the Gist

Privacy Policy

Privacy Policy – The Gist

Last updated: June 28th, 2025

1. Introduction

This Privacy Policy explains how the author and designer of the Gist (“I”, “me”, “my”) collects, uses, and protects your personal information when you use The Gist website (thegist.online) and related services.

The Gist is a non-profit, reader-supported research and information project operated by a single individual for educational and informational purposes only.

2. Data Controller

Data Controller:
Leonardo Piras
[Your Address]
[Your Email Address]
[Your Phone Number (optional)]

3. What Information We Collect

3.1 Information You Provide Directly

When you subscribe to our newsletter, we collect:

  • First name
  • Last name
  • Email address
  • Privacy consent confirmation
  • Data processing consent confirmation

3.2 Information Collected Automatically

When you visit our website, we may automatically collect:

  • IP address
  • Browser type and version
  • Operating system
  • Pages visited and time spent on pages
  • Referring website
  • General geographic location (country/city level)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

  • Consent (Article 6(1)(a)): For newsletter subscriptions and analytics cookies
  • Legitimate Interest (Article 6(1)(f)): For website analytics to improve our service and ensure website security

5. How We Use Your Information

5.1 Newsletter Subscription Data

  • To send you our newsletter and updates about The Gist
  • To manage your subscription preferences
  • To comply with legal obligations

5.2 Analytics Data

  • To understand how visitors use our website
  • To improve website performance and user experience
  • To analyze content engagement and effectiveness

6. Data Sharing and Third Parties

We work with the following third-party service providers who may process your data:

6.1 Email Services

  • Brevo: For newsletter management and delivery
  • Mailgun: For transactional email delivery

6.2 Hosting and Infrastructure

  • Hetzner: Web hosting services (Germany)

6.3 Analytics

  • Google Analytics: Website performance and visitor analytics

All third-party processors are carefully selected and must comply with GDPR requirements. We have data processing agreements in place where required.

7. Cookies and Tracking Technologies

7.1 Essential Cookies

We use essential cookies necessary for the website to function properly. These cookies do not require consent.

7.2 Analytics Cookies

We use Google Analytics cookies to understand website usage. These cookies are only set with your explicit consent.

7.3 Managing Cookies

You can control cookie preferences through your browser settings or our cookie consent banner. Disabling analytics cookies will not affect website functionality.

8. Data Retention

  • Newsletter data: Retained until you unsubscribe or request deletion
  • Analytics data: Retained for 26 months (Google Analytics default)
  • Website logs: Retained for 30 days for security purposes

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

9.1 Right of Access (Article 15)

You can request information about what personal data we hold about you.

9.2 Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure (Article 17)

You can request deletion of your personal data in certain circumstances.

9.4 Right to Restrict Processing (Article 18)

You can request that we limit how we use your personal data.

9.5 Right to Data Portability (Article 20)

You can request a copy of your data in a machine-readable format.

9.6 Right to Object (Article 21)

You can object to processing based on legitimate interests.

9.7 Right to Withdraw Consent

You can withdraw consent at any time for newsletter subscriptions and analytics cookies.

9.8 Exercising Your Rights

To exercise any of these rights, contact me at [your email address]. I will respond within one month of receiving your request.

10. Data Security

I implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. However, no internet transmission is completely secure, and I cannot guarantee absolute security.

11. International Data Transfers

Some of our service providers (like Google Analytics) may transfer data outside the EU. When this happens, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Other legally recognized transfer mechanisms

12. Children’s Privacy

The Gist is not directed at children under 16. I do not knowingly collect personal information from children under 16. If you become aware that a child has provided personal information, please contact me immediately.

13. Changes to This Privacy Policy

I may update this Privacy Policy periodically. Any changes will be posted on this page with an updated “Last updated” date. For significant changes, I may notify subscribers via email.

14. Contact Information

If you have questions about this Privacy Policy or your personal data, please contact:

Leonardo Piras
Email: leonardo.piras – at – me dot com
Website: thegist.online

15. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority.

For EU residents, you can find your local authority at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

This privacy policy is designed to comply with the General Data Protection Regulation (GDPR) and other applicable privacy laws. The Gist is committed to protecting your privacy and handling your personal data responsibly.