Privacy Policy

At The Gnostic Key, we treat your personal information as a matter of trust and responsibility. This policy explains what we collect, how we use it, and the safeguards we apply.

Last updated: 1 March 2026

1. Data Controller

The data controller for information processed through this site is The Gnostic Key Limited, a company registered in England and Wales. For all data protection enquiries, contact admin@thegnostickey.com.

2. Information We Collect

We collect only the information needed to run your account securely, manage subscriptions through Stripe, and support essential communications via Firebase and email. This may include your name, email address, membership tier, and payment identifiers held by Stripe. We do not use behavioural tracking or non-essential analytics. We do not collect, infer, or store personal data about your political opinions, religious beliefs, or philosophical convictions.

3. Lawful Basis for Processing

We process your personal data on the following lawful bases under the UK GDPR:

  • Contract performance: to provide your account, deliver membership content, and process payments.
  • Legitimate interests: to maintain platform security, prevent abuse, and improve site functionality.
  • Consent: where you opt in to receive updates and announcements from The Gnostic Key.

4. How Your Data Is Used

Your information is used solely for membership management, secure access to content, and essential communication relating to The Gnostic Key. We do not sell, rent, trade, or otherwise disclose personal information for advertising or marketing.

5. Data Retention

We retain your account data for as long as your account remains active. If you delete your account, your personal data is removed within 30 days, except where retention is required by law (for example, financial records retained for tax or accounting purposes). Payment records held by Stripe are subject to Stripe's own retention policies.

6. Data Protection and Security

All data is encrypted in transit and stored securely using GDPR-compliant services including Firebase Authentication, Firestore, Stripe, and Netlify. Access to administrative systems is limited to authorised personnel and monitored for security integrity.

7. Your Rights

Under the UK General Data Protection Regulation, you have the right to:

  • access the personal data we hold about you
  • request correction of inaccurate data
  • request deletion of your data
  • request restriction of processing
  • object to processing based on legitimate interests
  • request data portability (receive your data in a structured, machine-readable format)
  • withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact admin@thegnostickey.com. We will respond within one calendar month, as required by law.

8. Updates to This Policy

This policy may be updated periodically to reflect legal, technical, or operational changes. The date of the most recent update will appear on this page. Continued use of The Gnostic Key indicates acceptance of the latest version.

9. Complaints and Regulatory Contact

If you have concerns about how your personal data is handled, contact us first at admin@thegnostickey.com so we can investigate and respond.

If you remain dissatisfied, you may lodge a complaint with the UK Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint.