dan@securemyname.com to do any of that.
1. Who we are
The controller of personal data under this policy is Daniel Navarro, a sole trader based in the United Kingdom, trading as "Six Dollar Sundays". You can contact us at dan@securemyname.com for anything to do with this policy or your data.
2. What we collect
Waitlist sign-ups
| Data | Purpose |
|---|---|
| Email address | To email you when Six Dollar Sundays launches and to send you the weekly Sunday list after launch |
| Role (shopper / merchant / both, optional) | To send relevant content (shoppers get the list, merchants get launch + submission flow access) |
| City (optional) | To prioritise local promo content where available |
| Free-text note (optional) | For us to read and act on if you wrote one |
Merchant submissions (when the submission flow is open)
| Data | Purpose |
|---|---|
| Merchant email | Account identity, magic-link sign-in, account communication |
| Domain | To verify ownership and to display the verified-merchant badge |
| Promo content (title, blurb, image, URL, category, expiry, target cities) | To display the promo on the Sunday list |
| IP address (server-side log only) | Security, rate limiting and fraud detection. 28-day rolling window then deleted. |
Server logs
Our web server records the IP address, request URL, response code, user agent and timestamp of every request, for security and fraud detection. Logs are kept for 28 days, then deleted. We do not link server logs to personal accounts unless a security incident requires it.
3. Why we collect it (legal basis)
- Waitlist email and weekly list: your consent (UK GDPR Article 6(1)(a)). You give consent when you submit the waitlist form. You can withdraw it any time by clicking unsubscribe in the email or by emailing us.
- Merchant account and listings: performance of a contract with you as the merchant (UK GDPR Article 6(1)(b)). Without your email and domain we can't run the verified-merchant flow.
- Security, fraud detection, IP logs: our legitimate interests in keeping the service running and abuse-free (UK GDPR Article 6(1)(f)), balanced against your privacy interests.
- Legal compliance: where we have to keep or disclose data to comply with a legal obligation (UK GDPR Article 6(1)(c)).
4. Who else processes your data
We use a small set of third-party processors:
- Amazon Web Services (AWS), Ireland and Stockholm, for hosting and transactional email (Amazon SES). UK / EU regions only.
- FormSubmit.co, US-based, to deliver the waitlist and contact form submissions to our inbox. They forward, they don't keep. Where data leaves the UK / EU through them, it travels under the UK-US Data Bridge / Standard Contractual Clauses where applicable.
We do not use Google Analytics, Facebook Pixel, third-party advertising trackers, behavioural retargeting cookies or any cross-site identifier.
5. How long we keep it
- Waitlist emails: until you unsubscribe or ask us to delete you, whichever is sooner.
- Merchant accounts and listing data: for as long as the account is active, plus 12 months after closure for dispute resolution, plus longer if a legal obligation applies (e.g. accounting records under UK tax law: 6 years).
- Server logs (IP + request): 28 days, rolling deletion.
- Email correspondence (e.g. takedown requests, support): 24 months after the last reply.
6. Cookies
The site uses no third-party tracking cookies and no first-party analytics cookies on the pre-launch site. If we add a service that requires a strictly necessary session cookie (e.g. for the merchant submission flow at launch), we will update this section.
7. Your rights under UK GDPR
You have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your data (right to be forgotten) where it's no longer needed or where you withdraw consent
- Restrict how we process your data
- Object to processing based on legitimate interests
- Data portability, getting a machine-readable copy of the data you gave us
- Withdraw consent at any time, where consent is the basis
- Lodge a complaint with the Information Commissioner's Office (the ICO, see below)
To exercise any of these rights, email dan@securemyname.com. We will respond within 30 days, often the same day. Where we need to verify your identity we may ask for confirmation from the email address we hold on file.
8. International transfers
Personal data may be transferred to and processed in countries outside the United Kingdom. Where that happens (e.g. through FormSubmit.co in the US), the transfer is covered by either an adequacy decision (such as the UK-US Data Bridge) or by Standard Contractual Clauses (SCCs). AWS Ireland and Stockholm processing stays within the EEA, which is an adequate jurisdiction under UK GDPR.
9. Children
The site is not directed at children under 16, and we do not knowingly collect personal data from children. If a parent or guardian discovers we hold data of a child under 16, please email us and we will delete it.
10. Changes to this policy
We may update this Privacy Policy. The effective date at the top changes when we do, and material changes will be flagged on the site for at least 14 days before they take effect.
11. Complaints
If you are unhappy with how we handle your data, you can complain to the UK Information Commissioner's Office:
- Website: ico.org.uk/make-a-complaint
- Phone: 0303 123 1113
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We would always prefer to hear from you first so we can fix the issue: email dan@securemyname.com.