Privacy Policy
Last updated: May 2026 · Compliant with UK GDPR and Data Protection Act 2018
Overview
This Privacy Policy explains how The 4 Horsemen collects, uses, stores, and protects your personal data. We are committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Data Controller
Clayton Brett
Email: support@the-4-horsemen.com
For all data-related enquiries, requests, or complaints, please contact us at the email above.
What Data We Collect
| Data | Purpose | Legal Basis |
|---|---|---|
| Email address | Account creation, sign-in, transactional emails (alerts, receipts) | Contract performance |
| Usage data | Service improvement, error monitoring | Legitimate interests |
| Payment data | Subscription billing (processed and stored by Stripe — we do not store card details) | Contract performance |
We do not collect sensitive personal data (special category data under UK GDPR Article 9).
How We Use Your Data
- • To create and manage your account
- • To send sign-in links and transactional emails (buy zone alerts, receipts)
- • To process subscription payments and manage billing
- • To investigate and resolve technical issues
- • To comply with legal obligations
We do not sell your personal data. We do not use your data for automated decision-making that produces legal or similarly significant effects.
Data Storage & Security
Your data is stored on servers operated by Hetzner Online GmbH, located in Nuremberg, Germany (EU). Transfers of data from the UK to Germany are covered by the UK's adequacy regulations for EU/EEA transfers (UK GDPR Article 45).
We implement appropriate technical and organisational security measures including encrypted connections (TLS), access controls, and regular security reviews.
Third-Party Processors
| Processor | Purpose | Location |
|---|---|---|
| Hetzner Online GmbH | Server hosting and storage | Germany (EU) |
| Stripe Inc. | Payment processing | US (SCCs apply) |
| Resend Inc. | Transactional email delivery | US (SCCs apply) |
SCCs = Standard Contractual Clauses — the approved mechanism for UK-to-US data transfers under UK GDPR.
Cookies
The Platform uses essential cookies only — specifically session cookies required for sign-in functionality. Essential cookies are necessary for the Platform to operate and do not require consent under the UK Privacy and Electronic Communications Regulations (PECR).
We do not use advertising cookies, tracking pixels, or third-party analytics cookies.
Data Retention
- • Account data: Retained while your account is active, plus 30 days after deletion to allow for recovery requests
- • Payment records: Retained for 7 years as required by UK HMRC regulations
- • Email logs: Retained for 90 days for security and debugging purposes
Your Rights Under UK GDPR
You have the following rights regarding your personal data:
Right of Access (Article 15)
Request a copy of all personal data we hold about you
Right to Rectification (Article 16)
Request correction of inaccurate or incomplete data
Right to Erasure (Article 17)
Request deletion of your data ('right to be forgotten'), subject to legal retention obligations
Right to Restriction (Article 18)
Request that we limit processing of your data in certain circumstances
Right to Portability (Article 20)
Receive your data in a structured, machine-readable format
Right to Object (Article 21)
Object to processing based on legitimate interests
To exercise any right, email support@the-4-horsemen.com with your request. We will respond within 30 days as required by UK GDPR.
Complaints
If you believe we have mishandled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection supervisory authority:
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The date at the top of this page indicates when it was last updated. For material changes, we will notify registered users by email where practicable.