Privacy Policy

This policy explains what personal data Freedom Isn't Free collects, why, and how it is handled. We are committed to being transparent and to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Last updated: June 2026

Who We Are

Freedom Isn't Free is a personal finance resource based in the United Kingdom. You can contact us about any data or privacy matter at hello@freedomisntfree.co.uk.

Data Controller

Freedom Isn't Free is operated by Michael McGettrick, who is the data controller for personal data processed via this site within the meaning of the UK General Data Protection Regulation. All data protection enquiries, subject access requests, and erasure requests should be sent to hello@freedomisntfree.co.uk or via the Data Request form on the Contact page.

What Data We Collect and Why

Newsletter subscriptions

If you sign up to our newsletter, we store your email address. We use this solely to send you our newsletter emails. We do not share this address with third parties for marketing purposes. You can unsubscribe at any time using the link in any newsletter email. Your address is removed from active sending within 24 hours and permanently deleted from our system within 7 days.

  • Data held: Email address
  • Legal basis: Consent (Article 6(1)(a) UK GDPR)
  • Retention: Until you unsubscribe (deleted within 7 days of unsubscribing)

User accounts

If you create a free account, we store a small amount of profile data to power the personalised features of our financial tools (such as saving your calculator inputs and tracking your net worth over time). Authentication is handled by Amazon Cognito, a managed service provided by Amazon Web Services (AWS) operating within the EU/UK region.

  • Data held: Email address, chosen username, age (if provided), financial tool inputs (compound interest settings, FI number settings, net worth snapshots)
  • Legal basis: Contract performance - providing the account features you signed up for (Article 6(1)(b) UK GDPR)
  • Retention: Until you delete your account. You can request deletion at any time by emailing us, and we will action the request and confirm completion within 30 days.

All financial data entered into our tools is stored in AWS DynamoDB in the eu-west-2 (London) region. No financial data is ever sold, rented, or shared with any third party.

Analytics

We may use Google Analytics 4 to understand how visitors use the site in aggregate (e.g. which articles are most read, which tools are used). This only activates if you accept non-essential cookies when prompted. If you decline, no analytics tracking is set.

  • Data held: Anonymised usage data (pages visited, session duration). No personally identifiable information is collected via analytics.
  • Legal basis: Consent (Article 6(1)(a) UK GDPR)
  • Retention: We retain anonymised analytics data for 14 months in line with Google Analytics defaults. You can request earlier deletion by contacting us.

Advertising (Google AdSense)

We use Google AdSense to display advertisements on the Site. Advertising is the way we fund the editorial content here. Google and its partners may use cookies (including the DoubleClick DART cookie) and similar technologies to serve ads based on your prior visits to this site or other sites on the internet. Ad cookies are only set if you accept non-essential cookies on the consent banner.

  • Data held by Google: Ad interaction signals, device and browser identifiers, approximate location derived from IP, ad-targeting preferences. Google processes this data under its own privacy policy.
  • Legal basis: Consent (Article 6(1)(a) UK GDPR)
  • Opt out of personalised advertising: You can disable personalised ads at google.com/settings/ads, opt out of multi-vendor personalised advertising at aboutads.info/choices (Digital Advertising Alliance), or at networkadvertising.org/choices (Network Advertising Initiative). You can also reject advertising cookies entirely on our cookie consent banner.

Cookies

We use three categories of cookies:

  • Essential cookies - required for the site to function, including authentication session tokens managed by AWS Cognito. These are set automatically and do not require your consent.
  • Analytics cookies - Google Analytics cookies that help us understand aggregated site usage. Only set if you accept non-essential cookies on the consent banner.
  • Advertising cookies - Google AdSense and its partner networks may set cookies to display and measure ads, including personalised ads where applicable. Only set if you accept non-essential cookies on the consent banner. You can revisit your choice at any time using the "Cookie Settings" link in the site footer.

Third-Party Services

We use the following third-party services that may process personal data on our behalf:

  • Amazon Web Services (AWS) - provides our authentication (Cognito) and database (DynamoDB) infrastructure. Data is stored in the eu-west-2 London region. AWS is certified under the UK GDPR international transfer mechanisms.
  • Google Analytics - website analytics, activated only with your consent. Google's privacy policy is available at policies.google.com/privacy.
  • Google AdSense - displays advertisements on the site, activated only with your consent. Google and its advertising partners may use cookies to serve personalised or non-personalised ads. Opt-out routes are listed in the Advertising section above. Google's privacy policy is available at policies.google.com/privacy, and Google's advertising policies at policies.google.com/technologies/ads.

We do not sell, rent, or otherwise share your personal data with any other third party.

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access - you can ask us what data we hold about you
  • Right to rectification - you can ask us to correct inaccurate data
  • Right to erasure - you can ask us to delete your data ("right to be forgotten")
  • Right to restriction - you can ask us to limit how we process your data
  • Right to portability - you can request a copy of your data in a machine-readable format
  • Right to object - you can object to processing based on legitimate interests
  • Right to withdraw consent - where we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please email hello@freedomisntfree.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Data Security

We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. Authentication is handled through AWS Cognito with industry-standard encryption. We do not store passwords - authentication tokens are managed entirely by AWS.

Children

This site is not directed at children under the age of 13. We do not knowingly collect personal data from children.

Changes to This Policy

We may update this policy from time to time. The date at the top of this page shows when it was last revised. Continued use of the site after a change constitutes acceptance of the updated policy.

Contact Us

For any privacy or data-related questions, please contact us at hello@freedomisntfree.co.uk.