Nugget News — Cookie Policy & Security / Data Retention / Subprocessor Notice
Effective Date: 1st January 2026 Legal Entity: Nugget News Website: https://www.nuggetnews.app/
Part 1 — Cookie Policy
1. What Are Cookies?
Cookies are small text files that a website places on your device (computer, tablet, or mobile phone) when you visit. They allow the site to remember your actions and preferences over a period of time, so you do not have to re-enter certain information each time you return or navigate between pages.
Cookies are not programs — they cannot execute code, deliver malware, or access files on your device. They simply store small pieces of text that help Nugget News and its third-party partners understand how the site is being used and improve your experience.
Similar technologies — such as web beacons, pixel tags, local storage objects, and session storage — may be used alongside cookies and are covered by this policy.
2. Types of Cookies Nugget News Uses
2.1 Strictly Necessary Cookies
These cookies are essential for the website to function and cannot be switched off. They are usually set in response to actions you take, such as setting privacy preferences, logging in (if account features are introduced), or filling in forms. Without these cookies, core features of Nugget News would not work.
| Example Purpose | Retention |
|---|---|
| Session management | Session (deleted when browser closes) |
| Security tokens / CSRF protection | Session or short-lived |
| Cookie consent preference storage | Up to 12 months |
No consent is required for strictly necessary cookies under most privacy frameworks; however, we disclose them here in the interest of full transparency.
2.2 Analytics & Performance Cookies
These cookies help Nugget News understand how visitors interact with the site — which pages are visited most, how long users stay, where they come from, and where they exit. The data is aggregated and anonymised where possible and is used solely to improve site performance and content relevance.
| Tool (current or planned) | Purpose | Retention |
|---|---|---|
| Google Analytics (or similar) | Page views, traffic sources, device types | Up to 26 months (Google default) |
| Plausible / Fathom / Cloudflare Web Analytics (privacy-first alternatives) | Aggregate traffic statistics | Session or as configured |
These cookies may set a unique identifier on your device. Where a third-party analytics provider is used, your data may be processed on their infrastructure. See Part 2 — Subprocessors for further detail.
2.3 Functional Cookies
Functional cookies allow the site to provide enhanced functionality and personalisation, such as remembering your display preferences, newsletter sign-up state, or content layout choices.
| Example Purpose | Retention |
|---|---|
| Remembering display or reading preferences | Up to 12 months |
| Newsletter subscription confirmation | Up to 12 months |
2.4 Marketing & Affiliate Cookies
Nugget News may, now or in the future, include affiliate links or participate in affiliate networks (e.g., Amazon Associates, financial product referral programmes). Affiliate partners may set cookies to track referrals and commissions. These cookies do not collect personal financial data from you.
If advertising or retargeting is ever introduced, a separate notice will be added here and fresh consent obtained where required.
| Tool (current or planned) | Purpose | Retention |
|---|---|---|
| Affiliate network tracking pixels | Commission attribution | Up to 30–90 days (partner-dependent) |
2.5 Embedded Content Cookies
Nugget News may embed content from third-party platforms (e.g., YouTube videos, Twitter/X posts, charts from financial data providers). When you interact with embedded content, those third parties may set their own cookies. Nugget News does not control these cookies; you should review the privacy and cookie policies of the relevant third parties directly.
2.6 Spam Protection & Form Cookies
If contact forms or newsletter sign-up forms are present, spam-protection services (e.g., Google reCAPTCHA, hCaptcha, Cloudflare Turnstile) may set cookies or use device fingerprinting signals to distinguish humans from bots.
2.7 Payment & Subscription Cookies (Future)
If payment processing or subscription features are introduced, payment providers (e.g., Stripe, Paddle, Lemon Squeezy) will set their own cookies for fraud prevention and session management. This policy will be updated before such features go live.
3. Why Nugget News Uses Cookies
Nugget News uses cookies to:
- Ensure the website loads and operates correctly
- Understand how content is being consumed so we can improve it
- Remember your preferences to reduce repeated choices
- Measure the effectiveness of content and outreach
- Attribute affiliate referrals accurately and fairly
- Protect forms and interactive features from spam and abuse
- Lay the groundwork for future payment and subscription features
Nugget News does not use cookies to:
- Build advertising profiles for third-party sale
- Track you across unrelated websites for ad targeting (unless affiliate partners do so under their own policies, as noted above)
- Collect sensitive personal data such as financial account credentials
4. Analytics & Third-Party Cookies
When third-party analytics tools are active, data such as your IP address (which may be truncated or anonymised), browser type, operating system, referring URL, pages visited, and time on page may be transmitted to the relevant third-party server. Nugget News configures analytics tools to:
- Anonymise IP addresses where the provider supports it
- Disable data sharing for advertising purposes where that setting is available
- Limit data retention to the shortest period that still serves a legitimate analytics purpose
Third-party providers operate under their own privacy frameworks. Where those providers are located outside your jurisdiction, appropriate data transfer mechanisms (e.g., EU Standard Contractual Clauses) are relied upon to the extent required by applicable law.
5. Your Consent & Cookie Controls
5.1 Consent Banner
When you first visit Nugget News, a cookie consent banner will [OR: does] appear giving you the option to:
- Accept all cookies — including analytics, functional, and affiliate cookies
- Accept necessary cookies only — limits cookies to those strictly required for the site to operate
- Manage preferences — granular control by category
Your preference is stored for up to 12 months. You may withdraw or change consent at any time (see Section 5.2).
5.2 Managing Cookies in Your Browser
You can control, restrict, or delete cookies at any time through your browser settings. The following links provide guidance for the most common browsers:
- Google Chrome: chrome://settings/cookies
- Mozilla Firefox: about:preferences#privacy
- Apple Safari: Preferences → Privacy → Manage Website Data
- Microsoft Edge: edge://settings/content/cookies
Please note that disabling certain cookies may impair the functionality of Nugget News or cause some features to behave unexpectedly.
5.3 Opt-Out Tools for Specific Providers
| Provider | Opt-Out Link |
|---|---|
| Google Analytics | https://tools.google.com/dlpage/gaoptout |
| Google reCAPTCHA | Managed via Google account settings |
| Affiliate networks | Contact the relevant network directly |
6. Cookie Policy Updates
Nugget News may update this Cookie Policy as the site evolves — for example, when new tools, features, or affiliate relationships are introduced. The "Effective Date" at the top of this document will reflect the date of the most recent revision. Where changes are material, a notice will be displayed on the site.
Part 2 — Security / Data Retention / Subprocessor Notice
7. Security Measures
Nugget News takes the security of data seriously and implements reasonable technical and organisational measures appropriate to the nature of the data processed and the risks involved. These measures include, but are not limited to:
- Encrypted data transmission: The Nugget News website is served exclusively over HTTPS (TLS), protecting data in transit between your browser and our servers.
- Hosting security: Nugget News relies on reputable hosting and infrastructure providers that maintain their own security certifications (see Section 9 — Subprocessors).
- Access controls: Access to backend systems, databases, and administrative tools is restricted to authorised personnel and protected by strong credentials.
- Software hygiene: Dependencies, plugins, and third-party scripts are reviewed and updated regularly to limit known vulnerability exposure.
- Data minimisation: Nugget News collects only the data necessary for the purposes described in this policy, reducing the surface area of risk.
- Third-party due diligence: We use established, reputable service providers and review their security postures before integration.
7.1 No Absolute Security Guarantee
No system connected to the internet can be guaranteed to be completely secure. While Nugget News makes every reasonable effort to protect data, we cannot guarantee the absolute security of information transmitted to or stored on our platform. Transmission of data to Nugget News is at your own risk. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately using the details in Section 11.
8. Data Retention
Nugget News retains data only for as long as is necessary to fulfil the purpose for which it was collected, to comply with legal obligations, or to resolve disputes and enforce agreements. The following principles guide our retention practices:
| Data Type | Approximate Retention Period | Rationale |
|---|---|---|
| Cookie consent records | Up to 12 months from consent | Demonstrating compliance |
| Analytics data (aggregated) | Up to 26 months (or as configured) | Trend analysis and site improvement |
| Newsletter subscriber data | Until unsubscribe + 30 days processing buffer | Delivering the service and honouring opt-outs |
| Contact/enquiry form submissions | Up to 24 months | Resolving queries and following up |
| Server/access logs | Typically 30–90 days | Security monitoring and debugging |
| Payment records (future) | As required by applicable tax/accounting law (typically 5–7 years) | Legal compliance |
| Affiliate referral data | As required by the affiliate network's agreement | Commission verification |
When data is no longer required, Nugget News will delete, anonymise, or securely dispose of it in a manner appropriate to its sensitivity.
You may request deletion of your personal data at any time by contacting us (see Section 11). We will comply with your request subject to any overriding legal obligation to retain the data.
9. Third-Party Processors & Subprocessors
Nugget News uses a number of third-party vendors and service providers ("subprocessors") to operate and improve the site. When these providers process personal data on Nugget News's behalf, they do so under contractual obligations consistent with applicable privacy law.
The table below lists the categories of subprocessors currently in use or anticipated. Specific vendor names will be updated as the site evolves.
| Category | Vendor Examples (Current or Planned) | Data Processed | Location |
|---|---|---|---|
| Web Hosting / CDN | Vercel, Netlify, Cloudflare, AWS | IP addresses, request logs | USA / Global |
| Analytics | Google Analytics, Plausible, Fathom | Anonymised usage data, device info | USA / EU (varies) |
| Email / Newsletter | Mailchimp, ConvertKit, Beehiiv, Substack | Name, email address | USA |
| Spam Protection | Google reCAPTCHA, hCaptcha, Cloudflare Turnstile | IP address, browser signals | USA / Global |
| Affiliate Networks | Amazon Associates, ShareASale, Impact, etc. | Click/referral identifiers | USA / Global |
| Payment Processing (future) | Stripe, Razorpay, Paddle, Lemon Squeezy | Payment data, billing address | USA / Global |
| Embedded Content Providers | YouTube (Google), Twitter/X, TradingView, etc. | IP address, browser info | USA / Global |
| Monitoring & Error Tracking | Sentry, LogRocket, or similar | Error logs, device info | USA |
Nugget News does not sell personal data to subprocessors or any third party. Subprocessors are permitted to use data only to provide the contracted service.
If you would like an up-to-date list of active subprocessors, you may request one by contacting us at the address in Section 11.
10. Data Breach Response
In the unlikely event of a data security breach that is likely to result in a risk to the rights and freedoms of individuals, Nugget News will:
- Contain and assess the breach as quickly as reasonably possible.
- Notify affected individuals and relevant supervisory authorities within the timeframes required by applicable law (e.g., 72 hours under GDPR where applicable).
- Document the breach, its effects, and the remedial actions taken.
- Review and improve security measures to prevent recurrence.
If you believe your data may have been compromised in connection with Nugget News, please contact us immediately using the details in Section 11.
11. Contact Information
For any questions, concerns, data subject requests (access, correction, deletion, portability), or security disclosures related to this policy, please contact:
Nugget News Legal / Privacy Enquiries Email: nuggetnews01@gmail.com
We aim to respond to all legitimate privacy enquiries within 30 days.
12. Policy Updates
This Security / Data Retention / Subprocessor Notice will be updated as Nugget News grows, as new vendors are onboarded, or as legal requirements change. Material changes will be communicated via a notice on the website. Continued use of Nugget News following any update constitutes acceptance of the revised notice.