Privacy Policy | Cardiff One

Last updated: 8 March 2026

1. Who We Are

Cardiff One is a free weekly newsletter covering events, restaurants, gigs, sport fixtures, and local gossip in Cardiff, Wales.

Contact: hello@cardiffone.com
Based: Cardiff, Wales, United Kingdom
Frequency: Weekly (Thursdays)

2. What Data We Collect

When you subscribe to Cardiff One, we collect:

Email address — required to send you the newsletter
Name (optional) — if you provide it, to personalize emails
Subscription date — automatically recorded when you sign up
Email engagement — opens and clicks (tracked by our email service provider)
IP address & device info — automatically collected by our email provider for security and spam prevention

We do not collect or store payment data (the newsletter is free). We do not track your browser activity outside of email.

3. How We Use Your Data

We use your data only to:

Send you the weekly Cardiff One newsletter (email only)
Respond to your inquiries if you contact us
Prevent fraud and abuse (security monitoring)
Comply with legal obligations

We will never:

Sell your email address to third parties
Share your data with advertisers or sponsors (except anonymized engagement metrics for sponsorship reporting)
Use your email for marketing outside of Cardiff One
Send you unsolicited messages (you opted in to the newsletter only)

4. Legal Basis (GDPR)

Under GDPR, we process your email address based on explicit consent. When you enter your email and click "Count me in," you consent to receive the Cardiff One newsletter from us.

You can withdraw consent at any time by unsubscribing from any email we send (every email includes an unsubscribe link).

5. Who We Share Your Data With

Your data is only shared with:

Resend (our email service provider) — sends emails on our behalf
Ghost (our newsletter platform) — stores subscriber list and publishes content
Railway (our hosting provider) — hosts Ghost and Resend integrations

All processors have Data Processing Agreements in place and are GDPR-compliant. No data is transferred outside the UK/EU.

6. How Long We Keep Your Data

We keep your email and subscriber record for as long as you remain subscribed to Cardiff One.

Once you unsubscribe:

Your email is immediately removed from our mailing list
We retain a record of your email (anonymized) for 90 days to prevent re-subscription spam
After 90 days, all personal data is deleted

If you request deletion, we delete your data within 30 days. Residual server backups may retain copies for up to 90 days; these are automatically purged.

7. Your Rights (GDPR & UK DPA 2018)

You have the right to:

Access: Request a copy of your data
Rectification: Correct inaccurate data
Erasure: Delete your data (right to be forgotten)
Restriction: Limit how we use your data
Portability: Receive your data in a portable format
Object: Withdraw consent and unsubscribe at any time

To exercise any of these rights, email hello@cardiffone.com with your request. We'll respond within 30 days.

8. Email Compliance (CAN-SPAM & GDPR)

Cardiff One complies with:

GDPR (EU & UK): Explicit opt-in consent required; unsubscribe available on every email
CAN-SPAM (US): Clear sender identity; accurate subject line; physical address on file; unsubscribe honored within 10 days
PECR (UK): Electronic mail marketing to UK numbers requires prior consent (complied)

Every email includes:

Our name and contact information
An unsubscribe link at the bottom
A link to this privacy policy

Unsubscribe requests are processed automatically within 24 hours.

9. Cookies & Tracking

Our landing page (cardiffone.com) uses no cookies or tracking pixels. It is fully privacy-first.

Our email newsletters may contain tracking pixels (1x1 transparent images) to measure:

Whether you opened the email
Which links you clicked

This data is used only to improve newsletter content and measure audience engagement. You can disable email tracking in your email client settings.

10. Security

Your email is encrypted in transit (HTTPS) and at rest. Ghost, Resend, and Railway all use industry-standard encryption and security practices.

However, no online service is 100% secure. If you suspect a breach, contact us immediately at hello@cardiffone.com.

11. Changes to This Policy

We may update this privacy policy as our services evolve. Changes will be posted here with an updated date. Continued subscription after a change constitutes acceptance.

12. Contact & Complaints

Data Subject Requests: Email hello@cardiffone.com with "Data Subject Request" in the subject line.

Complaints: If you believe we've mishandled your data, you can lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk (UK) or your local supervisory authority.