Privacy Policy

This policy explains what personal data Freedom Isn't Free collects, why, and how it is handled. We are committed to being transparent and to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Last updated: March 2026

Who We Are

Freedom Isn't Free is a personal finance blog based in the United Kingdom. You can contact us about any data or privacy matter at hello@freedomisntfree.co.uk.

What Data We Collect and Why

Newsletter subscriptions

If you sign up to our newsletter, we store your email address. We use this solely to send you our newsletter emails. We do not share this address with third parties for marketing purposes. You can unsubscribe at any time using the link in any newsletter email, and your address will be deleted from our list.

  • Data held: Email address
  • Legal basis: Consent (Article 6(1)(a) UK GDPR)
  • Retention: Until you unsubscribe

User accounts

If you create a free account, we store a small amount of profile data to power the personalised features of our financial tools (such as saving your calculator inputs and tracking your net worth over time). Authentication is handled by Amazon Cognito, a managed service provided by Amazon Web Services (AWS) operating within the EU/UK region.

  • Data held: Email address, chosen username, age (if provided), financial tool inputs (compound interest settings, FI number settings, net worth snapshots)
  • Legal basis: Contract performance - providing the account features you signed up for (Article 6(1)(b) UK GDPR)
  • Retention: Until you delete your account. You can request deletion at any time by emailing us.

All financial data entered into our tools is stored in AWS DynamoDB in the eu-west-2 (London) region. No financial data is ever sold, rented, or shared with any third party.

Analytics

We may use Google Analytics 4 to understand how visitors use the site in aggregate (e.g. which articles are most read, which tools are used). This only activates if you accept non-essential cookies when prompted. If you decline, no analytics tracking is set.

  • Data held: Anonymised usage data (pages visited, session duration). No personally identifiable information is collected via analytics.
  • Legal basis: Consent (Article 6(1)(a) UK GDPR)
  • Retention: Per Google Analytics data retention settings (default 14 months)

Cookies

We use two types of cookies:

  • Essential cookies - required for the site to function, including authentication session tokens managed by AWS Cognito. These are set automatically and do not require your consent.
  • Non-essential cookies - analytics cookies (Google Analytics) that help us understand site usage. These are only set if you click "Accept all cookies" on the consent banner. You can change your preference at any time by clearing this site's local storage in your browser settings and revisiting.

Third-Party Services

We use the following third-party services that may process personal data on our behalf:

  • Amazon Web Services (AWS) - provides our authentication (Cognito) and database (DynamoDB) infrastructure. Data is stored in the eu-west-2 London region. AWS is certified under the UK GDPR international transfer mechanisms.
  • Google Analytics - website analytics, activated only with your consent. Google's privacy policy is available at policies.google.com/privacy.

We do not sell, rent, or otherwise share your personal data with any other third party.

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access - you can ask us what data we hold about you
  • Right to rectification - you can ask us to correct inaccurate data
  • Right to erasure - you can ask us to delete your data ("right to be forgotten")
  • Right to restriction - you can ask us to limit how we process your data
  • Right to portability - you can request a copy of your data in a machine-readable format
  • Right to object - you can object to processing based on legitimate interests
  • Right to withdraw consent - where we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please email hello@freedomisntfree.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Data Security

We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. Authentication is handled through AWS Cognito with industry-standard encryption. We do not store passwords - authentication tokens are managed entirely by AWS.

Children

This site is not directed at children under the age of 13. We do not knowingly collect personal data from children.

Changes to This Policy

We may update this policy from time to time. The date at the top of this page shows when it was last revised. Continued use of the site after a change constitutes acceptance of the updated policy.

Contact Us

For any privacy or data-related questions, please contact us at hello@freedomisntfree.co.uk.