Privacy Policy

1) Who we are and how to contact us

MoneyHarvester Ltd is the data controller for personal data processed in connection with this website and our educational services. Registered business name: MoneyHarvester Ltd. Registered and mailing address: 12 Baker Street, London, W1U 3BH, United Kingdom. Primary contact email: [email protected]. For privacy-specific questions or to exercise your rights, contact our Privacy Lead at [email protected]. Phone: +44 20 3301 4486.

Scope: this policy covers data collected via our website at the moneyharvester.co.uk domain, our contact forms, newsletter signups, and general correspondence. It does not cover external websites we link to. If we materially change our processing, we will update this policy and, where appropriate, notify you by email or an on-site notice.

2) The data we collect

We collect only the information needed to operate our site, deliver requested content, provide support, and improve the service. Depending on how you interact with us, we may process the following categories of data:

• Identity data: full name.
• Contact data: email address, and if you choose to provide it, phone number.
• Communication data: messages you send via our forms or email, your support requests, and our replies.
• Subscription data: newsletter preferences, consent records, and unsubscribe status.
• Technical data: IP address, device identifiers, browser type and version, time zone setting, approximate location based on IP, operating system, and platform.
• Usage data: pages visited, time on page, clicks, scroll depth, referring/exit pages, and similar diagnostic events.
• Cookie and tracking data: your cookie consent choice, analytics cookies (if accepted), and marketing cookies (if accepted).
• Transactional data: if you purchase a paid plan in the future, we will process order details and billing identifiers via a secure payment processor. We do not store full payment card numbers on our servers.

3) How we collect data

We obtain data in three ways: information you provide directly, information collected automatically, and information from service providers acting on our behalf.

• Forms and correspondence: when you submit our contact form or request a sample pack, you provide identity and contact data along with your message and consent choices.
• Cookies and similar technologies: our site uses a consent banner to store your preference and, if accepted, to enable analytics cookies and optional marketing pixels.
• Server logs and security tools: our hosting platform logs IP address, request headers, and error codes for reliability and fraud prevention.
• Analytics: if you accept analytics cookies, we use Google Analytics 4 to measure aggregated site usage. Data is pseudonymized and aggregated where feasible.
• Advertising pixels: if you opt in to marketing cookies, we may use the Meta Pixel to measure ad campaign performance. This is disabled by default and loads only with your consent.
• Payment processing: if we enable purchases, payments are handled by a third-party processor. We receive limited transactional metadata (e.g., last four digits, card brand) needed for receipts, support, and accounting.

4) Legal bases for processing (GDPR Art. 6)

We rely on the following legal bases, depending on the data type and purpose:

• Consent (Art. 6(1)(a)): newsletter subscriptions, optional marketing emails, and any analytics or marketing cookies/pixels. You can withdraw consent at any time using the unsubscribe link in emails or by updating your cookie preferences.
• Contract (Art. 6(1)(b)): providing requested content you sign up for, and if applicable, delivering paid subscriptions or digital products you order.
• Legitimate interests (Art. 6(1)(f)): maintaining website security, preventing abuse, improving site performance, measuring basic service usage, and responding to direct inquiries. We balance these interests against your rights and expect minimal privacy impact.
• Legal obligation (Art. 6(1)(c)): retaining tax and accounting records, responding to lawful requests from authorities, and honoring your data rights.

5) How we use your data

We process personal data for specific, explicit, and legitimate purposes. We do not sell personal data. Typical uses include:

• Service delivery: sending requested guides, enabling access to resources, and operating our website.
• Customer support: replying to questions, troubleshooting issues, and following up on requests.
• Communications: sending educational content and product updates where you have opted in. You can unsubscribe at any time.
• Analytics and improvement: understanding aggregate usage to improve navigation, content quality, and performance.
• Security and fraud prevention: detecting misuse, blocking malicious traffic, and maintaining reliable service.
• Compliance: keeping accurate records for tax and legal requirements, and documenting consent choices.

6) Data retention periods

We retain personal data only for as long as necessary for the purposes set out in this policy. When retention ends, we securely delete or anonymize data.

• Form submissions and support correspondence: 2 years from last interaction.
• Newsletter and marketing email list: until you unsubscribe, then suppression records are kept for 30 days to honor your choice.
• Analytics data (GA4): 14 months.
• Cookie consent preference: 6 months.
• Server logs and security events: 90 days unless needed to investigate incidents.
• Contracts, invoices, and accounting records: up to 6 years as required under UK law.

7) Sharing and processors

We do not sell your personal data. We share data only with trusted service providers who act on our instructions and are bound by data processing agreements. Categories of processors include:

• Hosting and infrastructure providers that store our website and server logs.
• Email and newsletter platforms to send transactional and consent-based communications.
• Analytics services (e.g., Google Analytics 4) to measure aggregate site performance, only when you have consented.
• Payment processors and billing platforms for secure payments and receipts, if purchases are enabled.
• Customer support tools for managing inquiries and replies.
• Professional advisers such as accountants or legal counsel when necessary for compliance.

If we are required by law or a valid legal process to disclose data, we will limit the disclosure to what is legally necessary and, where lawful, notify you.

8) International transfers

We operate from the United Kingdom. Some processors may be located outside the UK or the European Economic Area. Where data is transferred internationally, we implement appropriate safeguards such as the UK International Data Transfer Agreement (IDTA), the EU Standard Contractual Clauses (SCCs), and supplementary measures where needed. If a processor is located in a country with an adequacy decision, we rely on that decision. Copies of relevant transfer safeguards can be requested by contacting [email protected].

9) Your rights

Subject to legal conditions and applicable exceptions, you have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: ask us to correct inaccurate or incomplete data.
• Erasure: request deletion of your data when it is no longer needed or where you withdraw consent.
• Restriction: ask us to limit processing while we address a concern.
• Portability: receive your data in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible.
• Object: object to processing based on legitimate interests and to direct marketing at any time.
• Withdraw consent: withdraw consent for emails, analytics, or marketing pixels at any time without affecting the lawfulness of prior processing.

How to exercise your rights: email [email protected] from the address associated with your request and specify the right you wish to exercise. We may ask you to verify your identity to protect your data. We aim to respond within one month. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO). We would appreciate the chance to address your concerns first.

10) Cookies and similar technologies

Cookies are small text files placed on your device. We use a consent banner to give you control over non-essential cookies. You can accept or reject analytics and marketing cookies at any time using the banner. You can also manage cookies in your browser settings.

• Strictly necessary cookies: required to deliver the site and remember your privacy choices. Example: mh_cookie_consent (6 months).
• Analytics cookies: help us understand site performance and improve content. Set only with your consent. Examples: _ga (2 years), _ga_XXXX (14 months). We configure GA4 to respect IP anonymization features.
• Marketing cookies: used to measure the effectiveness of our advertising and avoid showing irrelevant ads. Set only with your consent. Example: _fbp (90 days).

Disabling cookies may impact certain features. You can revisit your choice by clearing site cookies or adjusting preferences if we display the banner again.

11) Children’s privacy

Our content is created for adults and is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data without appropriate consent, contact [email protected] and we will delete the information promptly.

12) Data security

We apply administrative, technical, and organizational measures designed to protect personal data, including encryption in transit (HTTPS), access controls, least-privilege principles, and routine patching. We limit the personal data we collect and retain. While we work to safeguard your information, no internet transmission or storage system can be guaranteed 100% secure. If we identify a breach that affects your data, we will notify you and the relevant authority when legally required.

13) Direct marketing and opt-out

We send educational content and product updates only when you have expressly opted in. Every marketing email includes an unsubscribe link that immediately removes you from the list. You can also email [email protected] to unsubscribe or to request deletion of your data. Transactional or service emails related to your requests may still be sent when necessary.

14) Automated decision-making

We do not engage in automated decision-making that produces legal or similarly significant effects. If we introduce features that rely on profiling for personalization, they will be optional and based on your consent, and you will be able to opt out at any time.

15) Third-party links

Our website may include links to third-party sites. Their privacy practices are not covered by this policy. We encourage you to read the privacy notices of any external websites you visit. We link only where context adds value and aim to be transparent about why a link is provided.

16) Changes to this policy

We may update this Privacy Policy to reflect changes in law, technology, or our services. Material changes will be highlighted on this page and, where appropriate, communicated by email to active subscribers. If changes alter how we process your data based on consent, we will ask you to review and renew your choices.

Last Updated: January 15, 2026

17) Contact and data protection officer

Controller: MoneyHarvester Ltd. Address: 12 Baker Street, London, W1U 3BH, United Kingdom. General enquiries: [email protected]. Privacy enquiries and rights requests: [email protected]. Phone: +44 20 3301 4486. We aim to respond within one month and sooner where possible. If your request is complex or we receive multiple requests from you, we may extend the response time by up to two months and will inform you of the reason.