InsiderFlow

Privacy Policy

Last updated: April 2026

1. Overview

InsiderFlow ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, the legal basis for processing, and your rights regarding that information.

InsiderFlow operates as an independent newsletter serving a global audience. Our correspondence address is:

InsiderFlow
1207 Delaware Ave #1746
Wilmington, DE 19806
United States

For privacy-related inquiries, contact [email protected].

2. Information We Collect

We collect only the information you voluntarily provide:

  • Email address — when you sign up for the InsiderFlow weekly newsletter.

We do not collect payment information, create user accounts, or track personal browsing behaviour beyond standard infrastructure logging described below.

3. Legal Basis for Processing

Under the EU General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:

  • Consent (Art. 6(1)(a) GDPR) — for sending you the InsiderFlow newsletter. You may withdraw consent at any time by unsubscribing.
  • Legitimate interest (Art. 6(1)(f) GDPR) — for operating, securing, and protecting the website against abuse via standard infrastructure logs.

4. Email & Newsletter — Kit

Our newsletter is operated through Kit (kit.com, formerly ConvertKit). When you subscribe, your email address is transmitted to and stored by Kit in accordance with their Privacy Policy and data processing terms.

By subscribing, you consent to your email address being processed by Kit for the purpose of sending you the InsiderFlow weekly briefing. You can unsubscribe at any time using the unsubscribe link in any email we send.

5. Hosting & Infrastructure — Cloudflare

The InsiderFlow website is hosted on Cloudflare Pages and served through Cloudflare's global network. Cloudflare may collect standard server logs including IP addresses, request timestamps, and browser information as part of their infrastructure and DDoS protection services.

This data is processed by Cloudflare in accordance with their Privacy Policy. We do not have access to individual-level Cloudflare infrastructure logs.

6. International Data Transfers

Kit and Cloudflare are based in the United States. When you subscribe or visit our site, your data may be transferred to and processed in the US. These transfers are protected by appropriate safeguards including the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable.

7. Cookies & Tracking

InsiderFlow does not use first-party cookies, tracking pixels, or analytics scripts. Cloudflare may set technical cookies strictly necessary for security and performance purposes, which do not require consent under the ePrivacy Directive.

8. Data Sharing

We do not sell, trade, or rent your personal information to third parties. Your email is shared only with Kit for the purpose of newsletter delivery, and with Cloudflare as part of standard web infrastructure, as described above.

9. Data Retention & Deletion

Your email address is retained by Kit for as long as you remain subscribed. After you unsubscribe, your email is retained for up to 30 days for compliance and abuse-prevention purposes, then deleted or anonymised. You may request immediate deletion at any time by contacting us.

10. Your Rights

Under the GDPR and similar privacy laws, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure ("right to be forgotten") — request deletion of your data.
  • Restriction — ask us to limit processing of your data.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — at any time, without affecting prior lawful processing.

To exercise any of these rights, email [email protected]. We respond to verified requests within 30 days as required by GDPR.

If you reside in the European Union or United Kingdom, you also have the right to lodge a complaint with your local data protection authority — typically the supervisory authority in your country of residence.

11. Children's Privacy

We do not knowingly collect data from individuals under 16 (see our Terms of Service for eligibility requirements). If you believe a child has provided us their email, contact [email protected] and we will delete the data promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "last updated" date at the top of this page reflects the most recent revision. Material changes will be communicated via the newsletter where appropriate.

13. Contact

For privacy inquiries, data subject requests, or general questions, email [email protected].