1. Who we are

TheFragHub (“we“, “us“, “our“) is the publisher of thefraghub.com. For the purposes of EU/UK GDPR, we are the data controller of personal data collected through this site. You can contact our privacy team at privacy@thefraghub.com.

2. Information we collect

2.1 Information you provide directly

• Newsletter signups. Email address, optional name. Used solely to deliver the newsletter you requested.
• Contact and tip submissions. Email address, message content, and any attachments you choose to send. Used to respond to your message.
• Comments (if enabled). Display name, email address, comment content, and IP address.

2.2 Information collected automatically

• Log data. IP address, approximate location (country/region), browser type and version, operating system, referring URL, pages viewed, time spent on each page, and timestamps of access.
• Device data. Screen size, language preference, and similar non-identifying technical information.
• Cookies and similar technologies. See Section 5 for the full breakdown.

2.3 Information from third parties

If you connect to our site from a third-party platform (for example, signing in via a federated identity provider, if we offer one), we receive only the limited information you authorize that platform to share — typically a username and email address. We never request access to friend lists, contacts, or platform activity beyond what is required for sign-in.

3. How we use your information

• To operate, maintain, and improve thefraghub.com and its content.
• To send the newsletter you have subscribed to and to respond to messages you send us.
• To measure aggregate site usage so we can prioritize coverage and fix performance issues.
• To detect and prevent fraud, abuse, scraping, and security incidents.
• To comply with legal obligations and to enforce our Terms of Service.

We do not sell your personal information. We do not share your personal information with third parties for their own marketing purposes. We do not profile readers in order to make automated decisions about them.

4. Legal basis for processing (GDPR / UK GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, our legal basis for processing your personal data depends on the specific data and the context:

• Consent (Art. 6(1)(a) GDPR). For non-essential cookies, marketing-class analytics, and email newsletter sign-ups. You may withdraw consent at any time without affecting prior processing.
• Contract (Art. 6(1)(b)). Where processing is necessary to deliver a service you have explicitly requested (e.g. responding to your contact-form submission).
• Legitimate interests (Art. 6(1)(f)). For aggregate analytics, security and fraud prevention, and basic site operations — balanced against your rights and freedoms.
• Legal obligation (Art. 6(1)(c)). Where we must process data to comply with applicable law.

5. Cookies and similar technologies

We use a small number of cookies and similar technologies. We group them into three categories. Non-essential cookies are only set after you accept them via our cookie banner.

You can change your cookie preferences at any time by clicking Cookie Settings in the footer.

6. When we share information

We share personal data only in these limited circumstances:

• Service providers. Web hosting (WordPress.com / managed VPS), email delivery for the newsletter, and aggregate analytics. Each provider is bound by a written data-processing agreement and processes data only on our instructions.
• Legal requirements. When required to comply with a valid legal process, court order, or to protect our rights, safety, or property — or that of our readers.
• Business transfers. If we are involved in a merger, acquisition, or sale of assets, we will provide notice and choice before personal data becomes subject to a different privacy policy.

7. International data transfers

Some of our service providers process personal data in countries outside your country of residence, including the United States. Where personal data of EU/UK/EEA residents is transferred to a country without an adequacy decision, we rely on appropriate safeguards — typically the European Commission’s Standard Contractual Clauses (SCCs) or the UK International Data Transfer Addendum, plus supplementary technical measures such as encryption in transit and at rest.

8. Data retention

• Newsletter data: kept until you unsubscribe, then deleted within 30 days.
• Contact form / tips: kept for up to 24 months after our last interaction, then deleted unless an ongoing matter requires longer retention.
• Server logs: 30 days, then deleted or anonymized.
• Analytics data: aggregated and anonymized within 14 months.
• Comments (if enabled): retained for as long as the article is published. You can request deletion at any time.

9. Your rights — EU / UK / EEA / Switzerland

Under GDPR and UK GDPR, you have the following rights:

• Access — request a copy of the personal data we hold about you.
• Rectification — correct inaccurate or incomplete data.
• Erasure (“right to be forgotten”) — ask us to delete your personal data.
• Restriction — limit how we process your data.
• Portability — receive your data in a structured, machine-readable format and transmit it elsewhere.
• Objection — object to processing based on our legitimate interests.
• Withdraw consent — at any time, where processing is based on consent.
• Lodge a complaint — with your local supervisory authority (e.g. CNIL in France, AEPD in Spain, ICO in the UK, BfDI in Germany). We would prefer the chance to address your concern first — contact us at privacy@thefraghub.com.

We respond to verifiable rights requests within 30 days (extendable to 60 days for complex requests with notice).

10. Your rights — United States

If you are a resident of California (CCPA/CPRA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Virginia (VCDPA), or another US state with applicable privacy law, you have specific rights:

• Right to know what personal information we collect about you and how we use it.
• Right to delete personal information we have collected from you, subject to certain exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of “sale” or “sharing” of your personal information. We do not sell or share personal information for cross-context behavioral advertising.
• Right to limit use of sensitive personal information. We do not collect sensitive personal information beyond what is required to operate this site.
• Right to non-discrimination. We will not deny service, charge different prices, or provide a different level of quality because you exercised your privacy rights.

Categories of personal information collected (CCPA/CPRA): identifiers (IP, email if you submit one), internet/network activity (browsing, log data), commercial information (newsletter subscription status), and inferences drawn from these (e.g. content preferences for editorial planning). Sources: directly from you, automatically as you browse, and from third-party login providers if you use them.

11. Children’s privacy

This site is not directed at children. We do not knowingly collect personal information from children under 13 in the United States (COPPA) or under 16 in the EU/UK/EEA. If you believe a child has provided personal information to us, please contact us at privacy@thefraghub.com and we will delete it promptly.

12. Security

We use industry-standard technical and organizational measures to protect personal data: TLS 1.3 in transit, encryption at rest where supported, principle-of-least-privilege access controls for our team, and routine security review. No internet transmission is ever 100% secure, but we treat security as a continuous practice rather than a one-time setup.

13. Third-party links

Our site links to third-party sites and services we do not control. This Privacy Policy applies only to thefraghub.com. We encourage you to read the privacy policies of any third-party site you visit through one of our links.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page and, for material changes, will notify you via prominent notice on the site or, where you have provided an email address, by email. Changes are not retroactive.

15. How to contact us