Newsletters|RSS
lobbyinsider
Live
Loading the latest…

Legal

Privacy & cookies

Last updated: 20 April 2026. How we handle your personal data under UK GDPR and the Data Protection Act 2018.

1. Who we are

Lobby Insider ("we", "us", "our") is the data controller for the personal data we collect through the Lobby Insider website, newsletters, comment facilities, bookmarks, RSS feeds and any other service we operate (together, the "Services"). You can reach us at any time via our contact page or by emailing hello@lobbyinsider.co.uk.

This policy explains what personal data we collect, why we collect it, how we use it, who we share it with, how long we keep it, and the rights you have over it. It applies whether you visit us as a logged-out reader, register an account, subscribe to a newsletter, post a comment, take out a paid subscription, or contact us.

2. The data we collect

Data you give us

  • Account data: name, email address and a hashed password when you register. Authentication is handled by Supabase Auth.
  • User content: comments, bookmarks and any contributions you submit.
  • Communications: the contents of messages you send via our contact form and any follow-up correspondence.
  • Newsletter subscriptions: the newsletters you have opted into. Subscriber email addresses are stored encrypted at rest, with a hash used for de-duplication and unsubscribe links.
  • Payment data (subscribers only): if you subscribe to Ad-free or Premium, Stripe collects your payment details directly. We only ever receive a Stripe customer ID, your subscription tier and status, and the period end date — we never see or store your full card number.

Data we collect automatically

  • Usage data: articles viewed (for the "Most read" rail and for our editors' reporting), referring URL, and search terms used on the site. Article views are recorded against a per-browser anonymous key, not your account.
  • Device data: IP address (used transiently for security and rate limiting), browser type and version, operating system and device type.
  • Cookies and similar technologies: see section 9 below.
  • Error reports: if you submit an error report, or if our system captures an unhandled error, we log the error message, the page URL, your browser's user-agent, and (if you are signed in) your user ID, so our engineers can fix the issue.

Data from third parties

  • Stripe tells us whether a subscription payment succeeded, the subscription's status (active, past due, cancelled) and the renewal date.
  • Resend (our transactional email provider) confirms whether newsletter and account emails were delivered.
  • Google AdSense may report aggregate, non-identifying ad performance to us (impressions, clicks). See section 4 for how AdSense uses your data.

3. How we use your data and why

UK GDPR requires us to have a lawful basis for using your data. The bases we rely on are:

  • Contract: to create and run your account, process subscription payments, deliver paid features and respond to support requests.
  • Legitimate interests: to keep the Services secure, prevent fraud, abuse and spam, moderate comments, measure overall readership of articles, and improve our journalism and product.
  • Consent: for non-essential cookies (including personalised advertising), and for our newsletters. You can withdraw consent at any time.
  • Legal obligation: to comply with tax, accounting, regulatory and law-enforcement obligations.

4. Advertising

Lobby Insider is partly funded by display advertising. We currently use Google AdSense to serve ads in articles and on listing pages to readers on the free tier. Ads are loaded directly by Google's adsbygoogle script.

Google may use cookies and similar technologies to:

  • show you ads based on your previous visits to our Services or other sites ("personalised advertising");
  • measure ad performance and prevent the same ad being shown repeatedly;
  • detect and prevent ad fraud and abuse.

Personalised ads: when you first visit Lobby Insider, Google may ask for your consent to use your data for personalised advertising in line with the EU/UK "consent or pay" framework that applies to publishers using AdSense. You can change your choice at any time at adssettings.google.com, and you can opt out of personalised advertising across the wider web via youronlinechoices.com. If you decline personalised ads you will still see ads, but they will be non-personalised (contextual).

No ads for paying subscribers: readers on the Ad-free and Premium tiers do not see AdSense slots and the AdSense script is not loaded for them.

Google is an independent data controller for the data it collects through ads. For full details see Google's advertising privacy notice and privacy policy.

5. Who we share your data with

We never sell your personal data. We share it only with:

  • Resend — our transactional and newsletter email provider.
  • Google AdSense — advertising on the free tier (see section 4).
  • Hosting and content delivery providers used to serve the Services.
  • Authorities where we are legally required to disclose data, for example in response to a valid court order or to protect our rights and the safety of others.
  • A buyer of all or part of our business if we are sold or restructured, subject to the protections in this policy.

6. International transfers

Some of our suppliers (including Stripe, Google and Resend) are based outside the UK and the European Economic Area. Where we transfer personal data internationally we rely on adequacy decisions or use Standard Contractual Clauses approved by the UK Information Commissioner, together with additional safeguards where appropriate.

7. How long we keep your data

  • Account data: for as long as your account is active. You can delete your account at any time from your settings.
  • Comments and bookmarks: for as long as the related article is published, unless you delete them sooner.
  • Subscription and billing records: for at least 6 years after the end of the relationship, to meet HMRC requirements.
  • Newsletter subscribers: until you unsubscribe.
  • Article view records: kept against a rotating per-browser anonymous key and aggregated for the "Most read" rail; raw rows older than 90 days are pruned.
  • Error reports and security logs: for up to 90 days.
  • Moderation records (including ban reasons): kept for as long as the restriction is in force, and for a reasonable period afterwards for audit purposes.

8. Your rights

Under UK GDPR you have the right to:

  • Access a copy of the personal data we hold about you.
  • Rectify inaccurate or incomplete data — most fields you can edit yourself in your profile and settings.
  • Erase your data in certain circumstances ("right to be forgotten").
  • Restrict or object to certain processing, including direct marketing.
  • Data portability — receive your data in a machine-readable format.
  • Withdraw consent at any time where we rely on it (for example, personalised ads or newsletter subscriptions).
  • Complain to the UK Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, get in touch via our contact page. We will respond within one month and may need to verify your identity first.

9. Cookies and similar technologies

Cookies are small text files placed on your device. We — and the third parties listed in section 5 — use them, together with similar technologies like browser local storage, to make the Services work, to remember your preferences (such as theme), to keep you signed in, and (with your consent) to serve personalised advertising. The table below lists the cookies and storage keys currently in use, what they do, who sets them, and how long they last.

You can manage personalised-advertising consent through Google's consent prompt and at adssettings.google.com. You can clear or block cookies in your browser settings, but blocking essential cookies may break parts of the site (for example, you may not be able to stay signed in).

0 items detected on your device
NameProviderPurposeCategoryDurationType
No cookies or storage detected on your device.

This list is generated live from the cookies and storage on your device right now. It updates automatically whenever you reload — no manual maintenance required.

10. Children

The Services are not directed at children under 16 and we do not knowingly collect personal data from them. If you believe a child has given us their data, please contact us so we can delete it.

11. Security

We use industry-standard technical and organisational measures to protect your data, including TLS encryption in transit, encryption at rest in our database, hashed passwords, row-level security policies on user data, encryption of newsletter subscriber email addresses, and mandatory two-factor authentication for staff accounts (admins, moderators and authors). No system is 100% secure, but we work hard to keep your data safe and will notify you and the ICO of any breach that is likely to affect your rights.

12. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page tells you when it was last revised. Where changes are material we will let registered users know by email or an in-product notice.

13. Contact us

For privacy questions or to exercise your rights, please get in touch via our contact page or email hello@lobbyinsider.co.uk.