitybrief.com/privacy