dan@securemyname.com to do any of that.
1. Who we are
The controller of personal data under this policy is Daniel Navarro, a sole trader based in the United Kingdom, trading as "Five Dollar Fridays". You can contact us at dan@securemyname.com for anything to do with this policy or your data.
2. What we collect
Waitlist sign-ups
| Data | Purpose |
|---|---|
| Email address | To email you when Five Dollar Fridays launches and to send you the weekly Friday list after launch |
| Role (shopper / merchant / both, optional) | To send relevant content (shoppers get the list, merchants get launch + submission flow access) |
| City (optional) | To prioritise local promo content where available |
| Free-text note (optional) | For us to read and act on if you wrote one |
Merchant submissions (when the submission flow is open)
| Data | Purpose |
|---|---|
| Merchant email | Account identity, magic-link sign-in, account communication |
| Domain | To verify ownership and to display the verified-merchant badge |
| Promo content (title, blurb, image, URL, category, expiry, target cities) | To display the promo on the Friday list |
| IP address (server-side log only) | Security, rate limiting and fraud detection. 28-day rolling window then deleted. |
Server logs
Our web server records the IP address, request URL, response code, user agent and timestamp of every request, for security and fraud detection. Logs are kept for 28 days, then deleted. We do not link server logs to personal accounts unless a security incident requires it.
3. Why we collect it (legal basis)
- Waitlist email and weekly list: your consent (UK GDPR Article 6(1)(a)). You give consent when you submit the waitlist form. You can withdraw it any time by clicking unsubscribe in the email or by emailing us.
- Merchant account and listings: performance of a contract with you as the merchant (UK GDPR Article 6(1)(b)). Without your email and domain we can't run the verified-merchant flow.
- Security, fraud detection, IP logs: our legitimate interests in keeping the service running and abuse-free (UK GDPR Article 6(1)(f)), balanced against your privacy interests.
- Legal compliance: where we have to keep or disclose data to comply with a legal obligation (UK GDPR Article 6(1)(c)).
4. Who else processes your data
We use a small set of third-party processors:
- Amazon Web Services (AWS), Ireland and Stockholm, for hosting and transactional email (Amazon SES). UK / EU regions only.
- FormSubmit.co, US-based, to deliver the waitlist and contact form submissions to our inbox. They forward, they don't keep. Where data leaves the UK / EU through them, it travels under the UK-US Data Bridge / Standard Contractual Clauses where applicable.
- Google Analytics 4 (GA4), US-based with EU data routing, for aggregate site analytics. GA4 records: anonymised IP address (Google truncates the last octet), referrer, requested URL, user agent, screen size, country (not city), and event timestamps. It does not receive your email address or any merchant submission content. We have IP anonymisation on and ad-personalisation signals off. Transfers to the US are covered by the UK-US Data Bridge.
We do not use Facebook Pixel, third-party advertising trackers, behavioural retargeting cookies or any cross-site identifier.
5. How long we keep it
- Waitlist emails: until you unsubscribe or ask us to delete you, whichever is sooner.
- Merchant accounts and listing data: for as long as the account is active, plus 12 months after closure for dispute resolution, plus longer if a legal obligation applies (e.g. accounting records under UK tax law: 6 years).
- Server logs (IP + request): 28 days, rolling deletion.
- Email correspondence (e.g. takedown requests, support): 24 months after the last reply.
6. Cookies
The site sets the following cookies:
- _ga and _ga_PKW12KQF0X (Google Analytics 4), used to distinguish unique site visits for aggregate analytics. Expire after 13 months. First-party (set on fivedollarfridays.com), not shared cross-site.
We use no third-party advertising cookies, no behavioural-retargeting cookies, and no cross-site identifiers. If we add a service that requires a strictly necessary session cookie (e.g. for the merchant submission flow at launch), we will update this section.
You can block these cookies in your browser settings, or install the official Google Analytics Opt-out Browser Add-on, without losing access to any part of the site.
7. Your rights under UK GDPR
You have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your data (right to be forgotten) where it's no longer needed or where you withdraw consent
- Restrict how we process your data
- Object to processing based on legitimate interests
- Data portability, getting a machine-readable copy of the data you gave us
- Withdraw consent at any time, where consent is the basis
- Lodge a complaint with the Information Commissioner's Office (the ICO, see below)
To exercise any of these rights, email dan@securemyname.com. We will respond within 30 days, often the same day. Where we need to verify your identity we may ask for confirmation from the email address we hold on file.
8. International transfers
Personal data may be transferred to and processed in countries outside the United Kingdom. Where that happens (e.g. through FormSubmit.co in the US), the transfer is covered by either an adequacy decision (such as the UK-US Data Bridge) or by Standard Contractual Clauses (SCCs). AWS Ireland and Stockholm processing stays within the EEA, which is an adequate jurisdiction under UK GDPR.
9. Children
The site is not directed at children under 16, and we do not knowingly collect personal data from children. If a parent or guardian discovers we hold data of a child under 16, please email us and we will delete it.
10. Changes to this policy
We may update this Privacy Policy. The effective date at the top changes when we do, and material changes will be flagged on the site for at least 14 days before they take effect.
11. Complaints
If you are unhappy with how we handle your data, you can complain to the UK Information Commissioner's Office:
- Website: ico.org.uk/make-a-complaint
- Phone: 0303 123 1113
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We would always prefer to hear from you first so we can fix the issue: email dan@securemyname.com.