Privacy Policy

Last updated: 5th January 2026

The below legal document is written in British English.

1. Overview

This Privacy Policy applies to the broader spencers.zone framework, and any site that claims it is part of the spencers.zone framework will link to this Privacy Policy.

The Spencer Ledger Website (“The Spencer Ledger Website,” “spencers.zone framework,” “we,” “us” or “our”) is operated by Spencer Ledger and various third-parties. The terms “them” or “they” refer to any third parties. The terms “you,” “your,” “yours,” “yourself,” “visitors” and “users” refer to visitors and users of The Spencer Ledger Website and its subdomains.

By using or accessing any of our sites, subdomains, applications, tools, services and features, you confirm you have agreed to the Use Agreement and have read and understood this Privacy Policy and our Cookie Policy. You can find out about your rights and choices in Section 5 and 9 below.

We take your privacy seriously and are committed to ensuring the security of your personal information. Please note that we do not collect extensive data from visitors. See Sections 3 and 4 for more information.

The latest version of this Privacy Policy will be available on this page (/privacy). We reserve the right to update or modify this Privacy Policy at any time. Significant [policy] changes will be notified to visitors via a notice on the homepage. It is your responsibility to review this page periodically. Continued use of this site after any changes have taken effect constitutes your acceptance of the updated policies.

2. Legal Compliance

We are committed to adhering to all relevant data protection laws and regulations, including but not limited to the UK Data Protection Act (DPA) of 2018 and the UK General Data Protection Regulation (GDPR). All data is originally collected by third-party services, but may be stored internally after collection. This means that the site controller/webmaster (Spencer Ledger) is the data controller. Email privacy@spencers.zone for more information.

We believe in full transparency regarding how your data is handled. As required by the UK/EU GDPR and UK DPA, we inform you about the types of data collected by third-parties, we also provide links to their respective privacy policies in accordance with the UK Data (Use and Access) Act 2025. This ensures you are aware of how your data might be processed and your rights.

The Spencer Ledger Website does not engage in automated decision-making activities that could impact your rights under the UK or EU GDPR.

We use third-party services like Google Cloud¹, Cloudflare², Google Forms³, Trustpilot⁴, Short.io⁵, Better Stack⁶, GitHub⁷ and Jotform⁸ to ensure The Spencer Ledger Website operates correctly and smoothly. Each of these services have their own privacy policies & notices (linked below), which we encourage you to review. These services are responsible for their own compliance with data protection laws such as the UK DPA and GDPR, and we have taken steps to ensure we only partner with reputable providers who are committed to maintaining high privacy standards.

3. Information You Provide

When you use The Spencer Ledger Website's subdomains (such as forms.spencers.zone), we collect information about you in a number of ways. For instance, when you fill out an error report form, we'll ask for your email to follow-up. We will also maintain your contact preferences that you provide to us (e.g. clicking 'I do not consent to being contacted' on a form).

In certain, complex cases we'll require you to provide us with information for UK or EU GDPR verification. For example:

• we may ask you to provide a recent utility bill, passport, driving licence or another form of ID when submitting any UK or EU GDPR requests so that we can verify you live in a jurisdiction with such rights. However, this is only in exigent circumstances and you will almost always never be asked for this information. You may blur or redact personal information.

We'll let you know when information is required, and the consequences of failing to provide it. If you do not provide requested information, you may not be permitted continued use of The Spencer Ledger Website if that information is necessary to provide you with the service or if we are legally required to collect it.

4. How We Use Your Information

When we process your information pursuant to this Privacy Policy, we do so for the following purposes:

• To maintain your preferences: If you note that you do not want to be contacted or do not consent to being contacted, we may note this so we do not contact you regarding certain matters.

• Communicating with you: To communicate with you, including by sending you emails regarding recent activity on The Spencer Ledger Website.

• Improving our services: Learn more about how we collect analytics data from you in Section 11. Analytics data helps us notice bugs before they become a larger issue and help us by giving us a broad dataset on which type of people visit our site(s).

• Security: To foster the safety, security and integrity of The Spencer Ledger Website. If you access Cloudflare Proxied subdomains, this also includes Cloudflare checks (e.g. Browser Integrity Check).

• Third parties: Your information will only be provided to third-party services if:

  • you give us explicit permission to share your information,

  • you provide it by using The Spencer Ledger Website's services or features that are embedded with third parties or,

  • you provide your information to a third party service via The Spencer Ledger Website (e.g. Google Forms).

• Enforcement: We may use your information to prevent you from accessing The Spencer Ledger Website as outlined in Section 7 of the Use Agreement.

• Complying with local law: To comply with applicable legal requirements, such as law enforcement requests. The Spencer Ledger Website will not voluntary disclose any of your information to law enforcement; your information will only be handed over if we are legally compelled with a valid court order or a warrant (and only if the court order specifically overrules or modifies UK GDPR requirements).

5. Your Rights

A brief overview of your rights is below, however for full information of your rights under the GDPR, visit the Information Commissioner's Office at ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights.

Right to Access: You have the right to request access to any personal data that may be held about you by third-parties.

Right to Rectification: If you believe that any personal data being held about you is incorrect or incomplete, you have the right to request its correction.

Right to Erasure: You can request the deletion of your personal data under certain circumstances, such as if the data is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing: You have the right to request the restriction of processing your data in certain situations.

Right to Data Portability: You can request that your personal data be transferred to another service provider in a structured, commonly used, and machine-readable format.

Right to Object: You have the right to object to the processing of your data in certain situations.

If you wish to exercise any of these rights or have concerns about how your data is collected, please contact us at privacy@spencers.zone. We will respond to your request in accordance with applicable data protection laws. In most cases, we will proceed with your request, however in some specific cases we may ask you to prove that you reside in a country with UK GDPR/EU GDPR rights.

If you believe that The Spencer Ledger Website has not complied with your data protection rights, you can lodge a complaint with the Information Commissioner's Office at ico.org.uk/make-a-complaint.

6. Data Protection Queries

We understand visitors of The Spencer Ledger Website may have questions about how their data is handled. Please visit spencers.zone/contact/legal/gdpr for further information.

7. Hosting and Registrar

The Spencer Ledger Website's main subdomain (www.) is hosted using Google Cloud¹, which may involve the transfer of data to servers located outside the United Kingdom or European Economic Area (see Section 8 for more details). We rely on data protection measures provided by Google Cloud¹, including their compliance with UK and EU GDPR standards for data transfers. You can review Google Cloud's privacy practices at cloud.google.com/terms/cloud-privacy-notice.

Certain subdomains (r., errors., givingtuesday., sitemap., etc) are hosted using GitHub⁷ Pages, and you can find more information about them here: docs.github.com/en/pages/getting-started-with-github-pages/what-is-github-pages. GitHub is compliant with the UK and EU GDPR.

Other subdomains (analytics., clicks., etc.) are hosted using Short.io⁵ for analytical purposes. See their privacy policy at short.io/privacy. Short.io explicitly states that they are compliant with UK and EU GDPR.

The Forms subdomain (forms.spencers.zone) is hosted by Google Forms³ via GitHub⁷ Pages.

Currently, the registrar and DNS host of The Spencer Ledger Website is Cloudflare², you can find their privacy policies at cloudflare.com/en-gb/privacypolicy.

8. Data Transfers

Your personal information may be transferred to countries other than where you live, such as, for example, the United States. The Spencer Ledger Website also stores some information (e.g. cookies) locally on the devices you use to visit our site.

Your personal information may be transferred to countries that do not have the same data protection laws as the country in which you initially provided the information. For example, data we store may be accessible to law enforcement and national security authorities under the circumstance we are served a court order or a warrant. Legal regimes outside of the United Kingdom or European Economic Area may allow authorities more access than the UK/EU would.

As the main subdomains are hosted on Google Cloud¹, we rely on them to transfer personal information which is subject to European Region data protection laws. These include:

• Adequacy decision: Google may, in accordance with Article 45 of the UK and EU GDPR, transfer personal information to recipients that are in a country that European Commission, UK or Swiss data protection supervisory authorities have confirmed, by decision, offers an adequate level of data protection. We rely on these adequacy decision provided by Google to recipients located in the UK, European Union or Switzerland.

  • See also: European Union adequacy decisions and Swiss adequacy decisions.

• Data Privacy Frameworks: Google transfers data to Google, Inc. in the US from, as applicable, the EEA, Switzerland and the UK pursuant to the Data Privacy Frameworks. An adequacy decision was adopted for the EU-US Data Privacy Framework, Swiss-US Data Privacy Framework and the UK Extension to the EU-US Data Privacy Framework (each individually and jointly, the “Data Privacy Frameworks”).

You can find out more information about these transfer mechanisms on legislation.gov.uk, or you can contact privacy@spencers.zone for clarification.

9. Cookies

Upon accessing The Spencer Ledger Website, you may see a popup in the bottom left of your screen, displaying two options, “GOT IT” and “LEARN MORE”. This popup is managed by Google Cloud¹ and is part of their standard functionality for handling cookies and tracking technologies.

“GOT IT”: Clicking this option indicates your consent to the use of cookies described in the popup.

“LEARN MORE”: Clicking this option will direct you to a page (policies.google.com/technologies/cookies) with information about the types of cookies used, their purposes, and how you can manage your cookie preferences.

These cookies are essential-only and managed by Google Cloud¹. It will also store a cookie to tell your browser you have already consented, so the banner does not show up every time you visit the site.

Managing Cookies: You can also manage your cookie settings through your browser. Most browsers allow you to control cookies through their settings. For guidance on how to adjust your cookie preferences, refer to your browser's help section or visit the relevant support page, which I've listed here: Chrome, Firefox, Safari, Opera, Edge and Brave.

If you have any questions or concerns about cookies used on The Spencer Ledger Website, please feel free to contact privacy@spencers.zone.

10. Children's Privacy

The Spencer Ledger Website is not inherently intended for “commercial use”, its content is information on a certain individual (Spencer Ledger) and contains subdomains for general informational purposes. We do not knowingly collect personal information from children. If you believe your child has provided us or third parties with personal information, please contact us at privacy@spencers.zone, and we will take appropriate steps to remove such information, including contacting third parties. "Children" applies to those under 16.

11. Analytics and Redirect Subdomain

On The Spencer Ledger Website, you may notice that many links direct you to r.spencers.zone (hosted by GitHub⁷ Pages). This subdomain serves as a transitional page with a 3-second countdown, clearly notifying the user that they are leaving The Spencer Ledger Website. Following the countdown, the page will redirect you to analytics.spencers.zone (hosted by Short.io⁵), which is used to track link engagement and gather analytics. So, what's collected?

Through analytics.spencers.zone, I collect the following non-personal information for the purposes of improving my site:

• Partial IP Addresses: Only part of your IP is recorded by Short.io⁵ (the remainder is anonymised).

• Unique Click IDs: Each click is assigned a unique identifier, represented in the URL as “clid”.

• Conversion Tracking: Data is collected on how users engage with specific links to understand site usage*.

How does it work? For example, if you click a link to my Facebook profile from the socials page, you will be taken to r.spencers.zone/socials/facebook. After the countdown, the page redirects you to an analytics.spencers.zone directory via a 301 redirect, where the above data is logged with Short.io⁵, you can see their privacy practices at short.io/privacy. No personally identifiable information is collected, and the process in purely for analytical purposes.

If a user skips the countdown via the button in the top right of the page, they will be served a clicks.spencers.zone page instead. This is essentially the same thing, excluding the click IDs and conversion tracking.

*Conversion tracking is only enabled on certain links. Contact us at privacy@spencers.zone for more information.

12. Retention of Your Data

The Spencer Ledger Website keeps your information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purpose for which we collected and use it and/or as required to comply with applicable data protection laws. Contact us for more details. After the last date of contact, your data will be deleted by the data controller after 1 year, however you are more than welcome to submit an Article 17 request at any time by emailing privacy@spencers.zone. You do not need to self-serve, we will respond directly to your request.

If you are wondering how long third parties retain your data, please refer to their privacy policies (see Section 15). If you need help locating this information, feel free to contact us and we'll try our best to clarify it for you.

13. Copyright and Consent

The Spencer Ledger Website features images, including identifiable photographs of individuals, that have been published with the explicit permission of both the copyright owners and the individuals depicted. We are committed to respecting the rights of all creators and participating individuals. If you believe that any image on this site has been used without permission or appropriate consent, please file a report at spencers.zone/contact/legal/gdpr, and we will take the necessary steps to address the issue.

14. Complaints Process

The Spencer Ledger Website allows you to complain about a response you received or how a UK GDPR process went in accordance with the Data (Use and Access) Act 2025. You may forward your complaints to complaints@spencers.zone and they will be reviewed within 1 calendar month (though, we aim to respond within a week). You can always complain to the ICO at ico.org.uk/make-a-complaint if you believe The Spencer Ledger Website has not complied with the UK GDPR.

15. Third-party Services
NOTE: We are not responsible for the privacy practices of any third-parties that you may access from The Spencer Ledger Website. You understand that this Privacy Policy does not apply to your use of such websites. The data controller for The Spencer Ledger Website is not liable if third parties mishandle user data.

To ensure correct and smooth operation of The Spencer Ledger Website, we use several third-parties. Each of these services may collect, process, or store your data according to their own privacy policies, which are briefly described below. We encourage you to review these privacy policies yourself to understand how your data is handled.

¹Google Cloud: Google Cloud is the platform used to build and host The Spencer Ledger Website's main subdomain and other subdomains. Google may collect data such as IP addresses, device information, and usage statistics. This data helps improve cloud performance, security, and user experience. Google Cloud complies with GDPR and other relevant data protection standards. You can review Google Cloud's privacy policy here: cloud.google.com/terms/cloud-privacy-notice.

²Cloudflare: Cloudflare provides security and performance optimisation services for The Spencer Ledger Website. When you visit The Spencer Ledger Website, Cloudflare may collect data such as IP address and browser information to secure the website. This information is used to enhance site security, prevent malicious and prohibited activities (like those outlined in the Use Agreement), and improve load and cache times. Cloudflare is committed to both UK and EU GDPR compliance and protects user data through many security measures. See Cloudflare's privacy policy here: cloudflare.com/en-gb/privacypolicy.

³Google Forms: Google Forms is used to create and manage forms on The Spencer Ledger Website. When you submit a form (e.g. feedback form or error report), Google will collect personal data only you provide it with, such as your email address. This data is used to process your submissions and provide the services you request. The Spencer Ledger Website will only use the data you submit via Google Forms for legitimate, contact interest. Your information will never be passed on without explicit consent, and your data will not be used for marketing purposes. Google is committed to GDPR compliance and secures your data via encryption. See Google's privacy policy here: policies.google.com/privacy.

⁴Trustpilot: Trustpilot is used to collect and display reviews and prompts to review the services offered by The Spencer Ledger Website. When you access The Spencer Ledger Website, a Trustpilot Widget may be present. When you leave a review, Trustpilot may collect personal data such as your name, email address, and review content. This data is used to verify and publish reviews, as well as enhance credibility and transparency of the feedback you provide. Trustpilot is GDPR-compliant and ensures that your data is handled securely. You can review Trustpilot's privacy policy at: uk.legal.trustpilot.com/for-reviewers/end-user-privacy-terms.

⁵Short.io: The Spencer Ledger Website's analytics subdomain is powered by Short.io. This service tracks basic analytics, such as the number of clicks on a link, referring sites, and the country you accessed the website from, based on IP. As the site owner, I do not have access to all of the analytics Short.io provide. However, for the analytics I do receive, they are used to help understand website performance and user engagement without collecting personally identifiable information. You can review Short.io's privacy practices at: short.io/privacy.

⁶Better Stack: Better Stack provides uptime monitoring and status page services (status.spencers.zone). It ensures The Spencer Ledger Website remains accessible and performs well by monitoring its availability. Better Stack may collect information such as IP addresses and server performance data when you visit status.spencers.zone. This information will be used to detect and respond to potential downtime issues. Better Stacks follows GDPR guidelines and prioritises the security of the data it handles. Their privacy policy can be found here: betterstack.com/privacy.

⁷GitHub: GitHub is used on The Spencer Ledger Website inherently for its GitHub Pages feature, which allows me to host pure HTML and/or CSS to select subdomains. GitHub Pages makes it very easy for me to manage select domains, you can check The Spencer Ledger Website's subdomain list here. GitHub Pages' privacy policy can be found at docs.github.com/en/pages/getting-started-with-github-pages/what-is-github-pages#data-collection.

⁸Jotform: Jotform is used to collect responses on only 1 subdomain of The Spencer Ledger Website. When you submit the form, Jotform will collect any information your provided (e.g. name and email) to later serve it to us. Your data is safe with Jotform, as forms are end-to-end encrypted. The Spencer Ledger Website will only use the data you submit via Jotform for legitimate, contact interest. Your information will never be passed on without explicit consent, and your data will not be used for marketing purposes. Jotform complies with GDPR and your data is handled securely. See Jotform's GDPR notice here: jotform.com/gdpr-compliance.

If you believe there is something missing from this Privacy Policy, or have identified any inaccuracies or discrepancies, please contact privacy@spencers.zone.