What we collect, and what we do not.
Controller. IdentityLogic Consulting LLC, 1530 Wilson Blvd, Suite 650, Arlington, VA 22209. Contact: contact@identitylogicconsulting.com.
What we collect when you subscribe. Name, work email, company, role. Plus the URL you submitted from and any UTM parameters present. Plus the IP address that submitted the form (for abuse prevention only). We do not collect any other personal data.
Lawful basis (GDPR Article 6). Consent. You actively submit the form and confirm via double opt-in before any future email is sent.
Why we collect company and role. So we can tell who reads the series. Director-and-above security readers shape what we choose to write about next.
What we do not do. No tracking pixels in any email. No click tracking. No third-party analytics on the email. No selling, sharing, renting, or trading subscriber data. No data export to advertising platforms. No retargeting cookies on the website.
Site analytics. The site uses Vercel Web Analytics, which is cookieless and does not capture individual visitor identifiers. We see traffic-by-page and referrer at an aggregate level.
Retention. Subscriber rows are retained while the subscription is active. Unsubscribed rows are retained for 90 days with `unsubscribed_at` set so we can confirm we honored the request and so we do not accidentally re-add the address; after 90 days the row is hard-deleted.
Email sender. Transactional and issue mail is sent via Resend on behalf of IdentityLogic Consulting. Sender domain is identitylogicconsulting.com (DKIM, SPF, DMARC enforced).
Database hosting. Subscriber data is stored in a Neon Postgres database provisioned through Vercel. Geographic region: US East.
Your rights. You can unsubscribe with one click from any issue (link is in every email footer and in the List-Unsubscribe header). You can also request data export or erasure at any time by emailing contact@identitylogicconsulting.com; we respond within 30 days, faster in practice.
CAN-SPAM. Our physical mailing address is included in every issue. Unsubscribe requests are honored immediately (well inside the CAN-SPAM 10-day rule).
Changes. If we materially change what we collect or how we use it, existing subscribers receive a notice at least 14 days before the change takes effect.