Privacy and cookies

I keep the smallest amount of data needed to run the site and the features you choose, and I give you clear control over the rest. No advertising, no profiling, and I never sell your data.

Last updated
June 2026
Version
2.0
How your data flowsFrom you and your browser, essential data is always on and keeps the site working. Analytics and diagnostics are optional and stay off until you allow them. Data is held by a small set of trusted providers, each bound by a data processing contract, and everything is deleted automatically on a schedule.Youyour browserEssentialAlways on, keeps the site workingAnalyticsOptional, off until you allow itDiagnosticsOptional, off until you allow itTrusted providersVercel, Neon, Resend,Plausible, SentryEach bound by a dataprocessing contractScheduled deletionDeleted automatically on a schedule
You use the site. Essential data keeps it working and is always on. Analytics and diagnostics stay off until you allow them. A small set of trusted providers holds the data under contract, and everything is deleted automatically on a schedule.

Who runs this site

Ransford's Notes is run by me, Ransford Amponsah, as an individual. I am the data controller, which means I decide how and why your personal data is used. As a sole trader I am not required to appoint a data protection officer.
For anything to do with your data, or to use any of the rights below, email me at ransford.amponsah@ransfordsnotes.com.

What I collect and why

I only collect what I need to run the site and the features you choose to use. Giving me this data is your choice and is not a legal or contractual requirement. If you would rather not, you can still read courses and use most tools. You simply will not be able to sign in or receive the newsletter.
  • Account and identity When you sign in, I store your email address and the basic profile (name, picture) from the sign-in method you chose, so I can keep your account and progress.
  • Security and sessions To keep your account safe I record sign-in sessions, device and browser details, and IP address, and log security events such as sign-ins.
  • Two-factor authentication If you turn it on, I store the settings needed to verify it, for example an encrypted authenticator secret or a passkey.
  • Analytics (optional) If you allow it, Plausible counts page and tool usage so I can see what is useful. It is cookieless and collects no payment data or anything you type into a tool.
  • Diagnostics (optional) If you allow it, Sentry receives technical error reports so I can fix bugs. It sends error details only.
  • Newsletter If you subscribe, I store your email and preferences to send the updates you asked for, plus a record of your consent, including the date and the IP address you subscribed from.
  • Feedback If you send feedback, I store what you wrote, and a screenshot only if you choose to attach one, so I can look into it.
  • Tool usage When you run a tool while signed in, I record basic usage so the feature works and to keep the service fair for everyone.

My lawful bases

Under UK data protection law I must have a lawful basis, a legal reason, for using your data. I rely on:
  • Consent for optional analytics, diagnostics, and the newsletter. You can withdraw it at any time.
  • Contract to provide your account, your progress, and the signed-in features you ask for, including running tools.
  • Legitimate interests to keep the site secure, prevent abuse, and keep tools available through fair-use limits. I rely on this only where the effect on you is minimal, I collect as little as possible, and you can object at any time.
I do not make automated decisions that have a legal or similarly significant effect on you. I do use automated checks such as rate limits and fair-use limits to keep the service available, but these do not build a profile of you.

Cookies

Cookies are small files stored on your device. I use only a small set of essential and functional cookies, listed below. The analytics and diagnostics do not use cookies at all, but because they still run in your browser I ask for your consent before loading them.
Cookie and consent categoriesEssential cookies are always on and keep the site working. Functional cookies remember your light or dark theme. Analytics and diagnostics are optional, cookieless, and stay off until you allow them.EssentialAlways onrn-consent, sign-in session, CSRF token6 months / 14 days / sessionFunctionalRemembers your choicern-theme (light or dark)About 1 yearAnalyticsOff until you allow itPlausible, cookielessNo cookiesDiagnosticsOff until you allow itSentry, cookielessNo cookies
Change your analytics and diagnostics choices at any time.
Only essential and functional cookies are ever set, and they are listed in full below. Analytics and diagnostics are cookieless and stay off until you allow them. You can change your choices at any time.
Cookies used on this site, their purpose and lifetime.
CookiePurposeLifetimeType
rn-consentRemembers your cookie choices so you are not asked again.6 monthsEssential
Session tokenKeeps you signed in securely after you log in.Up to 14 daysEssential
CSRF tokenHelps protect sign-in and forms against forged requests from other sites.Browser sessionEssential
rn-themeRemembers your light or dark mode preference.About 1 yearFunctional

Who I share data with

I do not sell your data. I share it only with the service providers that help me run the site, and only as far as they need it. Each one is bound by a contract that requires it to protect your data.
  • Vercel Hosts the website and runs the application.
  • Neon Hosts the database that stores your account and activity data.
  • Resend Sends your sign-in links and any newsletter you subscribe to.
  • Plausible Privacy-friendly, cookieless usage analytics. Loaded only if you allow analytics.
  • Sentry Error and crash diagnostics. Loaded only if you allow diagnostics.
  • Google and GitHub Optional sign-in providers, used only if you choose to sign in with them.
I may also disclose data if the law requires it, or to protect the rights, safety, or security of the site and the people who use it.

How I protect data

Your data is encrypted in transit, sign-in is passwordless with optional two-factor authentication, and access to the database is restricted. I keep as little as I need and delete the rest automatically. No system is ever completely secure, but if a breach ever put your rights at serious risk I would report it to the ICO and tell you where the law requires.

International transfers

Some of my providers are based outside the United Kingdom, mainly in the United States. That includes Vercel and Neon, which host the site and the database, and, where they are switched on, Resend, Sentry, and the Google or GitHub sign-in you choose. Plausible analytics is hosted in the European Union. Where data goes outside the UK, the transfer is covered by UK adequacy regulations or the UK International Data Transfer Agreement, the UK addendum to the standard contractual clauses, so it stays protected to UK standards.

How long I keep data

I keep data only as long as I need it, then delete it automatically. A daily clean-up removes anything past these limits.
How long I keep dataTwo-factor challenges are kept 2 days, a feedback screenshot 7 days, sign-in sessions and security logs 90 days, feedback messages 180 days, tool usage 365 days, and resolved support tickets 2 years, each then deleted automatically. Account details are kept while your account is open and deleted when you close it.Two-factor challenges2 daysFeedback screenshot7 daysSign-in sessions90 daysSecurity event logs90 daysFeedback messages180 daysTool usage365 daysSupport tickets2 yearsAccount detailsKept while your account is open
I keep each kind of data only as long as I need it, then a daily clean-up deletes it automatically. Bar length shows the retention window; account data is kept while your account is open and deleted when you close it.
How long I keep different types of data.
DataHow long I keep it
Account and identity detailsKept while your account is open, then deleted when you close it.
Sign-in sessions and device records90 days, then deleted automatically.
Security event logs90 days, then deleted automatically.
Two-factor sign-in challenges2 days.
Tool usage records365 days.
Newsletter subscriptionUntil you unsubscribe.
Feedback you send180 days. Any attached screenshot is removed after 7 days.
Support tickets (once resolved)2 years.

Your rights

Under UK data protection law you have the right to:
Your rights and how to use themAccess and portability are met by exporting your data from your account. Erasure is met by deleting your account. Withdrawing consent is done in Cookie settings. Rectification, restriction, and objection are handled by emailing me.Your rightsHow to use themAccessRectificationErasureRestrictionPortabilityObjectionWithdraw consentExport my dataAccess and portabilityDelete my accountErasureCookie settingsWithdraw consentEmail meRectification, restriction, objection
Each right maps to one thing you do. Export and delete are in your account settings, analytics and diagnostics live in Cookie settings, and anything else is an email away.
  • Access ask for a copy of the personal data I hold about you.
  • Rectification ask me to correct data that is wrong or incomplete.
  • Erasure ask me to delete your data, the right to be forgotten.
  • Restriction ask me to pause how I use your data.
  • Portability receive your data in a structured, machine-readable format.
  • Objection object to processing based on my legitimate interests.
  • Withdraw consent turn analytics or diagnostics off, or unsubscribe from the newsletter, at any time.
The quickest way to use most of these is from your account settings, where you can download a copy of your data or delete your account. To withdraw consent, switch analytics or diagnostics off with at the foot of any page, or unsubscribe from the newsletter using the link in any email I send. You can also email me at ransford.amponsah@ransfordsnotes.com. I respond within one month.

Federated sign-in

I am building the ability to use your Ransford's Notes account to sign in to related apps in the same family, such as Motor Maps. This is not switched on yet. When it launches I will update this notice, and I will share only the minimum needed: a stable identifier and, where you consent, your name and email address. I never share your password or sign-in secrets.

Changes to this notice

I may update this notice as the site changes. When I do, I will change the date at the top, and for significant changes I will make it clear on the site. This is version 2.0, last updated June 2026.

How to complain

If you are unhappy with how I have handled your data, please contact me first at ransford.amponsah@ransfordsnotes.com so I can try to put it right.
You also have the right to complain to the Information Commissioner's Office, the UK regulator for data protection.

Information Commissioner's Office

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Helpline 0303 123 1113

ico.org.uk/make-a-complaint