Here’s the updated Privacy Policy with GDPR compliance:

Privacy Policy

Effective Date: 11/17/2025

1. Introduction

This Privacy Policy explains how “The Founder” newsletter collects, uses, and protects your personal information when you subscribe via Substack.

2. Information We Collect

When you subscribe, we collect:

• Email address (required for newsletter delivery)

• Name (if provided)

• Reading behavior (via Substack analytics: open rates, click rates, engagement metrics)

• Payment information (if paid tiers are introduced - processed securely by Substack)

3. How We Use Your Information

Your information is used to:

• Deliver newsletter content to your inbox

• Improve content based on engagement analytics

• Send occasional announcements related to The Founder newsletter

• Respond to your inquiries or feedback

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your data based on:

• Consent: You voluntarily subscribe to receive our newsletter

• Legitimate interests: To improve content and analyze engagement metrics

5. Information Sharing

• We do not sell, rent, or share your email address with third parties

• Substack, as our newsletter platform, has access to subscriber data as outlined in Substack’s Privacy Policy

• We may share aggregated, anonymized data (e.g., “50% of subscribers opened this email”) for business purposes

6. Data Security

• Your data is stored securely on Substack’s platform

• Substack uses industry-standard security measures to protect subscriber information

• No system is 100% secure; we cannot guarantee absolute security

7. Your Rights

You have the right to:

• Access your personal data

• Update your email or name through Substack settings

• Unsubscribe at any time using the unsubscribe link in emails

• Request deletion of your data by contacting us directly

8. GDPR Compliance (For EU/EEA Subscribers)

As a newsletter based in Italy, we comply with the General Data Protection Regulation (GDPR). If you’re located in the European Economic Area (EEA), you have additional rights:

• Right to access your personal data

• Right to rectification of inaccurate data

• Right to erasure (”right to be forgotten”)

• Right to restrict processing

• Right to data portability

• Right to object to processing

• Right to withdraw consent at any time

To exercise these rights, contact: [Your Email]

We will respond to your request within 30 days as required by GDPR.

9. Data Retention

• We retain your email address and associated data as long as you remain subscribed

• If you unsubscribe, your data will be deleted from our active database within 30 days, except where retention is required by law

10. International Data Transfers

Substack is based in the United States. By subscribing, you consent to your data being transferred and processed in the U.S. Substack complies with applicable data protection laws for international transfers.

11. Cookies and Tracking

• Substack may use cookies to track engagement metrics

• We do not use additional third-party tracking beyond Substack’s built-in analytics

12. Third-Party Links

Our newsletter may contain links to external websites. We are not responsible for the privacy practices of those sites.

13. Children’s Privacy

The Founder newsletter is not intended for individuals under 18 years of age. We do not knowingly collect data from minors.

14. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be communicated via email or posted on Substack.

15. Contact

For questions or requests regarding your data, contact: [Your Email]

For GDPR-related inquiries, you may also contact the Italian Data Protection Authority (Garante per la protezione dei dati personali):

https://www.garanteprivacy.it

16. Substack’s Role

Substack is our newsletter platform and processes your data on our behalf. Review their privacy practices here: https://substack.com/privacy