Privacy policy

Who we are

She Cooks She Eats (the “site”) is published from the United Kingdom by an individual sole operator (Jenny) — there is no registered limited company behind it. For data-protection purposes, the operator is the data controller. You can reach us at [email protected].

What we collect

We try to collect as little as possible. The site is a content site — there are no accounts, no logins, and no user profiles. The categories below are everything.

Collected automatically

• IP address and user agent, captured by our hosting provider (Cloudflare) and used to serve pages and protect the site from abuse.
• Pages visited and referrer, captured in 30-day server logs at Cloudflare and aggregated only for traffic and performance reporting.

Cookies

• Mediavine ad cookies — set when display ads load. These are managed by Mediavine's consent banner and follow the IAB Transparency & Consent Framework.
• Cloudflare may set a single cookie (__cf_bm) to tell humans from bots. It expires within 30 minutes of inactivity.
• We do not run our own analytics cookies. The on-site search (Pagefind) runs entirely in your browser and stores nothing.

Voluntarily provided

• Email address, when you subscribe to the newsletter or send us a contact-form message. We use it only to send the newsletter you signed up for, or to reply to your message.

Why we're allowed to use it (legal basis)

Under Article 6 of the UK GDPR our lawful bases are:

• Legitimate interest — for hosting logs, anti-abuse and aggregated analytics. We balance this against your rights and we do not profile individuals.
• Consent — for advertising cookies (managed by the Mediavine banner) and for adding you to the newsletter list. You can withdraw at any time.

Who we share data with (third-party processors)

We don't sell your data. We do rely on a handful of well-known providers to actually run the site, and your data passes through them:

• Mediavine — display advertising. Their privacy policy: mediavine.com/privacy-policy.
• Brevo — newsletter delivery (formerly Sendinblue). Privacy policy: brevo.com/en/legal/privacypolicy.
• Cloudflare — hosting and CDN. Privacy policy: cloudflare.com/privacypolicy.
• Amazon Associates UK — affiliate tracking when you click through a product link. Amazon Associates privacy notice.
• Google — Ad Manager (via Mediavine) and Google Fonts (via fonts.googleapis.com). See policies.google.com/privacy.

How long we keep it

• Newsletter emails: until you unsubscribe.
• Server logs: 30 days at Cloudflare, then deleted.
• Cookies: per the defaults of the issuing provider (mostly Mediavine).
• Contact-form messages: up to 2 years, so we can pick up a thread.

Your rights

Under the UK GDPR you have the right to:

• Access the personal data we hold about you
• Have it corrected if it's wrong
• Have it deleted (the “right to be forgotten”)
• Receive a portable copy
• Object to processing based on legitimate interest
• Lodge a complaint with the Information Commissioner's Office (ICO) if you think we've got it wrong

To exercise any of these, email [email protected] with the subject line “DSAR” and we'll come back to you within 30 days.

Cookies and ad opt-out

You can refuse advertising cookies via the Mediavine consent banner the first time you visit. To opt out across other ad networks, the industry-wide tool lives at aboutads.info/choices. Most modern browsers also let you block third-party cookies wholesale in settings.

Changes to this policy

If anything material changes (a new processor, a new data category) we update this page and bump the “last updated” date at the top. We don't email about every revision, so check back if it matters to you.

How to contact us

Anything privacy-related, including data-access requests, goes to [email protected]. For unresolved complaints, the ICO is the UK regulator.