Privacy Policy | HowToMarketer (GDPR + CPRA)

Effective Date: 13 October 2025

This Privacy Policy describes how HowToMarketer (“Company”, “we”, “us”, or “our”) collects, uses, discloses, and safeguards personal information when you visit howtomarketer.com (the “Site”) and any related services (collectively, the “Services”). If you are located in the EEA/UK, this Policy also provides the disclosures required by the GDPR/UK GDPR. If you are a California resident, this Policy includes our California Notice at Collection and your rights under the California Privacy Rights Act (“CPRA”).

1) WHO WE ARE & CONTACT DETAILS

  • Controller: BitBop.
  • Registered address: 2 Frederick St, London WC1X 0ND, UK.
  • Privacy contact: hello@howtomarketer.com.
  • EU/UK Representative, per GDPR Art. 27.

2) INFORMATION WE COLLECT

We collect information in three main ways:

A. Information you provide to us

  • Contact data (name, email address, phone number).
  • Account data (username, password, profile details) if you create an account.
  • Transaction data (billing address, purchase history, last four digits of card; full card data is processed by our payment processor and not stored on our systems).
  • Content you submit (form entries, survey responses, support requests, comments).
  • Marketing preferences (opt‑ins/opt‑outs).

B. Information collected automatically

  • Usage data (pages viewed, referring/exit pages, clicks, scrolls, time on page, error logs).
  • Device & technical data (IP address, device identifiers, browser type/version, OS, screen resolution, language settings).
  • Approximate location (derived from IP; city/region level).
  • Cookies & similar technologies (pixels, local storage, SDKs). See Section 9 (Cookies) for details.

C. Information from third parties

  • Analytics & advertising partners (e.g., Google Analytics/Ads, Meta, LinkedIn, X/Twitter, etc.).
  • Payment processors (e.g., Stripe, PayPal) for transaction confirmations and fraud prevention.
  • Email/SMS providers (e.g., Mailchimp, Klaviyo, Customer.io) for subscription status and deliverability.
  • Affiliate networks and partners that refer traffic or sales.

3) PURPOSES & LEGAL BASES FOR PROCESSING (GDPR/UK GDPR)

We use personal information for the following purposes and, where applicable, under the corresponding legal bases:

  • Provide and secure the Services (create/maintain accounts, deliver content/features, payment processing, fraud prevention). Bases: Contract necessity; Legitimate interests; Legal obligation.
  • Customer support (respond to inquiries, troubleshoot). Bases: Contract necessity; Legitimate interests.
  • Analytics & Service improvement (measure performance, debug, develop new features). Bases: Legitimate interests; Consent for cookies where required.
  • Marketing & personalization (email/newsletters, retargeting, recommendations). Bases: Consent where required; Legitimate interests otherwise.
  • Compliance & enforcement (regulatory, tax, invoicing; protect rights). Bases: Legal obligation; Legitimate interests.

Where consent is the legal basis, you can withdraw it at any time (see Section 8).

4) HOW WE SHARE INFORMATION

We may share personal information with:

  • Service providers/Processors (hosting, analytics, email/SMS, payments, support tools, cloud storage). We require appropriate data processing agreements (DPAs).
  • Advertising & social networks (for measurement, retargeting, look‑alike audiences) where permitted by law and your preferences.
  • Affiliates and business partners (with appropriate safeguards and only as necessary).
  • Legal and compliance recipients (to comply with laws, respond to lawful requests, protect safety, rights, and property).
  • Business transfers (in connection with a merger, acquisition, financing, or sale of assets).

We do not sell personal information for money. Under CPRA, certain sharing for cross‑context behavioral advertising may be deemed a “sale” or “share”—see Section 12 for your California choices.

5) DATA RETENTION

We retain personal information only as long as necessary for the purposes set out in this Policy, including to comply with legal, accounting, or reporting obligations. Typical retention periods:

  • Account & transaction records: [7 years] for tax/financial compliance.
  • Marketing contact data: until you unsubscribe or after [24 months] of inactivity.
  • Analytics data: [26 months] (or your analytics tool’s configured period).

6) SECURITY

We implement reasonable and appropriate technical and organizational measures to protect personal information (access controls, encryption in transit/at rest where applicable, least‑privilege, backups). No method of transmission or storage is 100% secure.

7) INTERNATIONAL TRANSFERS

Your information may be processed in countries other than your own. Where required, we use appropriate safeguards (e.g., EU Standard Contractual Clauses, UK IDTA/Addendum) and conduct transfer impact assessments.

8) YOUR RIGHTS

Your rights depend on your location and applicable law:

EEA/UK

  • Access, rectification, erasure, restriction, portability, objection, and the right to withdraw consent.
  • Lodge a complaint with your local supervisory authority.

California (CPRA)

  • Right to know/access, delete, correct, limit use/disclosure of sensitive personal information, and opt‑out of sale/share and targeted advertising. We honor Global Privacy Control (GPC) signals where required.

Other regions

  • You may have similar rights under local law. Contact us to exercise them.

How to exercise rights: email hello@howtomarketer.com with your request and sufficient information to verify your identity. Authorized agents may submit requests with proof of authorization.

9) COOKIES, PIXELS & TRACKING TECHNOLOGIES

We use cookies and similar technologies to:

  • Enable core functionality (authentication, session management, preferences).
  • Perform analytics and improve performance.
  • Deliver and measure advertising.

Your choices:

  • Manage preferences via our Cookie Banner/Manager (shown on first visit and available in the footer).
  • Adjust browser/device settings to block or delete cookies.
  • Use GPC signals and ad‑industry opt‑out tools (NAI/DAA/EDAA) where available.

Cookie categories we may use: Strictly Necessary, Functional, Performance/Analytics, Advertising.

10) CHILDREN’S PRIVACY

The Services are not directed to children under 13 (or under 16 where required by local law), and we do not knowingly collect personal information from them. If you believe a child has provided information, contact us, and we will take appropriate steps to delete it.

12) CALIFORNIA NOTICE AT COLLECTION

We collect the categories of personal information described in Section 2 for the purposes in Section 3. We may share identifiers, internet/activity data, and inferences with advertising partners for cross‑context behavioral advertising. You may opt out via our “Do Not Sell or Share My Personal Information” link in the footer or by sending a GPC signal. We do not knowingly sell or share PI of consumers under 16.

13) DO NOT TRACK

Our Services do not respond to Do Not Track (DNT) signals. We process opt‑out signals where legally required.

14) CHANGES TO THIS POLICY

We may update this Policy from time to time. Material changes will be indicated by updating the Effective Date and, where required, providing additional notice.

15) CONTACT US

Questions or requests? Email hello@howtomarketer.com.