Privacy Policy

Lisa Butts

Lisa Butts

3 min read

Privacy Policy

Last updated: January 1 2026

This privacy policy explains how we collect, use, store, and protect your personal data when you visit this website, become a subscriber, or donate money. We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR).

1. Data Controller

The Data Controller responsible for your personal data is:

Lisa Butts | lisa@whoevenreads.com

If you have any questions about this policy or your data, you may contact me at any time.

2. What Personal Data We Collect

We collect only the data necessary to operate this website, send newsletters, and process payments.

2.1. Data You Provide Directly

  • Email address (for subscriptions and account access)
  • Name (optional)
  • Payment information (processed by Stripe; we do not store card details)
  • Messages sent via contact forms or email

2.2. Data Collected Automatically

  • IP address
  • Browser type and device information
  • Pages visited and referring URLs
  • Cookies (see Section 8)

2.3. Membership & Account Data

If you create an account or become a subscriber, Ghost(Pro) stores:

  • Email
  • Subscription status
  • Access history
  • Payment status (via Stripe)

2.4. Analytics Data (If Enabled)

If you choose to enable analytics on this site, we may use Google Analytics (GA4) to understand how visitors use the website. Google Analytics may collect information such as IP address, device type, browser, and general usage data.

Google Analytics is only loaded after you give explicit consent through the cookie/consent banner.

  • If you decline, no analytics scripts are loaded and no data is sent to Google.
  • Data collected by Google Analytics is processed by Google in accordance with their privacy policy and may be transferred outside the EU.

3. Legal Bases for Processing

We process your data under the following GDPR legal bases:

  • Consent: newsletter subscription, non‑essential cookies, analytics
  • Contract: providing membership access, processing payments
  • Legitimate interest: site security, fraud prevention, essential site functionality
  • Legal Obligation: tax and accounting requirements

4. How We Use Your Data

We might use your personal data to:

  • Provide access to subscriber‑only content
  • Send newsletters and updates (only with your consent)
  • Process payments and manage subscriptions
  • Improve website performance and user experience
  • Respond to inquiries
  • Maintain security and prevent abuse

We do not sell or rent your personal data.

5. Who We Share Data With (Processors)

5.1. Ghost(Pro)

This site is hosted on Ghost(Pro), which processes:

  • Membership data
  • Email delivery
  • Account access
  • Site analytics

Ghost(Pro) is GDPR‑compliant and may transfer data internationally using Standard Contractual Clauses (SCCs).

5.2. Stripe

Stripe processes all payments. Stripe may collect:

  • Name
  • Email
  • Billing details
  • Payment method information

Stripe is PCI‑DSS compliant and uses SCCs for international transfers.

We do not store or have access to your full payment card details.

5.3. Analytics Providers

We use Google Analytics (GA4) to collect aggregated information about how visitors use the site. Google Analytics is only activated after you provide consent through the cookie banner. If you do not consent, no analytics scripts are loaded and no analytics data is sent to Google.

5.4. Email Delivery Providers

Ghost(Pro) may use third‑party email infrastructure to send newsletters.

6. International Data Transfers

Some of your data may be transferred outside the EU, including to the United States.

When this occurs, processors rely on:

  • Standard Contractual Clauses (SCCs)
  • Other GDPR‑approved safeguards

These ensure your data remains protected.

7. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy.

  • Member accounts: retained while active and deleted upon request
  • Newsletter subscribers: retained until you unsubscribe
  • Payment records: retained for 7 years to comply with tax laws
  • Analytics data: retained according to provider settings
  • Server logs: retained for security purposes for 30 days

You may request deletion at any time (see Section 10).

8. Cookies & Tracking Technologies

8.1. Essential Cookies

Used for:

  • Site security
  • Member login
  • Payment processing

These cannot be disabled.

8.2. Non‑Essential Cookies (Analytics, Marketing)

Loaded only with your explicit consent.

We use Google Analytics (GA4). This means:

  • A cookie banner will appear when you load our site
  • Scripts will not load until you opt in
  • You may withdraw consent at any time

8.3. Changing Cookie Preferences

You can adjust or withdraw cookie consent using:

  • The cookie banner settings
  • Your browser settings

9. Security Measures

We and our processors implement appropriate technical and organizational measures, including:

  • SSL encryption
  • Secure hosting
  • Access controls
  • Two‑factor authentication (2FA) for admin access
  • Regular security updates

10. Your GDPR Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data (“right to be forgotten”)
  • Withdraw consent at any time
  • Object to certain processing
  • Request data portability
  • Restrict processing
  • Lodge a complaint with your local Data Protection Authority

To exercise any of these rights, contact me at lisa@whoevenreads.com.

11. Data Breach Notification

We will notify users if we become aware—through Ghost(Pro) or our own account monitoring—of any breach involving personal data:

  • Within 72 hours where required
  • Providing details of the breach and steps taken
  • Providing guidance on how to protect yourself

Ghost(Pro) also maintains its own breach response procedures.

12. Children’s Privacy

This website is not intended for children under 16. We do not knowingly collect data from children.

13. Record of Processing Activities (ROPA)

We maintain an internal Record of Processing Activities as required by GDPR Article 30. This document is available to supervisory authorities upon request.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The “last updated” date at the top will reflect the most recent version.

15. Contact

For questions, concerns, or GDPR requests, please contact:

Lisa Butts | lisa@whoevenreads.com

Read more

WhoEvenReads.com