just between us…
Privacy & Cookies
Last updated: 6 July 2026
The Town Gossip loves a good story, but your personal data is not one we pass around. This notice explains what we collect, why, who helps us behind the scenes, and the rights you have under UK data protection law (the UK GDPR and the Data Protection Act 2018).
Who we are. The Town Gossip (gossipmailer.com) is operated by Ever After Books LTD, a company registered in England and Wales (Company No. 15169491).
Registered office: 144 Market Street, Dalton-in-Furness, LA15 8RQ, England.
Contact: lia@everafterbooks.uk
Two hats: controller and processor
We wear two different hats, and it matters which one is on:
- Controller. For our own customers (people with a Town Gossip account) and visitors to this website, we decide how and why data is used, so we are the controller.
- Processor. For the subscriber lists our customers upload and email through the service, the customer is the controller and The Town Gossip processes those subscribers' personal data only on the customer's instructions. If you received an email sent through The Town Gossip, the sender of that email is responsible for having your permission; our data-processing commitments to senders are set out in our Terms (Data Processing section).
What we collect as controller
- Account details: your email address, password (stored by Firebase Authentication, never visible to us in plain text), and if you sign in with Google, your Google account email.
- Billing details: handled by Stripe. We never see or store full card numbers; we keep your Stripe customer reference, plan and subscription status.
- Your content and settings: brands, templates, drafts, campaigns, signup forms, sending domain, and your business postal address (which appears in the footer of emails you send, as anti-spam law requires).
- Service records: sending volumes, delivery, open and click statistics, and technical logs needed to run and secure the service.
Why (lawful bases): to perform our contract with you (providing the service and billing), our legitimate interests (securing and improving the service, preventing abuse), and legal obligations (accounting and tax records).
What we process as processor
On behalf of our customers we process their subscribers' data: names, email addresses, subscription status, list membership, consent records, unsubscribe requests, and per-campaign engagement (opens and clicks). We use it only to provide the service to that customer, never for our own marketing, and we never sell it or rent it out. Every email sent through the service carries a one-click unsubscribe link, which works immediately.
Who helps behind the scenes (sub-processors and providers)
| Provider | What they do | Where |
|---|---|---|
| Google Firebase (Google Cloud) | Hosting, sign-in (Firebase Authentication) and database storage for accounts, settings and subscriber lists | USA / EU, under Google's UK GDPR safeguards |
| Stripe | Payments and subscription billing | USA / EU, under Stripe's UK GDPR safeguards |
| Amazon Web Services (Amazon SES) | Email delivery: sending the newsletters and measuring delivery, opens and clicks | EU (Ireland region), AWS UK GDPR safeguards |
| Anthropic | The optional "Write with AI" feature sends your brief and brand details (never your subscriber list) to Anthropic's Claude to draft a newsletter | USA, under Anthropic's UK GDPR safeguards |
Where these providers are outside the UK, transfers rely on the UK International Data Transfer Agreement or Addendum and the providers' own approved safeguards.
How long we keep things
Account data is kept while your account is active. If you close your account (or ask us to), we delete your account data and your subscriber lists within 30 days, apart from records we must keep for legal reasons (such as billing records, kept for 6 years). You can export your subscriber list yourself at any time from the app.
Your rights
Under the UK GDPR you can ask us for access to your data, correction, erasure, restriction, portability, and you can object to processing based on legitimate interests. Email lia@everafterbooks.uk and we will respond within one month. If you are a subscriber on a customer's list, we will pass your request to the sender (the controller) or help you unsubscribe directly. You can also complain to the Information Commissioner's Office at ico.org.uk.
Cookies
The short version: hardly any, and none of the nosy kind.
- Essential sign-in only. The app uses Firebase Authentication, which stores a small amount of data in your browser (local storage and, for Google sign-in, Google's own session cookies) purely so you stay signed in. These are strictly necessary for the service to work, so no consent banner is required.
- No analytics, no advertising. We do not run analytics cookies, tracking pixels on this website, advertising cookies or social media trackers. We do not follow you around the internet; we only gossip about newsletters.
You can clear these at any time through your browser settings; you will simply be signed out.
Changes
If we change this notice in a way that matters, we will say so on this page and update the date at the top.
