Privacy Policy

Last updated: April 2026  ·  BrokenCtrl.com

Who we are

BrokenCtrl.com is an independently operated publication covering AI ethics, governance, and corporate accountability. The site is hosted by IONOS (UK) and operated by one person. References to "we", "us", or "BrokenCtrl" in this policy refer to the operator of BrokenCtrl.com. For data-related enquiries, use the contact page.

What data we collect and why

Email address. If you submit your email via the Templates download form or the Contact form, your address is stored in Brevo (formerly Sendinblue), our email marketing platform. You are added to the relevant list (BrokenCtrl Downloads or BrokenCtrl Contact). We use this to send you what you requested — templates or a reply — and occasional site updates if you remain subscribed. We do not email you for unrelated purposes.

Usage data. Like most websites, our hosting provider (IONOS) automatically logs basic server data including IP addresses, browser type, referring pages, and page visit times. This data is used for security and server performance monitoring only. We do not use this data for advertising profiling.

Cookies. We use cookies for site functionality (WordPress session management, WooCommerce cart, login state). See our Cookie Policy for full details.

Affiliate links. Some tool review pages contain affiliate links. If you click one and make a purchase, the affiliate network may set a tracking cookie on your device. We do not receive any personal data from this process — only an anonymised commission report.

We do not collect payment information. We do not run paid subscriptions. We do not sell any products that require personal data beyond an email address.

Third-party processors

We use the following third-party services that may process data on your behalf:

  • Brevo (Sendinblue) — email marketing and form processing. Data stored on EU servers. Privacy policy at brevo.com/legal/privacypolicy.
  • IONOS (UK) — web hosting. Server logs retained per IONOS standard data retention policy.
  • WooCommerce / WordPress — site platform. Session cookies and basic interaction data stored on our hosted server only.

We do not use Google Analytics, Facebook Pixel, or any behavioural advertising trackers. We do not share your data with data brokers or advertising networks.

Legal basis for processing

For visitors from the European Union or UK, our legal basis for processing your email address is consent — you provided it voluntarily via a form. For server log data, our legal basis is legitimate interests in maintaining site security and performance. You may withdraw consent for email processing at any time by unsubscribing.

For California residents: under the California Consumer Privacy Act (CCPA), you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.

Your rights

Depending on your location, you have some or all of the following rights regarding your personal data:

  • Access: request a copy of the data we hold about you.
  • Correction: request that inaccurate data be corrected.
  • Deletion: request that your data be deleted ("right to be forgotten").
  • Portability: request your data in a machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Withdrawal of consent: unsubscribe from email lists at any time using the link in any email we send, or by contacting us directly.

To exercise any of these rights, use the contact page. We will respond within 30 days.

Data retention

Email addresses are retained in Brevo for as long as you remain subscribed. If you unsubscribe, your address is removed from active lists. Server logs are retained for the period set by IONOS's standard hosting policy (typically 30–90 days). We do not retain any other personal data.

Children

BrokenCtrl.com is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a minor has submitted personal data via our site, contact us and we will delete it promptly.

Changes to this policy

If we make material changes to this policy, we will update the "last updated" date at the top of this page. Continued use of the site after changes constitutes acceptance of the updated policy.

Contact for data matters

For any privacy-related request or question, use the contact page and indicate that your message is a data subject request. We do not have a dedicated data protection officer; all requests are handled directly by the site operator.